Skip to content
GitLab
Commit d250d9b4 authored by Nigel McNie's avatar Nigel McNie Committed by Nigel McNie
Browse files

Catch correct type of exception when loading config.

parent f84bf953
Hide whitespace changes
Inline Side-by-side
htdocs/lib/auth.php
View file @ d250d9b4
......@@ -80,4 +80,127 @@ abstract class Auth {
}
/**
* Performs an authentication attempt, by cycling through all of the available
* authentication methods allowed for the user.
*
*/
function authenticate_user($username, $password, $institute) {
//
// Implementation:
//
// Well, institutes are tied to a particular authentication method - ONE particular authentication method
// And users are tied to an institution
// So they have ONE go at authentication, not like the rubbish mentioned in the technical spec.
// So, the algorithm should be roughly:
//
// based on the institute, get the auth method
// include the auth method implementation
// try {
// authenticate the user using username, password
// }
// catch (whothehellisthisexception) {
// return appropriate message
// }
// catch (wrongpasswordexception) {
// return appropriate message
// }
//
// all happy, return OK
//
//
// So, how is this function called exactly?
//
// Well, the login pages are generally completely transient, which means that once this is
// called successfully, the get and post information needs to be sent back to where we came
// from, which is the page name itself.
//
// Basically, in init.php or similar:
//
// do_authentication();
//
// do_authentication:
// if user logged in (check session data)
// if session timed out or otherwise invalid
// display login form
// else
// all good, continue
// elseif has correct guest key
// all good
// else
// display login form
//
// if user logged in (check session data) == this function
}
/**
* So how will this work? written above.
* try {
* authenticate();
* }
* catch (AuthenticationException $e) {
* // can't authenticate again, something bad happened
* // fall through to the default exception handler where this is a default, or otherwise exit the script
*/
function auth_setup () {
// auth stuff is run before init.php finishes, and index.php does the check
// for install. So this function might need to detect not installed and skip
// logging in
if (!session_id()) {
@session_start();
if (!session_id()) {
throw new AuthException('Could not start a session. Perhaps '
. 'something has been output before the page begins?');
}
}
$s =& $_SESSION;
$username = clean_requestdata('login_username', PARAM_ALPHA);
$password = clean_requestdata('login_password', PARAM_ALPHA);
if (!get_config('version')) {
// Not installed, so let the user through
log_dbg('system not installed, letting user through');
return;
}
if (isset($s['logged_in']) && $s['username'] != '') {
log_dbg('user logged in, fine just fine (user is ' . $s['username']);
return;
}
if ($username != '' && $password != '') {
log_dbg('auth attempt with username "' . $username . '" and password "' . $password . '"');
if (!auth_user($username, $password, $institution)) {
auth_draw_login_form();
exit;
}
// Login went fine
return;
}
if (false /* guest key is available */) {
return;
}
if (false /* site config claims public access ok */) {
return;
}
else {
log_dbg('dunno who this is, better get them to tell us');
auth_draw_login_form();
exit;
}
}
function auth_user ($username, $password, $institution) {
log_dbg('login attempt from user ' . $username);
return true;
}
function auth_draw_login_form() {
$smarty = smarty();
$smarty->display('login.tpl');
}
?>
htdocs/lib/mahara.php
View file @ d250d9b4
......@@ -416,7 +416,7 @@ function load_config() {
try {
$dbconfig = get_records('config');
}
catch (ADODB_Exception $e) {
catch (DatalibException $e) {
return false;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment