Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Accounts that are created with no authentication shouldn't allow non …

…alphanumeric usernames, fixing in login/index.php as the auth library can't pass error messages. Fixes bug #4192
  • Loading branch information...
commit 01ac9a36d968442910a8dd1b76dfd905071e285f 1 parent cf1d28e
mjollnir_ authored
Showing with 14 additions and 2 deletions.
  1. +14 −2 login/index.php
View
16 login/index.php
@@ -99,11 +99,21 @@
$frm->username = trim(moodle_strtolower($frm->username));
+ if ($CFG->auth == 'none' && empty($CFG->extendedusernamechars)) {
+ $string = eregi_replace("[^(-\.[:alnum:])]", "", $frm->username);
+ if (strcmp($frm->username, $string)) {
+ $errormsg = get_string('username').': '.get_string("alphanumerical");
+ $user = null;
+ }
+ }
+
if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
$user = false; /// Can't log in as guest if guest button is disabled
$frm = false;
} else if (!$user) {
- $user = authenticate_user_login($frm->username, $frm->password);
+ if (empty($errormsg)) {
+ $user = authenticate_user_login($frm->username, $frm->password);
+ }
}
update_login_count();
@@ -186,7 +196,9 @@
exit;
} else {
- $errormsg = get_string("invalidlogin");
+ if (empty($errormsg)) {
+ $errormsg = get_string("invalidlogin");
+ }
}
}
Please sign in to comment.
Something went wrong with that request. Please try again.