Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
mahara
mahara
Commits
f919251f
Commit
f919251f
authored
Mar 06, 2007
by
Nigel McNie
Committed by
Nigel McNie
Mar 06, 2007
Browse files
Fixed bug #546 - Can't log in using different capitalisation than your
actual username
parent
61c0b5e2
Changes
2
Hide whitespace changes
Inline
Side-by-side
htdocs/auth/internal/lib.php
View file @
f919251f
...
...
@@ -34,6 +34,13 @@ class AuthInternal extends Auth {
/**
* Attempt to authenticate user
*
* @param string $username The username to authenticate with
* @param string $password The password being used for authentication
* @param string $institution The institution the user is logging in for
* @return bool True/False based on whether the user
* authenticated successfully
* @throws AuthUnknownUserException If the user does not exist
*/
public
static
function
authenticate_user_account
(
$username
,
$password
,
$institution
)
{
if
(
!
$user
=
get_record_sql
(
'SELECT username, password, salt
...
...
@@ -46,15 +53,47 @@ class AuthInternal extends Auth {
return
self
::
validate_password
(
$password
,
$user
->
password
,
$user
->
salt
);
}
/**
* Establishes whether a user exists
*
* @param string $username The username to check
* @return bool True if the user exists
* @throws AuthUnknownUserException If the user does not exist
*/
public
static
function
user_exists
(
$username
)
{
if
(
record_exists
(
'usr'
,
'LOWER(username)'
,
strtolower
(
$username
)))
{
return
true
;
}
throw
new
AuthUnknownUserException
(
"
\"
$username
\"
is not known to AuthInternal"
);
}
/**
* Given a user that we know about, return an array of information about them
*
* NOTE: Does not need to be implemented for the internal authentication
* method, as by default information is sourced from the database.
* Used when a user who was otherwise unknown authenticates successfully,
* or if getting userinfo on each login is enabled for this auth method.
*
* Does not need to be implemented for the internal authentication method,
* because all users are already known about.
*/
public
static
function
get_user_info
(
$username
)
{
}
/**
* Given a username, returns information about that user from the 'usr'
* table.
*
* @param string $username The name of the user to get information from
* @return object Information about the user
*/
public
static
function
get_user_info_cached
(
$username
)
{
if
(
!
$result
=
get_record
(
'usr'
,
'LOWER(username)'
,
strtolower
(
$username
),
null
,
null
,
null
,
null
,
'*, '
.
db_format_tsfield
(
'expiry'
)
.
', '
.
db_format_tsfield
(
'lastlogin'
)))
{
throw
new
AuthUnknownUserException
(
"
\"
$username
\"
is not known to AuthInternal"
);
}
return
$result
;
}
/**
* For internal authentication, passwords can contain a range of letters,
* numbers and symbols. There is a minimum limit of six characters allowed
...
...
htdocs/auth/lib.php
View file @
f919251f
...
...
@@ -58,6 +58,14 @@ abstract class Auth {
*/
public
static
abstract
function
authenticate_user_account
(
$username
,
$password
,
$institute
);
/**
* Given a username, returns whether the user exists in the usr table
*
* @param string $username The username to attempt to identify
* @return bool Whether the username exists
*/
public
static
abstract
function
user_exists
(
$username
);
/**
* Given a username, returns a hash of information about a user.
*
...
...
@@ -68,6 +76,30 @@ abstract class Auth {
*/
public
static
abstract
function
get_user_info
(
$username
);
/**
* Given a username, return information about the user from the database.
*
* This method is called when the user has been successfully authenticated,
* all createuser events have been fired and now we wish to populate the
* users session.
*
* The information retrieved must be all rows in the user table, with the
* timestamps formatted as unix timestamps. An example (taken from the
* internal authentication mechanism, which allows usernames to be case
* insensitive):
*
* <code>
* get_record('usr', 'LOWER(username)', strtolower($username), null, null, null, null,
* '*, ' . db_format_tsfield('expiry') . ', ' . db_format_tsfield('lastlogin'));
* </code>
*
* @param string $username The username to get information for
* @return array Data that can be used to populate the session
* @throws AuthUnknownUserException If the user is unknown to the
* authentication method
*/
public
static
abstract
function
get_user_info_cached
(
$username
);
/**
* Given a password, returns whether it is in a valid format for this
* authentication method.
...
...
@@ -528,7 +560,7 @@ function login_submit(Pieform $form, $values) {
set_cookie
(
'institution'
,
$institution
,
0
,
get_mahara_install_subdirectory
());
$oldlastlogin
=
null
;
if
(
!
record_exists
(
'usr'
,
'username
'
,
$username
))
{
if
(
!
call_static_method
(
$authclass
,
'user_exists
'
,
$username
))
{
// We don't know about this user. But if the authentication
// method says they're fine, then we must insert data for them
// into the usr table.
...
...
@@ -554,8 +586,7 @@ function login_submit(Pieform $form, $values) {
update_record
(
'usr'
,
$userdata
,
$where
);
}
else
{
$userdata
=
get_record
(
'usr'
,
'username'
,
$username
,
null
,
null
,
null
,
null
,
'*, '
.
db_format_tsfield
(
'expiry'
)
.
', '
.
db_format_tsfield
(
'lastlogin'
));
$userdata
=
call_static_method
(
$authclass
,
'get_user_info_cached'
,
$username
);
$oldlastlogin
=
$userdata
->
lastlogin
;
$userdata
->
lastlogin
=
time
();
$userdata
->
inactivemailsent
=
0
;
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment