diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/util.php | 45 |
1 files changed, 32 insertions, 13 deletions
diff --git a/lib/util.php b/lib/util.php index 46aa7f901..a4865c46c 100644 --- a/lib/util.php +++ b/lib/util.php @@ -119,22 +119,41 @@ function common_munge_password($password, $id) // check if a username exists and has matching password function common_check_user($nickname, $password) { - // NEVER allow blank passwords, even if they match the DB - if (mb_strlen($password) == 0) { - return false; - } + $authenticated = false; + $eventResult = Event::handle('CheckPassword', array($nickname, $password, &$authenticated)); $user = User::staticGet('nickname', $nickname); if (is_null($user) || $user === false) { - return false; + //user does not exist + if($authenticated){ + //a handler said these are valid credentials, so see if a plugin wants to auto register the user + if(Event::handle('AutoRegister', array($nickname))){ + //no handler registered the user + return false; + }else{ + $user = User::staticGet('nickname', $nickname); + if (is_null($user) || $user === false) { + common_log(LOG_WARNING, "A plugin handled the AutoRegister event, but did not actually register the user, nickname: $nickname"); + return false; + }else{ + return $user; + } + } + }else{ + //no handler indicated the credentials were valid, and we know their not valid because the user isn't in the database + return false; + } } else { - $authenticated = false; - Event::handle('CheckPassword', array($nickname, $password, &$authenticated)); - if(! $authenticated){ - //no handler asserted the user, so check ourselves - if (0 == strcmp(common_munge_password($password, $user->id), - $user->password)) { - //internal checking passed - $authenticated = true; + if($eventResult && ! $authenticated){ + //no handler was authoritative + if (mb_strlen($password) == 0) { + // NEVER allow blank passwords, even if they match the DB + return false; + }else{ + if (0 == strcmp(common_munge_password($password, $user->id), + $user->password)) { + //internal checking passed + $authenticated = true; + } } } if($authenticated){ |