diff options
-rw-r--r-- | engine/classes/ElggPAM.php | 5 | ||||
-rw-r--r-- | engine/lib/pam.php | 6 | ||||
-rw-r--r-- | mod/uservalidationbyemail/languages/en.php | 1 | ||||
-rw-r--r-- | mod/uservalidationbyemail/start.php | 38 |
4 files changed, 20 insertions, 30 deletions
diff --git a/engine/classes/ElggPAM.php b/engine/classes/ElggPAM.php index a3e4f9a77..37436fba3 100644 --- a/engine/classes/ElggPAM.php +++ b/engine/classes/ElggPAM.php @@ -52,9 +52,10 @@ class ElggPAM { try { // Execute the handler - if ($handler($credentials)) { + $result = $handler($credentials); + if ($result) { $authenticated = true; - } else { + } elseif ($result === false) { if ($importance == 'required') { $this->messages['required'][] = "$handler:failed"; return false; diff --git a/engine/lib/pam.php b/engine/lib/pam.php index f1df3feba..f6db28355 100644 --- a/engine/lib/pam.php +++ b/engine/lib/pam.php @@ -25,12 +25,16 @@ $_PAM_HANDLERS = array(); /** * Register a PAM handler. * + * A PAM handler should return true if the authentication attempt passed. For a + * failure, return false or throw an exception. Returning nothing indicates that + * the handler wants to be skipped. + * * @param string $handler The handler function in the format * pam_handler($credentials = NULL); * @param string $importance The importance - "sufficient" (default) or "required" * @param string $policy The policy type, default is "user" * - * @return boolean + * @return bool */ function register_pam_handler($handler, $importance = "sufficient", $policy = "user") { global $_PAM_HANDLERS; diff --git a/mod/uservalidationbyemail/languages/en.php b/mod/uservalidationbyemail/languages/en.php index 31dec24a3..f01dba269 100644 --- a/mod/uservalidationbyemail/languages/en.php +++ b/mod/uservalidationbyemail/languages/en.php @@ -25,6 +25,7 @@ If you can't click on the link, copy and paste it to your browser manually. 'email:confirm:fail' => "Your email address could not be verified...", 'uservalidationbyemail:registerok' => "To activate your account, please confirm your email address by clicking on the link we just sent you.", + 'uservalidationbyemail:login:fail' => "Your account is not validated so the log in attempt failed. Another validation email has been sent.", 'uservalidationbyemail:admin:no_unvalidated_users' => 'No unvalidated users.', diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php index 3bc0febae..8c91c5a1f 100644 --- a/mod/uservalidationbyemail/start.php +++ b/mod/uservalidationbyemail/start.php @@ -23,7 +23,7 @@ function uservalidationbyemail_init() { elgg_register_plugin_hook_handler('permissions_check', 'user', 'uservalidationbyemail_allow_new_user_can_edit'); // prevent users from logging in if they aren't validated - elgg_register_plugin_hook_handler('action', 'login', 'uservalidationbyemail_check_login_attempt'); + register_pam_handler('uservalidationbyemail_check_auth_attempt', "required"); // when requesting a new password elgg_register_plugin_hook_handler('action', 'user/requestnewpassword', 'uservalidationbyemail_check_request_password'); @@ -108,45 +108,29 @@ function uservalidationbyemail_allow_new_user_can_edit($hook, $type, $value, $pa } /** - * Checks if a login failed because the user hasn't validated his account. + * Checks if an account is validated * - * @param unknown_type $hook - * @param unknown_type $type - * @param unknown_type $value - * @param unknown_type $params + * @params array $credentials The username and password + * @return bool */ -function uservalidationbyemail_check_login_attempt($hook, $type, $value, $params) { - // everything is only stored in the input at this point - $username = get_input('username'); - $password = get_input("password"); +function uservalidationbyemail_check_auth_attempt($credentials) { - if (empty($username) || empty($password)) { - // return true to let the original login action deal with it. - return TRUE; - } + $username = $credentials['username']; + $password = $credentials['password']; - // see if we need to resolve an email address to a username - if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) { - $username = $users[0]->username; - } - - // See the users exists and isn't validated + // See if the user exists and isn't validated $access_status = access_get_show_hidden_status(); access_show_hidden_entities(TRUE); $user = get_user_by_username($username); - - // only resend validation if the password is correct - if ($user && authenticate($username, $password) && !$user->validated) { + if ($user && !$user->validated) { // show an error and resend validation email uservalidationbyemail_request_validation($user->guid); - // halt action - $value = FALSE; + access_show_hidden_entities($access_status); + throw new LoginException(elgg_echo('uservalidationbyemail:login:fail')); } access_show_hidden_entities($access_status); - - return $value; } /** |