Commit f919251f authored by Nigel McNie's avatar Nigel McNie Committed by Nigel McNie

Fixed bug #546 - Can't log in using different capitalisation than your

actual username
parent 61c0b5e2
......@@ -34,6 +34,13 @@ class AuthInternal extends Auth {
/**
* Attempt to authenticate user
*
* @param string $username The username to authenticate with
* @param string $password The password being used for authentication
* @param string $institution The institution the user is logging in for
* @return bool True/False based on whether the user
* authenticated successfully
* @throws AuthUnknownUserException If the user does not exist
*/
public static function authenticate_user_account($username, $password, $institution) {
if (!$user = get_record_sql('SELECT username, password, salt
......@@ -46,15 +53,47 @@ class AuthInternal extends Auth {
return self::validate_password($password, $user->password, $user->salt);
}
/**
* Establishes whether a user exists
*
* @param string $username The username to check
* @return bool True if the user exists
* @throws AuthUnknownUserException If the user does not exist
*/
public static function user_exists($username) {
if (record_exists('usr', 'LOWER(username)', strtolower($username))) {
return true;
}
throw new AuthUnknownUserException("\"$username\" is not known to AuthInternal");
}
/**
* Given a user that we know about, return an array of information about them
*
* NOTE: Does not need to be implemented for the internal authentication
* method, as by default information is sourced from the database.
* Used when a user who was otherwise unknown authenticates successfully,
* or if getting userinfo on each login is enabled for this auth method.
*
* Does not need to be implemented for the internal authentication method,
* because all users are already known about.
*/
public static function get_user_info($username) {
}
/**
* Given a username, returns information about that user from the 'usr'
* table.
*
* @param string $username The name of the user to get information from
* @return object Information about the user
*/
public static function get_user_info_cached($username) {
if (!$result = get_record('usr', 'LOWER(username)', strtolower($username), null, null, null, null,
'*, ' . db_format_tsfield('expiry') . ', ' . db_format_tsfield('lastlogin'))) {
throw new AuthUnknownUserException("\"$username\" is not known to AuthInternal");
}
return $result;
}
/**
* For internal authentication, passwords can contain a range of letters,
* numbers and symbols. There is a minimum limit of six characters allowed
......
......@@ -58,6 +58,14 @@ abstract class Auth {
*/
public static abstract function authenticate_user_account($username, $password, $institute);
/**
* Given a username, returns whether the user exists in the usr table
*
* @param string $username The username to attempt to identify
* @return bool Whether the username exists
*/
public static abstract function user_exists($username);
/**
* Given a username, returns a hash of information about a user.
*
......@@ -68,6 +76,30 @@ abstract class Auth {
*/
public static abstract function get_user_info($username);
/**
* Given a username, return information about the user from the database.
*
* This method is called when the user has been successfully authenticated,
* all createuser events have been fired and now we wish to populate the
* users session.
*
* The information retrieved must be all rows in the user table, with the
* timestamps formatted as unix timestamps. An example (taken from the
* internal authentication mechanism, which allows usernames to be case
* insensitive):
*
* <code>
* get_record('usr', 'LOWER(username)', strtolower($username), null, null, null, null,
* '*, ' . db_format_tsfield('expiry') . ', ' . db_format_tsfield('lastlogin'));
* </code>
*
* @param string $username The username to get information for
* @return array Data that can be used to populate the session
* @throws AuthUnknownUserException If the user is unknown to the
* authentication method
*/
public static abstract function get_user_info_cached($username);
/**
* Given a password, returns whether it is in a valid format for this
* authentication method.
......@@ -528,7 +560,7 @@ function login_submit(Pieform $form, $values) {
set_cookie('institution', $institution, 0, get_mahara_install_subdirectory());
$oldlastlogin = null;
if (!record_exists('usr', 'username', $username)) {
if (!call_static_method($authclass, 'user_exists', $username)) {
// We don't know about this user. But if the authentication
// method says they're fine, then we must insert data for them
// into the usr table.
......@@ -554,8 +586,7 @@ function login_submit(Pieform $form, $values) {
update_record('usr', $userdata, $where);
}
else {
$userdata = get_record('usr', 'username', $username, null, null, null, null,
'*, ' . db_format_tsfield('expiry') . ', ' . db_format_tsfield('lastlogin'));
$userdata = call_static_method($authclass, 'get_user_info_cached', $username);
$oldlastlogin = $userdata->lastlogin;
$userdata->lastlogin = time();
$userdata->inactivemailsent = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment