forked from GNUsocial/gnu-social
		
	change credential check to work more like other events
This commit is contained in:
		
							
								
								
									
										47
									
								
								lib/util.php
									
									
									
									
									
								
							
							
						
						
									
										47
									
								
								lib/util.php
									
									
									
									
									
								
							| @@ -116,51 +116,26 @@ function common_munge_password($password, $id) | ||||
| } | ||||
|  | ||||
| // check if a username exists and has matching password | ||||
|  | ||||
| function common_check_user($nickname, $password) | ||||
| { | ||||
|     $authenticated = false; | ||||
|     $eventResult = Event::handle('CheckPassword', array($nickname, $password, &$authenticated)); | ||||
|     $user = User::staticGet('nickname', $nickname); | ||||
|     if (is_null($user) || $user === false) { | ||||
|         //user does not exist | ||||
|         if($authenticated){ | ||||
|             //a handler said these are valid credentials, so see if a plugin wants to auto register the user | ||||
|             if(Event::handle('AutoRegister', array($nickname))){ | ||||
|                 //no handler registered the user | ||||
|                 return false; | ||||
|             }else{ | ||||
|                 $user = User::staticGet('nickname', $nickname); | ||||
|                 if (is_null($user) || $user === false) { | ||||
|                     common_log(LOG_WARNING, "A plugin handled the AutoRegister event, but did not actually register the user, nickname: $nickname"); | ||||
|                     return false; | ||||
|                 }else{ | ||||
|                     return $user; | ||||
|                 } | ||||
|             } | ||||
|         }else{ | ||||
|             //no handler indicated the credentials were valid, and we know their not valid because the user isn't in the database | ||||
|             return false; | ||||
|         } | ||||
|     } else { | ||||
|         if($eventResult && ! $authenticated){ | ||||
|             //no handler was authoritative | ||||
|             if (mb_strlen($password) == 0) { | ||||
|                 // NEVER allow blank passwords, even if they match the DB | ||||
|                 return false; | ||||
|             }else{ | ||||
|     $authenticatedUser = false; | ||||
|  | ||||
|     if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) { | ||||
|         $user = User::staticGet('nickname', $nickname); | ||||
|         if (!empty($user)) { | ||||
|             if (!empty($password)) { // never allow login with blank password | ||||
|                 if (0 == strcmp(common_munge_password($password, $user->id), | ||||
|                                 $user->password)) { | ||||
|                     //internal checking passed | ||||
|                     $authenticated = true; | ||||
|                     $authenticatedUser =& $user; | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
|         if($authenticated){ | ||||
|             return $user; | ||||
|         } else { | ||||
|             return false; | ||||
|         } | ||||
|         Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser)); | ||||
|     } | ||||
|  | ||||
|     return $authenticatedUser; | ||||
| } | ||||
|  | ||||
| // is the current user logged in? | ||||
|   | ||||
		Reference in New Issue
	
	Block a user