Fixes #1417 Users get notified when their accounts are not validated for any authenti...

git-svn-id: http://code.elgg.org/elgg/trunk@7319 36083f99-b078-4883-b0ff-0f9b5a30f544

diff --git a/engine/classes/ElggPAM.php b/engine/classes/ElggPAM.php
index a3e4f9a7728976a08e607da64a2a0237733c86db..37436fba3d841c8d8b632e7c6d6ce397549630a8 100644 (file)
--- a/engine/classes/ElggPAM.php
+++ b/engine/classes/ElggPAM.php
@@ -52,9 +52,10 @@ class ElggPAM {
 
                        try {
                                // Execute the handler
-                               if ($handler($credentials)) {
+                               $result = $handler($credentials);
+                               if ($result) {
                                        $authenticated = true;
-                               } else {
+                               } elseif ($result === false) {
                                        if ($importance == 'required') {
                                                $this->messages['required'][] = "$handler:failed";
                                                return false;

diff --git a/engine/lib/pam.php b/engine/lib/pam.php
index f1df3febafffbdd0e27996ce13da7d8c177c33e5..f6db28355c09f4ad4b529f60cd28737abdc7588e 100644 (file)
--- a/engine/lib/pam.php
+++ b/engine/lib/pam.php
@@ -25,12 +25,16 @@ $_PAM_HANDLERS = array();
 /**
  * Register a PAM handler.
  *
+ * A PAM handler should return true if the authentication attempt passed. For a
+ * failure, return false or throw an exception. Returning nothing indicates that
+ * the handler wants to be skipped.
+ *
  * @param string $handler    The handler function in the format
  *                                  pam_handler($credentials = NULL);
  * @param string $importance The importance - "sufficient" (default) or "required"
  * @param string $policy     The policy type, default is "user"
  *
- * @return boolean
+ * @return bool
  */
 function register_pam_handler($handler, $importance = "sufficient", $policy = "user") {
        global $_PAM_HANDLERS;

diff --git a/mod/uservalidationbyemail/languages/en.php b/mod/uservalidationbyemail/languages/en.php
index 31dec24a34e84491481e9ea35c24ebfcbaf72653..f01dba2690f55bd1d506b433756a017d48ca76dc 100644 (file)
--- a/mod/uservalidationbyemail/languages/en.php
+++ b/mod/uservalidationbyemail/languages/en.php
@@ -25,6 +25,7 @@ If you can't click on the link, copy and paste it to your browser manually.
        'email:confirm:fail' => "Your email address could not be verified...",
 
        'uservalidationbyemail:registerok' => "To activate your account, please confirm your email address by clicking on the link we just sent you.",
+       'uservalidationbyemail:login:fail' => "Your account is not validated so the log in attempt failed. Another validation email has been sent.",
 
        'uservalidationbyemail:admin:no_unvalidated_users' => 'No unvalidated users.',
 

diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php
index 3bc0febae98f1d61770d32d42d8288d301f0b68b..8c91c5a1f1b676c6c383874fef0c516da5b45f92 100644 (file)
--- a/mod/uservalidationbyemail/start.php
+++ b/mod/uservalidationbyemail/start.php
@@ -23,7 +23,7 @@ function uservalidationbyemail_init() {
        elgg_register_plugin_hook_handler('permissions_check', 'user', 'uservalidationbyemail_allow_new_user_can_edit');
 
        // prevent users from logging in if they aren't validated
-       elgg_register_plugin_hook_handler('action', 'login', 'uservalidationbyemail_check_login_attempt');
+       register_pam_handler('uservalidationbyemail_check_auth_attempt', "required");
 
        // when requesting a new password
        elgg_register_plugin_hook_handler('action', 'user/requestnewpassword', 'uservalidationbyemail_check_request_password');
@@ -108,45 +108,29 @@ function uservalidationbyemail_allow_new_user_can_edit($hook, $type, $value, $pa
 }
 
 /**
- * Checks if a login failed because the user hasn't validated his account.
+ * Checks if an account is validated
  *
- * @param unknown_type $hook
- * @param unknown_type $type
- * @param unknown_type $value
- * @param unknown_type $params
+ * @params array $credentials The username and password
+ * @return bool
  */
-function uservalidationbyemail_check_login_attempt($hook, $type, $value, $params) {
-       // everything is only stored in the input at this point
-       $username = get_input('username');
-       $password = get_input("password");
+function uservalidationbyemail_check_auth_attempt($credentials) {
 
-       if (empty($username) || empty($password)) {
-               // return true to let the original login action deal with it.
-               return TRUE;
-       }
+       $username = $credentials['username'];
+       $password = $credentials['password'];
 
-       // see if we need to resolve an email address to a username
-       if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
-               $username = $users[0]->username;
-       }
-
-       // See the users exists and isn't validated
+       // See if the user exists and isn't validated
        $access_status = access_get_show_hidden_status();
        access_show_hidden_entities(TRUE);
 
        $user = get_user_by_username($username);
-
-       // only resend validation if the password is correct
-       if ($user && authenticate($username, $password) && !$user->validated) {
+       if ($user && !$user->validated) {
                // show an error and resend validation email
                uservalidationbyemail_request_validation($user->guid);
-               // halt action
-               $value = FALSE;
+               access_show_hidden_entities($access_status);
+               throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
        }
 
        access_show_hidden_entities($access_status);
-
-       return $value;
 }
 
 /**