Skip to content
This repository
Browse code

Fixes #1417 Users get notified when their accounts are not validated …

…for any authentication attempt

git-svn-id: http://code.elgg.org/elgg/trunk@7319 36083f99-b078-4883-b0ff-0f9b5a30f544
  • Loading branch information...
commit 481a5ecfe6b17836d47b8c89eabf346f941bbc3b 1 parent f912c8e
Cash Costello authored November 15, 2010
5  engine/classes/ElggPAM.php
@@ -52,9 +52,10 @@ public function authenticate($credentials) {
52 52
 
53 53
 			try {
54 54
 				// Execute the handler
55  
-				if ($handler($credentials)) {
  55
+				$result = $handler($credentials);
  56
+				if ($result) {
56 57
 					$authenticated = true;
57  
-				} else {
  58
+				} elseif ($result === false) {
58 59
 					if ($importance == 'required') {
59 60
 						$this->messages['required'][] = "$handler:failed";
60 61
 						return false;
6  engine/lib/pam.php
@@ -25,12 +25,16 @@
25 25
 /**
26 26
  * Register a PAM handler.
27 27
  *
  28
+ * A PAM handler should return true if the authentication attempt passed. For a
  29
+ * failure, return false or throw an exception. Returning nothing indicates that
  30
+ * the handler wants to be skipped.
  31
+ *
28 32
  * @param string $handler    The handler function in the format
29 33
  * 		                     pam_handler($credentials = NULL);
30 34
  * @param string $importance The importance - "sufficient" (default) or "required"
31 35
  * @param string $policy     The policy type, default is "user"
32 36
  *
33  
- * @return boolean
  37
+ * @return bool
34 38
  */
35 39
 function register_pam_handler($handler, $importance = "sufficient", $policy = "user") {
36 40
 	global $_PAM_HANDLERS;
1  mod/uservalidationbyemail/languages/en.php
@@ -25,6 +25,7 @@
25 25
 	'email:confirm:fail' => "Your email address could not be verified...",
26 26
 
27 27
 	'uservalidationbyemail:registerok' => "To activate your account, please confirm your email address by clicking on the link we just sent you.",
  28
+	'uservalidationbyemail:login:fail' => "Your account is not validated so the log in attempt failed. Another validation email has been sent.",
28 29
 
29 30
 	'uservalidationbyemail:admin:no_unvalidated_users' => 'No unvalidated users.',
30 31
 
38  mod/uservalidationbyemail/start.php
@@ -23,7 +23,7 @@ function uservalidationbyemail_init() {
23 23
 	elgg_register_plugin_hook_handler('permissions_check', 'user', 'uservalidationbyemail_allow_new_user_can_edit');
24 24
 
25 25
 	// prevent users from logging in if they aren't validated
26  
-	elgg_register_plugin_hook_handler('action', 'login', 'uservalidationbyemail_check_login_attempt');
  26
+	register_pam_handler('uservalidationbyemail_check_auth_attempt', "required");
27 27
 
28 28
 	// when requesting a new password
29 29
 	elgg_register_plugin_hook_handler('action', 'user/requestnewpassword', 'uservalidationbyemail_check_request_password');
@@ -108,45 +108,29 @@ function uservalidationbyemail_allow_new_user_can_edit($hook, $type, $value, $pa
108 108
 }
109 109
 
110 110
 /**
111  
- * Checks if a login failed because the user hasn't validated his account.
  111
+ * Checks if an account is validated
112 112
  *
113  
- * @param unknown_type $hook
114  
- * @param unknown_type $type
115  
- * @param unknown_type $value
116  
- * @param unknown_type $params
  113
+ * @params array $credentials The username and password
  114
+ * @return bool
117 115
  */
118  
-function uservalidationbyemail_check_login_attempt($hook, $type, $value, $params) {
119  
-	// everything is only stored in the input at this point
120  
-	$username = get_input('username');
121  
-	$password = get_input("password");
  116
+function uservalidationbyemail_check_auth_attempt($credentials) {
122 117
 
123  
-	if (empty($username) || empty($password)) {
124  
-		// return true to let the original login action deal with it.
125  
-		return TRUE;
126  
-	}
  118
+	$username = $credentials['username'];
  119
+	$password = $credentials['password'];
127 120
 
128  
-	// see if we need to resolve an email address to a username
129  
-	if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
130  
-		$username = $users[0]->username;
131  
-	}
132  
-
133  
-	// See the users exists and isn't validated
  121
+	// See if the user exists and isn't validated
134 122
 	$access_status = access_get_show_hidden_status();
135 123
 	access_show_hidden_entities(TRUE);
136 124
 
137 125
 	$user = get_user_by_username($username);
138  
-
139  
-	// only resend validation if the password is correct
140  
-	if ($user && authenticate($username, $password) && !$user->validated) {
  126
+	if ($user && !$user->validated) {
141 127
 		// show an error and resend validation email
142 128
 		uservalidationbyemail_request_validation($user->guid);
143  
-		// halt action
144  
-		$value = FALSE;
  129
+		access_show_hidden_entities($access_status);
  130
+		throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
145 131
 	}
146 132
 
147 133
 	access_show_hidden_entities($access_status);
148  
-
149  
-	return $value;
150 134
 }
151 135
 
152 136
 /**

0 notes on commit 481a5ec

Please sign in to comment.
Something went wrong with that request. Please try again.