Fixes #617, #2271 User validation removed from core to UserValidationByEmail plugin. Without a validation plugin, users can login immediately.

Fixes #2243 Removed "You have validated your email" email. Users are logged in immediately after registration or validating email. Refs #2409 Added register, user plugin hook that is called only on self registration. Can be used to halt registration. git-svn-id: http://code.elgg.org/elgg/trunk@6983 36083f99-b078-4883-b0ff-0f9b5a30f544
author: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> 2010-09-30 19:56:49 +0000
committer: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> 2010-09-30 19:56:49 +0000
commit: fad92747bec989fd6728eb7349c9ede4674764ff (patch)
tree: 6f1c6ca613dff0af2a769c6b13aa97d00cb432a9 /actions
parent: 9af90ffc9a20033ca9fdd9182122c01600a0867b (diff)
download: elgg-fad92747bec989fd6728eb7349c9ede4674764ff.tar.gz
elgg-fad92747bec989fd6728eb7349c9ede4674764ff.tar.bz2
3 files changed, 69 insertions, 90 deletions
diff --git a/actions/login.php b/actions/login.php
index ef6b0b898..0063a1f08 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -2,37 +2,37 @@
 /**
  * Elgg login action
  *
- * @package Elgg
- * @subpackage Core
- * @author Curverider Ltd
- * @link http://elgg.org/
+ * @package Elgg.Core
+ * @subpackage User.Authentication
  */
 
-// Get username and password
 $username = get_input('username');
 $password = get_input("password");
-$persistent = get_input("persistent", false);
+$persistent = get_input("persistent", FALSE);
+$result = FALSE;
 
-// If all is present and correct, try to log in
-$result = false;
-if (!empty($username) && !empty($password)) {
-	// check first if this is an email address and do a login
-	// email addies will be validated
-	if (strpos($username, '@') !== FALSE && ($user=get_user_by_email($username))) {
-		$username = $user[0]->username;
-	}
+if (empty($username) || empty($password)) {
+	register_error(elgg_echo('loginerror'));
+	forward();
+}
 
-	if ($user = authenticate($username, $password)) {
-		$result = login($user, $persistent);
-	}
+// check first if logging in with email address
+if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
+	$username = $users[0]->username;
 }
 
-// Set the system_message as appropriate
+if ($user = authenticate($username, $password)) {
+	$result = login($user, $persistent);
+}
+
+// forward to correct page
 if ($result) {
 	system_message(elgg_echo('loginok'));
+
 	if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) {
 		$forward_url = $_SESSION['last_forward_from'];
 		unset($_SESSION['last_forward_from']);
+
 		forward($forward_url);
 	} else {
 		if (get_input('returntoreferer')) {
@@ -44,25 +44,21 @@ if ($result) {
 		}
 	}
 } else {
-	$error_msg = elgg_echo('loginerror');
-	// figure out why the login failed
-	if (!empty($username) && !empty($password)) {
-		// See if it exists and is disabled
-		$access_status = access_get_show_hidden_status();
-		access_show_hidden_entities(true);
-		if (($user = get_user_by_username($username)) && !$user->validated) {
-			// give plugins a chance to respond
-			if (!trigger_plugin_hook('unvalidated_login_attempt','user',array('entity'=>$user))) {
-				// if plugins have not registered an action, the default action is to
-				// trigger the validation event again and assume that the validation
-				// event will display an appropriate message
-				trigger_elgg_event('validate', 'user', $user);
-			}
-		} else {
-			register_error(elgg_echo('loginerror'));
-		}
-		access_show_hidden_entities($access_status);
-	} else {
-		register_error(elgg_echo('loginerror'));
-	}
+	register_error(elgg_echo('loginerror'));
+//	// let a plugin hook say why login failed or react to it.
+//	$params = array(
+//		'username' => $username,
+//		'password' => $password,
+//		'persistent' => $persistent,
+//		'user' => $user
+//	);
+//
+//	// Returning FALSE to this function will generate a standard
+//	// "Could not log you in" message.
+//	// Plugins should use this hook to provide details, and then return TRUE.
+//	if (!trigger_plugin_hook('failed_login', 'user', $params, FALSE)) {
+//		register_error(elgg_echo('loginerror'));
+//	}
 }
+
+forward(REFERRER);
diff --git a/actions/register.php b/actions/register.php
index a5043fed9..9c4efa9f6 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -2,10 +2,8 @@
 /**
  * Elgg registration action
  *
- * @package Elgg
- * @subpackage Core
- * @author Curverider Ltd
- * @link http://elgg.org/
+ * @package Elgg.Core
+ * @subpackage User.Account
  */
 
 global $CONFIG;
@@ -19,11 +17,6 @@ $name = get_input('name');
 $friend_guid = (int) get_input('friend_guid',0);
 $invitecode = get_input('invitecode');
 
-$admin = get_input('admin');
-if (is_array($admin)) {
-	$admin = $admin[0];
-}
-
 if ($CONFIG->allow_registration) {
 	try {
 		if (trim($password) == "" || trim($password2) == "") {
@@ -35,37 +28,41 @@ if ($CONFIG->allow_registration) {
 		}
 
 		$guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode);
+
 		if ($guid) {
 			$new_user = get_entity($guid);
 
-			// @todo - consider removing registering admins since this is done
-			// through the useradd action
-			if (($guid) && ($admin)) {
-				// Only admins can make someone an admin
-				admin_gatekeeper();
-				$new_user->makeAdmin();
-			}
-
-			// Send user validation request on register only
-			global $registering_admin;
-			if (!$registering_admin) {
-				request_user_validation($guid);
-			}
+			// allow plugins to respond to self registration
+			// note: To catch all new users, even those created by an admin,
+			// register for the create, user event instead.
+			// only passing vars that aren't in ElggUser.
+			$params = array(
+				'user' => $new_user,
+				'password' => $password,
+				'friend_guid' => $friend_guid,
+				'invitecode' => $invitecode
+			);
 
+			// if this user is admin, that means it was the first
+			// registered user.  Don't trigger this hook.
+			// @todo This can be removed in the new installer
 			if (!$new_user->isAdmin()) {
-				// Now disable if not an admin
-				// Don't do a recursive disable.  Any entities owned by the user at this point
-				// are products of plugins that hook into create user and might need
-				// access to the entities.
-				$new_user->disable('new_user', false);
+				// @todo should registration be allowed no matter what the plugins return?
+				if (!trigger_plugin_hook('register', 'user', $params, TRUE)) {
+					$new_user->delete();
+					// @todo this is a generic messages. We could have plugins
+					// throw a RegistrationException, but that is very odd
+					// for the plugin hooks system.
+					throw new RegistrationException(elgg_echo('registerbad'));
+				}
 			}
 
-			system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename));
+			system_message(sprintf(elgg_echo("registerok"), $CONFIG->sitename));
 
 			// Forward on success, assume everything else is an error...
 			// If just registered admin user, login the user in and forward to the
 			// plugins simple settings page.
-			if (!datalist_get('first_admin_login')) {
+			if (!datalist_get('first_admin_login') && $new_user->isAdmin()) {
 				login($new_user);
 				// remove the "you've registered!" system_message();
 				$_SESSION['msg']['messages'] = array();
@@ -76,6 +73,7 @@ if ($CONFIG->allow_registration) {
 				datalist_set('first_admin_login', time());
 				forward('pg/admin/plugins/simple');
 			} else {
+				login($new_user);
 				forward();
 			}
 		} else {
@@ -88,4 +86,4 @@ if ($CONFIG->allow_registration) {
 	register_error(elgg_echo('registerdisabled'));
 }
 
-forward(REFERER);
+forward(REFERER);
+\ No newline at end of file
diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php
index 400ce86ae..22b4008e8 100644
--- a/actions/user/requestnewpassword.php
+++ b/actions/user/requestnewpassword.php
@@ -2,36 +2,21 @@
 /**
  * Action to request a new password.
  *
- * @package Elgg
- * @subpackage Core
- * @author Curverider Ltd
- * @link http://elgg.org/
+ * @package Elgg.Core
+ * @subpackage User.Account
  */
 
-global $CONFIG;
-
 $username = get_input('username');
 
-$access_status = access_get_show_hidden_status();
-access_show_hidden_entities(true);
 $user = get_user_by_username($username);
 if ($user) {
-	if ($user->validated) {
-		if (send_new_password_request($user->guid)) {
-			system_message(elgg_echo('user:password:resetreq:success'));
-		} else {
-			register_error(elgg_echo('user:password:resetreq:fail'));
-		}
-	} else if (!trigger_plugin_hook('unvalidated_requestnewpassword','user',array('entity'=>$user))) {
-		// if plugins have not registered an action, the default action is to
-		// trigger the validation event again and assume that the validation
-		// event will display an appropriate message
-		trigger_elgg_event('validate', 'user', $user);
+	if (send_new_password_request($user->guid)) {
+		system_message(elgg_echo('user:password:resetreq:success'));
+	} else {
+		register_error(elgg_echo('user:password:resetreq:fail'));
 	}
 } else {
 	register_error(sprintf(elgg_echo('user:username:notfound'), $username));
 }
 
-access_show_hidden_entities($access_status);
 forward();
-exit;
author	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>	2010-09-30 19:56:49 +0000
committer	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>	2010-09-30 19:56:49 +0000
commit	fad92747bec989fd6728eb7349c9ede4674764ff (patch)
tree	6f1c6ca613dff0af2a769c6b13aa97d00cb432a9 /actions
parent	9af90ffc9a20033ca9fdd9182122c01600a0867b (diff)
download	elgg-fad92747bec989fd6728eb7349c9ede4674764ff.tar.gz elgg-fad92747bec989fd6728eb7349c9ede4674764ff.tar.bz2