Skip to content

Commit

Permalink
Fixed issue #09378: Auth plugin base : lowercase uppercase mix : Not …
Browse files Browse the repository at this point in the history 
…loggued but no error

Dev: choose the throw error method
Dev: only for mysql ?
  • Loading branch information
@Shnoulle
Shnoulle committed Nov 30, 2014
1 parent cc46836 commit 07a2bad
Showing 1 changed file with 21 additions and 23 deletions.
44 changes: 21 additions & 23 deletions application/core/plugins/Authdb/Authdb.php
View file
Expand Up @@ -2,15 +2,15 @@
class Authdb extends AuthPluginBase
{
protected $storage = 'DbStorage';

protected $_onepass = null;

static protected $description = 'Core: Database authentication + exports';
static protected $name = 'LimeSurvey internal database';

public function __construct(PluginManager $manager, $id) {

public function __construct(PluginManager $manager, $id)
{
parent::__construct($manager, $id);

/**
* Here you should handle subscribing to the events your plugin will handle
*/
Expand All @@ -19,7 +19,7 @@ public function __construct(PluginManager $manager, $id) {
$this->subscribe('afterLoginFormSubmit');
$this->subscribe('newUserSession');
$this->subscribe('beforeDeactivate');

// Now register for the core exports
$this->subscribe('listExportPlugins');
$this->subscribe('listExportOptions');
Expand All @@ -34,7 +34,7 @@ public function beforeDeactivate()
// Optionally set a custom error message.
$this->getEvent()->set('message', gT('Core plugin can not be disabled.'));
}

public function beforeLogin()
{
$this->getEvent()->set('default', get_class($this)); // This is the default login method, should be configurable from plugin settings
Expand All @@ -49,7 +49,7 @@ public function beforeLogin()
$this->setAuthPlugin(); // This plugin will handle authentication and skips the login form
}
}

/**
* Get the onetime password (if set)
*
Expand All @@ -59,10 +59,9 @@ protected function getOnePass()
{
return $this->_onepass;
}

public function newLoginForm()
{

$sUserName='';
$sPassword='';
if (Yii::app()->getConfig("demoMode") === true && Yii::app()->getConfig("demoModePrefill") === true)
Expand All @@ -75,7 +74,7 @@ public function newLoginForm()
->addContent(CHtml::tag('li', array(), "<label for='user'>" . gT("Username") . "</label>".CHtml::textField('user',$sUserName,array('size'=>40,'maxlength'=>40))))
->addContent(CHtml::tag('li', array(), "<label for='password'>" . gT("Password") . "</label>".CHtml::passwordField('password',$sPassword,array('size'=>40,'maxlength'=>40))));
}

public function afterLoginFormSubmit()
{
// Here we handle post data
Expand All @@ -85,17 +84,17 @@ public function afterLoginFormSubmit()
$this->setPassword($request->getPost('password'));
}
}

public function newUserSession()
{
// Here we do the actual authentication
$username = $this->getUsername();
$password = $this->getPassword();
$onepass = $this->getOnePass();

$user = $this->api->getUserByName($username);
if ($user !== null)

if ($user !== null and $username==$user->users_name) // Control of equality for uppercase/lowercase with mysql
{
if (gettype($user->password)=='resource')
{
Expand All @@ -118,17 +117,16 @@ public function newUserSession()
$user->save();
$this->setAuthSuccess($user);
return;
}
}

if ($sStoredPassword !== hash('sha256', $password))
{
$this->setAuthFailure(self::ERROR_PASSWORD_INVALID);
return;
}

$this->setAuthSuccess($user);
}

/**
* Set the onetime password
*
Expand All @@ -141,8 +139,8 @@ protected function setOnePass($onepass)

return $this;
}


// Now the export part:
public function listExportOptions()
{
Expand Down Expand Up @@ -181,7 +179,7 @@ public function listExportOptions()
break;
}
}

/**
* Registers this export type
*/
Expand All @@ -201,7 +199,7 @@ public function listExportPlugins()

$event->set('exportplugins', $exports);
}

/**
* Returns the required IWriter
*/
Expand Down Expand Up @@ -234,4 +232,4 @@ public function newExport()

$event->set('writer', $writer);
}
}
}

0 comments on commit 07a2bad

Please sign in to comment.