Fixed bug #546 - Can't log in using different capitalisation than your

actual username

htdocs/auth/internal/lib.php

@@ -34,6 +34,13 @@ class AuthInternal extends Auth {
 
     /**
      * Attempt to authenticate user
+     *
+     * @param string $username The username to authenticate with
+     * @param string $password The password being used for authentication
+     * @param string $institution The institution the user is logging in for
+     * @return bool            True/False based on whether the user
+     *                         authenticated successfully
+     * @throws AuthUnknownUserException If the user does not exist
      */
     public static function authenticate_user_account($username, $password, $institution) {
         if (!$user = get_record_sql('SELECT username, password, salt
@@ -46,15 +53,47 @@ class AuthInternal extends Auth {
         return self::validate_password($password, $user->password, $user->salt);
     }
 
+    /**
+     * Establishes whether a user exists
+     *
+     * @param string $username The username to check
+     * @return bool            True if the user exists
+     * @throws AuthUnknownUserException If the user does not exist
+     */
+    public static function user_exists($username) {
+        if (record_exists('usr', 'LOWER(username)', strtolower($username))) {
+            return true;
+        }
+        throw new AuthUnknownUserException("\"$username\" is not known to AuthInternal");
+    }
+
     /**
      * Given a user that we know about, return an array of information about them
      *
-     * NOTE: Does not need to be implemented for the internal authentication
-     * method, as by default information is sourced from the database.
+     * Used when a user who was otherwise unknown authenticates successfully,
+     * or if getting userinfo on each login is enabled for this auth method.
+     *
+     * Does not need to be implemented for the internal authentication method,
+     * because all users are already known about.
      */
     public static function get_user_info($username) {
     }
 
+    /**
+     * Given a username, returns information about that user from the 'usr'
+     * table.
+     *
+     * @param string $username The name of the user to get information from
+     * @return object          Information about the user
+     */
+    public static function get_user_info_cached($username) {
+        if (!$result = get_record('usr', 'LOWER(username)', strtolower($username), null, null, null, null,
+                    '*, ' . db_format_tsfield('expiry') . ', ' . db_format_tsfield('lastlogin'))) {
+            throw new AuthUnknownUserException("\"$username\" is not known to AuthInternal");
+        }
+        return $result;
+    }
+
     /**
      * For internal authentication, passwords can contain a range of letters,
      * numbers and symbols. There is a minimum limit of six characters allowed

htdocs/auth/lib.php

@@ -58,6 +58,14 @@ abstract class Auth {
      */
     public static abstract function authenticate_user_account($username, $password, $institute);
 
+    /**
+     * Given a username, returns whether the user exists in the usr table
+     *
+     * @param string $username The username to attempt to identify
+     * @return bool            Whether the username exists
+     */
+    public static abstract function user_exists($username);
+
     /**
      * Given a username, returns a hash of information about a user.
      *
@@ -68,6 +76,30 @@ abstract class Auth {
      */
     public static abstract function get_user_info($username);
 
+    /**
+     * Given a username, return information about the user from the database.
+     *
+     * This method is called when the user has been successfully authenticated,
+     * all createuser events have been fired and now we wish to populate the
+     * users session.
+     *
+     * The information retrieved must be all rows in the user table, with the
+     * timestamps formatted as unix timestamps. An example (taken from the
+     * internal authentication mechanism, which allows usernames to be case
+     * insensitive):
+     *
+     * <code>
+     * get_record('usr', 'LOWER(username)', strtolower($username), null, null, null, null,
+     *    '*, ' . db_format_tsfield('expiry') . ', ' . db_format_tsfield('lastlogin'));
+     * </code>
+     *
+     * @param string $username The username to get information for
+     * @return array           Data that can be used to populate the session
+     * @throws AuthUnknownUserException If the user is unknown to the
+     *                                  authentication method
+     */
+    public static abstract function get_user_info_cached($username);
+
     /**
      * Given a password, returns whether it is in a valid format for this
      * authentication method.
@@ -528,7 +560,7 @@ function login_submit(Pieform $form, $values) {
             set_cookie('institution', $institution, 0, get_mahara_install_subdirectory());
             $oldlastlogin = null;
 
-            if (!record_exists('usr', 'username', $username)) {
+            if (!call_static_method($authclass, 'user_exists', $username)) {
                 // We don't know about this user. But if the authentication
                 // method says they're fine, then we must insert data for them
                 // into the usr table.
@@ -554,8 +586,7 @@ function login_submit(Pieform $form, $values) {
                 update_record('usr', $userdata, $where);
             }
             else {
-                $userdata = get_record('usr', 'username', $username, null, null, null, null,
-                    '*, ' . db_format_tsfield('expiry') . ', ' . db_format_tsfield('lastlogin'));
+                $userdata = call_static_method($authclass, 'get_user_info_cached', $username);
                 $oldlastlogin = $userdata->lastlogin;
                 $userdata->lastlogin = time();
                 $userdata->inactivemailsent = 0;