diff options
| author | Evan Prodromou <evan@status.net> | 2009-11-10 14:45:19 -0500 |
|---|---|---|
| committer | Evan Prodromou <evan@status.net> | 2009-11-10 14:45:19 -0500 |
| commit | 923fa068a684a7e3b712714cda0cb75ffa58bd78 (patch) | |
| tree | 4592a2288f47f349f0fe5146dd6d1cca85c73649 /lib | |
| parent | 7ae10c27b0725a7108b63a788affd4d07e37afdc (diff) | |
change credential check to work more like other events
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/util.php | 47 |
1 files changed, 11 insertions, 36 deletions
diff --git a/lib/util.php b/lib/util.php index 65bc6544d..81160d052 100644 --- a/lib/util.php +++ b/lib/util.php @@ -116,51 +116,26 @@ function common_munge_password($password, $id) } // check if a username exists and has matching password + function common_check_user($nickname, $password) { - $authenticated = false; - $eventResult = Event::handle('CheckPassword', array($nickname, $password, &$authenticated)); - $user = User::staticGet('nickname', $nickname); - if (is_null($user) || $user === false) { - //user does not exist - if($authenticated){ - //a handler said these are valid credentials, so see if a plugin wants to auto register the user - if(Event::handle('AutoRegister', array($nickname))){ - //no handler registered the user - return false; - }else{ - $user = User::staticGet('nickname', $nickname); - if (is_null($user) || $user === false) { - common_log(LOG_WARNING, "A plugin handled the AutoRegister event, but did not actually register the user, nickname: $nickname"); - return false; - }else{ - return $user; - } - } - }else{ - //no handler indicated the credentials were valid, and we know their not valid because the user isn't in the database - return false; - } - } else { - if($eventResult && ! $authenticated){ - //no handler was authoritative - if (mb_strlen($password) == 0) { - // NEVER allow blank passwords, even if they match the DB - return false; - }else{ + $authenticatedUser = false; + + if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) { + $user = User::staticGet('nickname', $nickname); + if (!empty($user)) { + if (!empty($password)) { // never allow login with blank password if (0 == strcmp(common_munge_password($password, $user->id), $user->password)) { //internal checking passed - $authenticated = true; + $authenticatedUser =& $user; } } } - if($authenticated){ - return $user; - } else { - return false; - } + Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser)); } + + return $authenticatedUser; } // is the current user logged in? |