aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-01-22 22:33:50 +0000
committercash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-01-22 22:33:50 +0000
commit77537c157df1ca44a2e8f375c04c31580eb89954 (patch)
tree13e43d000686102505bb04a9de1113b8ea42d9d9
parent24378b3ecc07eb568e383823967a0ae6378120d6 (diff)
downloadelgg-77537c157df1ca44a2e8f375c04c31580eb89954.tar.gz
elgg-77537c157df1ca44a2e8f375c04c31580eb89954.tar.bz2
testing for the existence of username in pam credentials before using
git-svn-id: http://code.elgg.org/elgg/trunk@7907 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--engine/lib/sessions.php2
-rw-r--r--engine/lib/web_services.php2
-rw-r--r--mod/uservalidationbyemail/start.php5
3 files changed, 6 insertions, 3 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 4cdc9bcce..eb47f4eb5 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -182,7 +182,7 @@ function authenticate($username, $password) {
*/
function pam_auth_userpass($credentials = NULL) {
- if (!is_array($credentials) && (!$credentials['username']) && (!$credentials['password'])) {
+ if (!is_array($credentials) || !isset($credentials['username']) || !isset($credentials['password'])) {
return false;
}
diff --git a/engine/lib/web_services.php b/engine/lib/web_services.php
index e529711e1..33f413c5c 100644
--- a/engine/lib/web_services.php
+++ b/engine/lib/web_services.php
@@ -177,7 +177,7 @@ function authenticate_method($method) {
}
$user_pam = new ElggPAM('user');
- $user_auth_result = $user_pam->authenticate();
+ $user_auth_result = $user_pam->authenticate(array());
// check if user authentication is required
if ($API_METHODS[$method]["require_user_auth"] == true) {
diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php
index 9d4233f37..d04adcf4d 100644
--- a/mod/uservalidationbyemail/start.php
+++ b/mod/uservalidationbyemail/start.php
@@ -122,8 +122,11 @@ function uservalidationbyemail_allow_new_user_can_edit($hook, $type, $value, $pa
*/
function uservalidationbyemail_check_auth_attempt($credentials) {
+ if (!isset($credentials['username'])) {
+ return;
+ }
+
$username = $credentials['username'];
- $password = $credentials['password'];
// See if the user exists and isn't validated
$access_status = access_get_show_hidden_status();