change credential check to work more like other events

This commit is contained in:
Evan Prodromou 2009-11-10 14:45:19 -05:00
parent 7ae10c27b0
commit 923fa068a6
2 changed files with 17 additions and 40 deletions

View File

@ -481,13 +481,15 @@ EndPublicXRDS: End XRDS output (right before the closing XRDS tag)
- $action: the current action - $action: the current action
- &$xrdsoutputter - XRDSOutputter object to write to - &$xrdsoutputter - XRDSOutputter object to write to
CheckPassword: Check a username/password StartCheckPassword: Check a username/password
- $nickname: The nickname to check - $nickname: The nickname to check
- $password: The password to check - $password: The password to check
- &$authenticated: set to true to indicate authentication succeeded. - &$authenticatedUser: set to User object if credentials match a user.
AutoRegister: Register a new user with the given nickname. Should insert a new User and Profile into the database. EndCheckPassword: After checking a username/password pair
- $nickname: The nickname to register - $nickname: The nickname that was checked
- $password: The password that was checked
- $authenticatedUser: User object if credentials match a user, else null.
ChangePassword: Handle a password change request ChangePassword: Handle a password change request
- $nickname: user's nickname - $nickname: user's nickname

View File

@ -116,51 +116,26 @@ function common_munge_password($password, $id)
} }
// check if a username exists and has matching password // check if a username exists and has matching password
function common_check_user($nickname, $password) function common_check_user($nickname, $password)
{ {
$authenticated = false; $authenticatedUser = false;
$eventResult = Event::handle('CheckPassword', array($nickname, $password, &$authenticated));
if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {
$user = User::staticGet('nickname', $nickname); $user = User::staticGet('nickname', $nickname);
if (is_null($user) || $user === false) { if (!empty($user)) {
//user does not exist if (!empty($password)) { // never allow login with blank password
if($authenticated){
//a handler said these are valid credentials, so see if a plugin wants to auto register the user
if(Event::handle('AutoRegister', array($nickname))){
//no handler registered the user
return false;
}else{
$user = User::staticGet('nickname', $nickname);
if (is_null($user) || $user === false) {
common_log(LOG_WARNING, "A plugin handled the AutoRegister event, but did not actually register the user, nickname: $nickname");
return false;
}else{
return $user;
}
}
}else{
//no handler indicated the credentials were valid, and we know their not valid because the user isn't in the database
return false;
}
} else {
if($eventResult && ! $authenticated){
//no handler was authoritative
if (mb_strlen($password) == 0) {
// NEVER allow blank passwords, even if they match the DB
return false;
}else{
if (0 == strcmp(common_munge_password($password, $user->id), if (0 == strcmp(common_munge_password($password, $user->id),
$user->password)) { $user->password)) {
//internal checking passed //internal checking passed
$authenticated = true; $authenticatedUser =& $user;
} }
} }
} }
if($authenticated){ Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser));
return $user;
} else {
return false;
}
} }
return $authenticatedUser;
} }
// is the current user logged in? // is the current user logged in?