chore: jump over ldap filter if test environment variable is set

hm-edu · Jul 18, 2024 · 2b97ede · 2b97ede
1 parent 0ba2154
commit 2b97ede
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/private/app/php/auth.php b/private/app/php/auth.php
@@ -58,8 +58,9 @@ function handleLdapLogin($username, $password){
 
             // *** ACTIVATES TEST ACCESS ***
             // Please set a unique test username and password in .env
-            if(!empty(getenv('TESTUSER')) && !empty(getenv('TESTPASSWORD')) && 
-            $username == getenv('TESTUSER') && $password == getenv('TESTPASSWORD')) {
+            if(((isset($env) ? strtolower($env["TEST"]) : strtolower(getenv("TEST"))) === "true") &&
+                !empty(getenv('TESTUSER')) && !empty(getenv('TESTPASSWORD')) && 
+                $username == getenv('TESTUSER') && $password == getenv('TESTPASSWORD')) {
                 $_SESSION['username'] = getenv('TESTUSER');
                 $_SESSION['employeetype'] = "Tester";
                 return true;
@@ -134,7 +135,13 @@ function handleLdapLogin($username, $password){
 
         // filter username to prevent unwanted inputs.
         $username = filter_var($_POST["account"], FILTER_UNSAFE_RAW);
-       // $username = ldap_escape($username, "", LDAP_ESCAPE_FILTER);
+        if (!((isset($env) ? strtolower($env["TEST"]) : strtolower(getenv("TEST"))) === "true")) {
+            $username = ldap_escape($username, "", LDAP_ESCAPE_FILTER);
+        }
+
+
+
+
 
         // Use hashed password if LDAP Server is configured accordingly.
         // $password = password_hash($_POST["password"], PASSWORD_DEFAULT);