summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/util.php45
1 files changed, 32 insertions, 13 deletions
diff --git a/lib/util.php b/lib/util.php
index 46aa7f901..a4865c46c 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -119,22 +119,41 @@ function common_munge_password($password, $id)
// check if a username exists and has matching password
function common_check_user($nickname, $password)
{
- // NEVER allow blank passwords, even if they match the DB
- if (mb_strlen($password) == 0) {
- return false;
- }
+ $authenticated = false;
+ $eventResult = Event::handle('CheckPassword', array($nickname, $password, &$authenticated));
$user = User::staticGet('nickname', $nickname);
if (is_null($user) || $user === false) {
- return false;
+ //user does not exist
+ if($authenticated){
+ //a handler said these are valid credentials, so see if a plugin wants to auto register the user
+ if(Event::handle('AutoRegister', array($nickname))){
+ //no handler registered the user
+ return false;
+ }else{
+ $user = User::staticGet('nickname', $nickname);
+ if (is_null($user) || $user === false) {
+ common_log(LOG_WARNING, "A plugin handled the AutoRegister event, but did not actually register the user, nickname: $nickname");
+ return false;
+ }else{
+ return $user;
+ }
+ }
+ }else{
+ //no handler indicated the credentials were valid, and we know their not valid because the user isn't in the database
+ return false;
+ }
} else {
- $authenticated = false;
- Event::handle('CheckPassword', array($nickname, $password, &$authenticated));
- if(! $authenticated){
- //no handler asserted the user, so check ourselves
- if (0 == strcmp(common_munge_password($password, $user->id),
- $user->password)) {
- //internal checking passed
- $authenticated = true;
+ if($eventResult && ! $authenticated){
+ //no handler was authoritative
+ if (mb_strlen($password) == 0) {
+ // NEVER allow blank passwords, even if they match the DB
+ return false;
+ }else{
+ if (0 == strcmp(common_munge_password($password, $user->id),
+ $user->password)) {
+ //internal checking passed
+ $authenticated = true;
+ }
}
}
if($authenticated){