From 1845c8c77305e6b3bb64e07aeda4614ccbd09cb2 Mon Sep 17 00:00:00 2001
From: Craig Andrews <candrews@integralblue.com>
Date: Thu, 5 Nov 2009 16:39:57 -0500
Subject: Added an AutoRegister event LDAP plugin can do autoregistration

---
 lib/util.php | 45 ++++++++++++++++++++++++++++++++-------------
 1 file changed, 32 insertions(+), 13 deletions(-)

(limited to 'lib')

diff --git a/lib/util.php b/lib/util.php
index 46aa7f901..a4865c46c 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -119,22 +119,41 @@ function common_munge_password($password, $id)
 // check if a username exists and has matching password
 function common_check_user($nickname, $password)
 {
-    // NEVER allow blank passwords, even if they match the DB
-    if (mb_strlen($password) == 0) {
-        return false;
-    }
+    $authenticated = false;
+    $eventResult = Event::handle('CheckPassword', array($nickname, $password, &$authenticated));
     $user = User::staticGet('nickname', $nickname);
     if (is_null($user) || $user === false) {
-        return false;
+        //user does not exist
+        if($authenticated){
+            //a handler said these are valid credentials, so see if a plugin wants to auto register the user
+            if(Event::handle('AutoRegister', array($nickname))){
+                //no handler registered the user
+                return false;
+            }else{
+                $user = User::staticGet('nickname', $nickname);
+                if (is_null($user) || $user === false) {
+                    common_log(LOG_WARNING, "A plugin handled the AutoRegister event, but did not actually register the user, nickname: $nickname");
+                    return false;
+                }else{
+                    return $user;
+                }
+            }
+        }else{
+            //no handler indicated the credentials were valid, and we know their not valid because the user isn't in the database
+            return false;
+        }
     } else {
-        $authenticated = false;
-        Event::handle('CheckPassword', array($nickname, $password, &$authenticated));
-        if(! $authenticated){
-            //no handler asserted the user, so check ourselves
-            if (0 == strcmp(common_munge_password($password, $user->id),
-                            $user->password)) {
-                //internal checking passed
-                $authenticated = true;
+        if($eventResult && ! $authenticated){
+            //no handler was authoritative
+            if (mb_strlen($password) == 0) {
+                // NEVER allow blank passwords, even if they match the DB
+                return false;
+            }else{
+                if (0 == strcmp(common_munge_password($password, $user->id),
+                                $user->password)) {
+                    //internal checking passed
+                    $authenticated = true;
+                }
             }
         }
         if($authenticated){
-- 
cgit v1.2.3-54-g00ecf