change credential check to work more like other events
This commit is contained in:
parent
7ae10c27b0
commit
923fa068a6
10
EVENTS.txt
10
EVENTS.txt
|
@ -481,13 +481,15 @@ EndPublicXRDS: End XRDS output (right before the closing XRDS tag)
|
|||
- $action: the current action
|
||||
- &$xrdsoutputter - XRDSOutputter object to write to
|
||||
|
||||
CheckPassword: Check a username/password
|
||||
StartCheckPassword: Check a username/password
|
||||
- $nickname: The nickname to check
|
||||
- $password: The password to check
|
||||
- &$authenticated: set to true to indicate authentication succeeded.
|
||||
- &$authenticatedUser: set to User object if credentials match a user.
|
||||
|
||||
AutoRegister: Register a new user with the given nickname. Should insert a new User and Profile into the database.
|
||||
- $nickname: The nickname to register
|
||||
EndCheckPassword: After checking a username/password pair
|
||||
- $nickname: The nickname that was checked
|
||||
- $password: The password that was checked
|
||||
- $authenticatedUser: User object if credentials match a user, else null.
|
||||
|
||||
ChangePassword: Handle a password change request
|
||||
- $nickname: user's nickname
|
||||
|
|
45
lib/util.php
45
lib/util.php
|
@ -116,51 +116,26 @@ function common_munge_password($password, $id)
|
|||
}
|
||||
|
||||
// check if a username exists and has matching password
|
||||
|
||||
function common_check_user($nickname, $password)
|
||||
{
|
||||
$authenticated = false;
|
||||
$eventResult = Event::handle('CheckPassword', array($nickname, $password, &$authenticated));
|
||||
$authenticatedUser = false;
|
||||
|
||||
if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {
|
||||
$user = User::staticGet('nickname', $nickname);
|
||||
if (is_null($user) || $user === false) {
|
||||
//user does not exist
|
||||
if($authenticated){
|
||||
//a handler said these are valid credentials, so see if a plugin wants to auto register the user
|
||||
if(Event::handle('AutoRegister', array($nickname))){
|
||||
//no handler registered the user
|
||||
return false;
|
||||
}else{
|
||||
$user = User::staticGet('nickname', $nickname);
|
||||
if (is_null($user) || $user === false) {
|
||||
common_log(LOG_WARNING, "A plugin handled the AutoRegister event, but did not actually register the user, nickname: $nickname");
|
||||
return false;
|
||||
}else{
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
}else{
|
||||
//no handler indicated the credentials were valid, and we know their not valid because the user isn't in the database
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
if($eventResult && ! $authenticated){
|
||||
//no handler was authoritative
|
||||
if (mb_strlen($password) == 0) {
|
||||
// NEVER allow blank passwords, even if they match the DB
|
||||
return false;
|
||||
}else{
|
||||
if (!empty($user)) {
|
||||
if (!empty($password)) { // never allow login with blank password
|
||||
if (0 == strcmp(common_munge_password($password, $user->id),
|
||||
$user->password)) {
|
||||
//internal checking passed
|
||||
$authenticated = true;
|
||||
$authenticatedUser =& $user;
|
||||
}
|
||||
}
|
||||
}
|
||||
if($authenticated){
|
||||
return $user;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser));
|
||||
}
|
||||
|
||||
return $authenticatedUser;
|
||||
}
|
||||
|
||||
// is the current user logged in?
|
||||
|
|
Loading…
Reference in New Issue
Block a user