aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-09-30 19:56:49 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-09-30 19:56:49 +0000
commitfad92747bec989fd6728eb7349c9ede4674764ff (patch)
tree6f1c6ca613dff0af2a769c6b13aa97d00cb432a9 /engine
parent9af90ffc9a20033ca9fdd9182122c01600a0867b (diff)
downloadelgg-fad92747bec989fd6728eb7349c9ede4674764ff.tar.gz
elgg-fad92747bec989fd6728eb7349c9ede4674764ff.tar.bz2
Fixes #617, #2271 User validation removed from core to UserValidationByEmail plugin. Without a validation plugin, users can login immediately.
Fixes #2243 Removed "You have validated your email" email. Users are logged in immediately after registration or validating email. Refs #2409 Added register, user plugin hook that is called only on self registration. Can be used to halt registration. git-svn-id: http://code.elgg.org/elgg/trunk@6983 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/sessions.php18
-rw-r--r--engine/lib/users.php111
2 files changed, 16 insertions, 113 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 3af571f5c..a61402577 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -160,19 +160,13 @@ function pam_auth_userpass($credentials = NULL) {
if (is_array($credentials) && ($credentials['username']) && ($credentials['password'])) {
if ($user = get_user_by_username($credentials['username'])) {
-
- // Let admins log in without validating their email, but normal users must have validated their email or been admin created
- if ((!$user->isAdmin()) && (!$user->validated) && (!$user->admin_created)) {
- return false;
- }
-
// User has been banned, so prevent from logging in
if ($user->isBanned()) {
- return false;
+ return FALSE;
}
if ($user->password == generate_user_password($user, $credentials['password'])) {
- return true;
+ return TRUE;
} else {
// Password failed, log.
log_login_failure($user->guid);
@@ -181,7 +175,7 @@ function pam_auth_userpass($credentials = NULL) {
}
}
- return false;
+ return FALSE;
}
/**
@@ -303,17 +297,17 @@ function login(ElggUser $user, $persistent = false) {
$code = (md5($user->name . $user->username . time() . rand()));
$_SESSION['code'] = $code;
$user->code = md5($code);
- setcookie("elggperm", $code, (time()+(86400 * 30)),"/");
+ setcookie("elggperm", $code, (time()+(86400 * 30)), "/");
}
- if (!$user->save() || !trigger_elgg_event('login','user',$user)) {
+ if (!$user->save() || !trigger_elgg_event('login', 'user', $user)) {
unset($_SESSION['username']);
unset($_SESSION['name']);
unset($_SESSION['code']);
unset($_SESSION['guid']);
unset($_SESSION['id']);
unset($_SESSION['user']);
- setcookie("elggperm", "", (time()-(86400 * 30)),"/");
+ setcookie("elggperm", "", (time()-(86400 * 30)), "/");
return false;
}
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 281833625..c82db2046 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -875,60 +875,6 @@ function elgg_user_resetpassword_page_handler($page) {
}
/**
- * Set the validation status for a user.
- *
- * @param bool $status Validated (true) or false
- * @param string $method Optional method to say how a user was validated
- * @return bool
- */
-function set_user_validation_status($user_guid, $status, $method = '') {
- if (!$status) {
- $method = '';
- }
-
- if ($status) {
- if (
- (create_metadata($user_guid, 'validated', $status,'', 0, ACCESS_PUBLIC)) &&
- (create_metadata($user_guid, 'validated_method', $method,'', 0, ACCESS_PUBLIC))
- ) {
- return true;
- }
- } else {
- $validated = get_metadata_byname($user_guid, 'validated');
- $validated_method = get_metadata_byname($user_guid, 'validated_method');
-
- if (
- ($validated) &&
- ($validated_method) &&
- (delete_metadata($validated->id)) &&
- (delete_metadata($validated_method->id))
- )
- return true;
- }
-
- return false;
-}
-
-/**
- * Trigger an event requesting that a user guid be validated somehow - either by email address or some other way.
- *
- * This event invalidates any existing values and returns
- *
- * @param unknown_type $user_guid
- */
-function request_user_validation($user_guid) {
- $user = get_entity($user_guid);
-
- if (($user) && ($user instanceof ElggUser)) {
- // invalidate any existing validations
- set_user_validation_status($user_guid, false);
-
- // request validation
- trigger_elgg_event('validate', 'user', $user);
- }
-}
-
-/**
* Validates an email address.
*
* @param string $address Email address.
@@ -1067,9 +1013,8 @@ function register_user($username, $password, $name, $email, $allow_multiple_emai
// Load the configuration
global $CONFIG;
- $username = trim($username);
// no need to trim password.
- $password = $password;
+ $username = trim($username);
$name = trim(strip_tags($name));
$email = trim($email);
@@ -1081,39 +1026,33 @@ function register_user($username, $password, $name, $email, $allow_multiple_emai
return false;
}
- // See if it exists and is disabled
+ // Make sure a user with conflicting details hasn't registered and been disabled
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
- // Validate email address
if (!validate_email_address($email)) {
throw new RegistrationException(elgg_echo('registration:emailnotvalid'));
}
- // Validate password
if (!validate_password($password)) {
throw new RegistrationException(elgg_echo('registration:passwordnotvalid'));
}
- // Validate the username
if (!validate_username($username)) {
throw new RegistrationException(elgg_echo('registration:usernamenotvalid'));
}
- // Check to see if $username exists already
if ($user = get_user_by_username($username)) {
- //return false;
throw new RegistrationException(elgg_echo('registration:userexists'));
}
- // If we're not allowed multiple emails then see if this address has been used before
if ((!$allow_multiple_emails) && (get_user_by_email($email))) {
throw new RegistrationException(elgg_echo('registration:dupeemail'));
}
access_show_hidden_entities($access_status);
- // Otherwise ...
+ // Create user
$user = new ElggUser();
$user->username = $username;
$user->email = $email;
@@ -1142,15 +1081,17 @@ function register_user($username, $password, $name, $email, $allow_multiple_emai
// Check to see if we've registered the first admin yet.
// If not, this is the first admin user!
$have_admin = datalist_get('admin_registered');
- global $registering_admin;
if (!$have_admin) {
+ // makeAdmin() calls ElggUser::canEdit().
+ // right now no one is logged in and so canEdit() returns false.
+ // instead of making an override for this one instance that is called on every
+ // canEdit() call, just override the access system to set the first admin user.
+ // @todo remove this when Cash merges in the new installer
+ $ia = elgg_set_ignore_access(TRUE);
$user->makeAdmin();
- set_user_validation_status($user->getGUID(), TRUE, 'first_run');
datalist_set('admin_registered', 1);
- $registering_admin = true;
- } else {
- $registering_admin = false;
+ elgg_set_ignore_access($ia);
}
// Turn on email notifications by default
@@ -1289,34 +1230,6 @@ function set_last_login($user_guid) {
}
/**
- * A permissions plugin hook that grants access to users if they are newly created - allows
- * for email activation.
- *
- * @todo Do this in a better way!
- *
- * @param unknown_type $hook
- * @param unknown_type $entity_type
- * @param unknown_type $returnvalue
- * @param unknown_type $params
- */
-function new_user_enable_permissions_check($hook, $entity_type, $returnvalue, $params) {
- $entity = $params['entity'];
- $user = $params['user'];
- if (($entity) && ($entity instanceof ElggUser)) {
- if (
- (($entity->disable_reason == 'new_user') || (
- // if this isn't set at all they're a "new user"
- !$entity->validated
- ))
- && (!isloggedin())) {
- return true;
- }
- }
-
- return $returnvalue;
-}
-
-/**
* Creates a relationship between this site and the user.
*
* @param $event
@@ -1411,10 +1324,6 @@ function users_init() {
register_plugin_hook('usersettings:save','user','users_settings_save');
register_elgg_event_handler('create', 'user', 'user_create_hook_add_site_relationship');
-
- // Handle a special case for newly created users when the user is not logged in
- // @todo handle this better!
- register_plugin_hook('permissions_check','all','new_user_enable_permissions_check');
}
/**