change credential check to work more like other events
This commit is contained in:
parent
7ae10c27b0
commit
923fa068a6
10
EVENTS.txt
10
EVENTS.txt
|
@ -481,13 +481,15 @@ EndPublicXRDS: End XRDS output (right before the closing XRDS tag)
|
||||||
- $action: the current action
|
- $action: the current action
|
||||||
- &$xrdsoutputter - XRDSOutputter object to write to
|
- &$xrdsoutputter - XRDSOutputter object to write to
|
||||||
|
|
||||||
CheckPassword: Check a username/password
|
StartCheckPassword: Check a username/password
|
||||||
- $nickname: The nickname to check
|
- $nickname: The nickname to check
|
||||||
- $password: The password to check
|
- $password: The password to check
|
||||||
- &$authenticated: set to true to indicate authentication succeeded.
|
- &$authenticatedUser: set to User object if credentials match a user.
|
||||||
|
|
||||||
AutoRegister: Register a new user with the given nickname. Should insert a new User and Profile into the database.
|
EndCheckPassword: After checking a username/password pair
|
||||||
- $nickname: The nickname to register
|
- $nickname: The nickname that was checked
|
||||||
|
- $password: The password that was checked
|
||||||
|
- $authenticatedUser: User object if credentials match a user, else null.
|
||||||
|
|
||||||
ChangePassword: Handle a password change request
|
ChangePassword: Handle a password change request
|
||||||
- $nickname: user's nickname
|
- $nickname: user's nickname
|
||||||
|
|
45
lib/util.php
45
lib/util.php
|
@ -116,51 +116,26 @@ function common_munge_password($password, $id)
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if a username exists and has matching password
|
// check if a username exists and has matching password
|
||||||
|
|
||||||
function common_check_user($nickname, $password)
|
function common_check_user($nickname, $password)
|
||||||
{
|
{
|
||||||
$authenticated = false;
|
$authenticatedUser = false;
|
||||||
$eventResult = Event::handle('CheckPassword', array($nickname, $password, &$authenticated));
|
|
||||||
|
if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {
|
||||||
$user = User::staticGet('nickname', $nickname);
|
$user = User::staticGet('nickname', $nickname);
|
||||||
if (is_null($user) || $user === false) {
|
if (!empty($user)) {
|
||||||
//user does not exist
|
if (!empty($password)) { // never allow login with blank password
|
||||||
if($authenticated){
|
|
||||||
//a handler said these are valid credentials, so see if a plugin wants to auto register the user
|
|
||||||
if(Event::handle('AutoRegister', array($nickname))){
|
|
||||||
//no handler registered the user
|
|
||||||
return false;
|
|
||||||
}else{
|
|
||||||
$user = User::staticGet('nickname', $nickname);
|
|
||||||
if (is_null($user) || $user === false) {
|
|
||||||
common_log(LOG_WARNING, "A plugin handled the AutoRegister event, but did not actually register the user, nickname: $nickname");
|
|
||||||
return false;
|
|
||||||
}else{
|
|
||||||
return $user;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}else{
|
|
||||||
//no handler indicated the credentials were valid, and we know their not valid because the user isn't in the database
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
if($eventResult && ! $authenticated){
|
|
||||||
//no handler was authoritative
|
|
||||||
if (mb_strlen($password) == 0) {
|
|
||||||
// NEVER allow blank passwords, even if they match the DB
|
|
||||||
return false;
|
|
||||||
}else{
|
|
||||||
if (0 == strcmp(common_munge_password($password, $user->id),
|
if (0 == strcmp(common_munge_password($password, $user->id),
|
||||||
$user->password)) {
|
$user->password)) {
|
||||||
//internal checking passed
|
//internal checking passed
|
||||||
$authenticated = true;
|
$authenticatedUser =& $user;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if($authenticated){
|
Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser));
|
||||||
return $user;
|
|
||||||
} else {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return $authenticatedUser;
|
||||||
}
|
}
|
||||||
|
|
||||||
// is the current user logged in?
|
// is the current user logged in?
|
||||||
|
|
Loading…
Reference in New Issue
Block a user