aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--engine/classes/ElggPAM.php5
-rw-r--r--engine/lib/pam.php6
-rw-r--r--mod/uservalidationbyemail/languages/en.php1
-rw-r--r--mod/uservalidationbyemail/start.php38
4 files changed, 20 insertions, 30 deletions
diff --git a/engine/classes/ElggPAM.php b/engine/classes/ElggPAM.php
index a3e4f9a77..37436fba3 100644
--- a/engine/classes/ElggPAM.php
+++ b/engine/classes/ElggPAM.php
@@ -52,9 +52,10 @@ class ElggPAM {
try {
// Execute the handler
- if ($handler($credentials)) {
+ $result = $handler($credentials);
+ if ($result) {
$authenticated = true;
- } else {
+ } elseif ($result === false) {
if ($importance == 'required') {
$this->messages['required'][] = "$handler:failed";
return false;
diff --git a/engine/lib/pam.php b/engine/lib/pam.php
index f1df3feba..f6db28355 100644
--- a/engine/lib/pam.php
+++ b/engine/lib/pam.php
@@ -25,12 +25,16 @@ $_PAM_HANDLERS = array();
/**
* Register a PAM handler.
*
+ * A PAM handler should return true if the authentication attempt passed. For a
+ * failure, return false or throw an exception. Returning nothing indicates that
+ * the handler wants to be skipped.
+ *
* @param string $handler The handler function in the format
* pam_handler($credentials = NULL);
* @param string $importance The importance - "sufficient" (default) or "required"
* @param string $policy The policy type, default is "user"
*
- * @return boolean
+ * @return bool
*/
function register_pam_handler($handler, $importance = "sufficient", $policy = "user") {
global $_PAM_HANDLERS;
diff --git a/mod/uservalidationbyemail/languages/en.php b/mod/uservalidationbyemail/languages/en.php
index 31dec24a3..f01dba269 100644
--- a/mod/uservalidationbyemail/languages/en.php
+++ b/mod/uservalidationbyemail/languages/en.php
@@ -25,6 +25,7 @@ If you can't click on the link, copy and paste it to your browser manually.
'email:confirm:fail' => "Your email address could not be verified...",
'uservalidationbyemail:registerok' => "To activate your account, please confirm your email address by clicking on the link we just sent you.",
+ 'uservalidationbyemail:login:fail' => "Your account is not validated so the log in attempt failed. Another validation email has been sent.",
'uservalidationbyemail:admin:no_unvalidated_users' => 'No unvalidated users.',
diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php
index 3bc0febae..8c91c5a1f 100644
--- a/mod/uservalidationbyemail/start.php
+++ b/mod/uservalidationbyemail/start.php
@@ -23,7 +23,7 @@ function uservalidationbyemail_init() {
elgg_register_plugin_hook_handler('permissions_check', 'user', 'uservalidationbyemail_allow_new_user_can_edit');
// prevent users from logging in if they aren't validated
- elgg_register_plugin_hook_handler('action', 'login', 'uservalidationbyemail_check_login_attempt');
+ register_pam_handler('uservalidationbyemail_check_auth_attempt', "required");
// when requesting a new password
elgg_register_plugin_hook_handler('action', 'user/requestnewpassword', 'uservalidationbyemail_check_request_password');
@@ -108,45 +108,29 @@ function uservalidationbyemail_allow_new_user_can_edit($hook, $type, $value, $pa
}
/**
- * Checks if a login failed because the user hasn't validated his account.
+ * Checks if an account is validated
*
- * @param unknown_type $hook
- * @param unknown_type $type
- * @param unknown_type $value
- * @param unknown_type $params
+ * @params array $credentials The username and password
+ * @return bool
*/
-function uservalidationbyemail_check_login_attempt($hook, $type, $value, $params) {
- // everything is only stored in the input at this point
- $username = get_input('username');
- $password = get_input("password");
+function uservalidationbyemail_check_auth_attempt($credentials) {
- if (empty($username) || empty($password)) {
- // return true to let the original login action deal with it.
- return TRUE;
- }
+ $username = $credentials['username'];
+ $password = $credentials['password'];
- // see if we need to resolve an email address to a username
- if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
- $username = $users[0]->username;
- }
-
- // See the users exists and isn't validated
+ // See if the user exists and isn't validated
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(TRUE);
$user = get_user_by_username($username);
-
- // only resend validation if the password is correct
- if ($user && authenticate($username, $password) && !$user->validated) {
+ if ($user && !$user->validated) {
// show an error and resend validation email
uservalidationbyemail_request_validation($user->guid);
- // halt action
- $value = FALSE;
+ access_show_hidden_entities($access_status);
+ throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
}
access_show_hidden_entities($access_status);
-
- return $value;
}
/**