Commit 2b20a198 authored by Nigel McNie's avatar Nigel McNie Committed by Nigel McNie
Browse files

Removed the last of the clean_* stuff which we aren't using now. Fixed some

bugs to do with the $SESSION -> $USER change.
parent e356dec3
......@@ -154,7 +154,7 @@ function accountprefs_validate(Pieform $form, $values) {
$form->set_error('oldpassword', get_string('oldpasswordincorrect', 'account'));
return;
}
password_validate($form, $values, $USER);
password_validate($form, $values, $USER->get('username'), $USER->get('institution'));
}
else if ($values['password1'] !== '' || $values['password2'] !== '') {
$form->set_error('oldpassword', get_string('mustspecifyoldpassword'));
......
......@@ -313,7 +313,7 @@ function change_password_validate(Pieform $form, $values) {
safe_require('auth', $authtype);
// @todo this could be done by a custom form rule... 'password' => $user
password_validate($form, $values, $USER);
password_validate($form, $values, $USER->get('username'), $USER->get('institution'));
// The password cannot be the same as the old one
if (!$form->get_error('password1')
......
......@@ -154,7 +154,7 @@ function forgotpasschange_validate(Pieform $form, $values) {
if (!$user = get_record('usr', 'id', $values['user'])) {
throw new Exception('Request to change the password for a user who does not exist');
}
password_validate($form, $values, $user);
password_validate($form, $values, $user->username, $user->institution);
}
......@@ -163,7 +163,7 @@ function forgotpasschange_validate(Pieform $form, $values) {
// support autofocus => (true|'id'), remove stuff doing autofocus from where it is, focus error fields
// commit stuff
function forgotpasschange_submit($values) {
global $SESSION;
global $SESSION, $USER;
if (!$user = get_record('usr', 'id', $values['user'])) {
throw new Exception('Request to change the password for a user who does not exist');
......@@ -186,7 +186,7 @@ function forgotpasschange_submit($values) {
// Remove the password request(s) for the user
delete_records('usr_password_request', 'usr', $values['user']);
$SESSION->login($user);
$USER->login($user);
$SESSION->add_ok_msg(get_string('passwordchangedok'));
redirect(get_config('wwwroot'));
exit;
......
......@@ -568,15 +568,17 @@ function check_dir_exists($dir, $create=true, $recursive=true) {
*
* @todo need such a function for password too.
*/
function validate_username($username) {
return preg_match('/^[a-zA-Z0-9_\.@]+$/', $username);
}
//function validate_username($username) {
// return preg_match('/^[a-zA-Z0-9_\.@]+$/', $username);
//}
/**
* Function to require a plugin file. This is to avoid doing
* require and include directly with variables.
*
* This function is the one safe point to require plugin files.
* so USE it :)
*
* @param string $plugintype the type of plugin (eg artefact)
* @param string $pluginname the name of the plugin (eg blog)
* @param string $filename the name of the file to include within the plugin structure
......@@ -584,17 +586,13 @@ function validate_username($username) {
* @param string $nonfatal (optional, defaults to false) just returns false if the file doesn't exist
*/
function safe_require($plugintype, $pluginname, $filename='lib.php', $function='require_once', $nonfatal=false) {
$plugintypes = plugin_types();
if (!in_array($plugintype, $plugintypes)) {
throw new Exception("\"$plugintype\" is not a valid plugin type");
}
require_once(get_config('docroot') . $plugintype . '/lib.php');
$plugintype = clean_filename($plugintype);
$pluginname = clean_filename($pluginname);
if (!in_array($function,array('require','include','require_once','include_once'))) {
if (!in_array($function,array('require', 'include', 'require_once', 'include_once'))) {
if (!empty($nonfatal)) {
return false;
}
......@@ -1188,8 +1186,8 @@ function get_random_key() {
* @param array $values The values passed through
* @param string $authplugin The authentication plugin that the user uses
*/
function password_validate(Pieform $form, $values, $user) {
$authtype = auth_get_authtype_for_institution($user->get('institution'));
function password_validate(Pieform $form, $values, $username, $institution) {
$authtype = auth_get_authtype_for_institution($institution);
$authclass = 'Auth' . ucfirst($authtype);
safe_require('auth', $authtype);
if (!$form->get_error('password1') && !call_static_method($authclass, 'is_password_valid', ($values['password1']))) {
......@@ -1197,7 +1195,7 @@ function password_validate(Pieform $form, $values, $user) {
}
$suckypasswords = array(
'mahara', 'password', $user->get('username')
'mahara', 'password', $username
);
if (!$form->get_error('password1') && in_array($values['password1'], $suckypasswords)) {
$form->set_error('password1', get_string('passwordtooeasy'));
......
......@@ -226,12 +226,6 @@ function theme_get_image_path($imagelocation, $pluginlocation='') {
}
}
function clean_filename($filename) {
//@todo
return $filename;
}
/**
* This function sends headers suitable for all JSON returning scripts.
*
......
......@@ -41,7 +41,7 @@ if (!session_id()) {
}
// Logged in people can't register
if ($SESSION->is_logged_in()) {
if ($USER->is_logged_in()) {
redirect(get_config('wwwroot'));
}
......@@ -63,7 +63,7 @@ if (!empty($_SESSION['registered'])) {
if (isset($_REQUEST['key'])) {
function register_profile_submit($values) {
global $registration, $SESSION;
global $registration, $SESSION, $USER;
db_begin();
// Move the user record to the usr table from the registration table
......@@ -93,7 +93,7 @@ if (isset($_REQUEST['key'])) {
db_commit();
// Log the user in and send them to the homepage
$SESSION->login($registration);
$USER->login($registration);
redirect(get_config('wwwroot'));
}
......@@ -277,7 +277,7 @@ function register_validate(Pieform $form, $values) {
$form->set_error('username', get_string('usernamealreadytaken', 'auth.internal'));
}
password_validate($form, $values, (object)$values);
password_validate($form, $values, $values['username'], $values['institution']);
// First name and last name must contain at least one non whitespace
// character, so that there's something to read
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment