summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--EVENTS.txt10
-rw-r--r--lib/util.php47
2 files changed, 17 insertions, 40 deletions
diff --git a/EVENTS.txt b/EVENTS.txt
index af686b9cd..ced130f5f 100644
--- a/EVENTS.txt
+++ b/EVENTS.txt
@@ -481,13 +481,15 @@ EndPublicXRDS: End XRDS output (right before the closing XRDS tag)
- $action: the current action
- &$xrdsoutputter - XRDSOutputter object to write to
-CheckPassword: Check a username/password
+StartCheckPassword: Check a username/password
- $nickname: The nickname to check
- $password: The password to check
-- &$authenticated: set to true to indicate authentication succeeded.
+- &$authenticatedUser: set to User object if credentials match a user.
-AutoRegister: Register a new user with the given nickname. Should insert a new User and Profile into the database.
-- $nickname: The nickname to register
+EndCheckPassword: After checking a username/password pair
+- $nickname: The nickname that was checked
+- $password: The password that was checked
+- $authenticatedUser: User object if credentials match a user, else null.
ChangePassword: Handle a password change request
- $nickname: user's nickname
diff --git a/lib/util.php b/lib/util.php
index 65bc6544d..81160d052 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -116,51 +116,26 @@ function common_munge_password($password, $id)
}
// check if a username exists and has matching password
+
function common_check_user($nickname, $password)
{
- $authenticated = false;
- $eventResult = Event::handle('CheckPassword', array($nickname, $password, &$authenticated));
- $user = User::staticGet('nickname', $nickname);
- if (is_null($user) || $user === false) {
- //user does not exist
- if($authenticated){
- //a handler said these are valid credentials, so see if a plugin wants to auto register the user
- if(Event::handle('AutoRegister', array($nickname))){
- //no handler registered the user
- return false;
- }else{
- $user = User::staticGet('nickname', $nickname);
- if (is_null($user) || $user === false) {
- common_log(LOG_WARNING, "A plugin handled the AutoRegister event, but did not actually register the user, nickname: $nickname");
- return false;
- }else{
- return $user;
- }
- }
- }else{
- //no handler indicated the credentials were valid, and we know their not valid because the user isn't in the database
- return false;
- }
- } else {
- if($eventResult && ! $authenticated){
- //no handler was authoritative
- if (mb_strlen($password) == 0) {
- // NEVER allow blank passwords, even if they match the DB
- return false;
- }else{
+ $authenticatedUser = false;
+
+ if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {
+ $user = User::staticGet('nickname', $nickname);
+ if (!empty($user)) {
+ if (!empty($password)) { // never allow login with blank password
if (0 == strcmp(common_munge_password($password, $user->id),
$user->password)) {
//internal checking passed
- $authenticated = true;
+ $authenticatedUser =& $user;
}
}
}
- if($authenticated){
- return $user;
- } else {
- return false;
- }
+ Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser));
}
+
+ return $authenticatedUser;
}
// is the current user logged in?