From: skodak Date: Fri, 30 May 2008 20:54:19 +0000 (+0000) Subject: MDL-14679 towards authlib conversion X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=be544ec380a972fb6823b253d63c579914fb79b2;p=moodle.git MDL-14679 towards authlib conversion --- diff --git a/auth/cas/auth.php b/auth/cas/auth.php index ae6686d155..ad7c2109ad 100644 --- a/auth/cas/auth.php +++ b/auth/cas/auth.php @@ -354,13 +354,13 @@ if ( !is_object($PHPCAS_CLIENT) ) { * Function should return all information available. If you are saving * this information to moodle user-table you should honor syncronization flags * - * @param string $username username (with system magic quotes) + * @param string $username username * * @return mixed array with no magic quotes or false on error */ function get_userinfo($username) { $textlib = textlib_get_instance(); - $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->ldapencoding); + $extusername = $textlib->convert($username, 'utf-8', $this->config->ldapencoding); $ldapconnection = $this->ldap_connect(); $attrmap = $this->ldap_attributes(); $result = array(); diff --git a/auth/db/auth.php b/auth/db/auth.php index 6797126fc4..d913a0ed94 100644 --- a/auth/db/auth.php +++ b/auth/db/auth.php @@ -145,7 +145,7 @@ class auth_plugin_db extends auth_plugin_base { * Reads any other information for a user from external database, * then returns it in an array * - * @param string $username (with system magic quotes) + * @param string $username * * @return array without magic quotes */ @@ -154,7 +154,7 @@ class auth_plugin_db extends auth_plugin_base { global $CFG; $textlib = textlib_get_instance(); - $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->extencoding); + $extusername = $textlib->convert($username, 'utf-8', $this->config->extencoding); $authdb = $this->db_init(); diff --git a/auth/email/auth.php b/auth/email/auth.php index 8806e8b41c..602336ba8b 100644 --- a/auth/email/auth.php +++ b/auth/email/auth.php @@ -40,8 +40,8 @@ class auth_plugin_email extends auth_plugin_base { * @return bool Authentication success or failure. */ function user_login ($username, $password) { - global $CFG; - if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) { + global $CFG, $DB; + if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id))) { return validate_internal_user_password($user, $password); } return false; diff --git a/auth/imap/auth.php b/auth/imap/auth.php index c2c3cf0ae6..a8ed884cc9 100644 --- a/auth/imap/auth.php +++ b/auth/imap/auth.php @@ -69,7 +69,7 @@ class auth_plugin_imap extends auth_plugin_base { } error_reporting(0); - $connection = imap_open($host, stripslashes($username), stripslashes($password), OP_HALFOPEN); + $connection = imap_open($host, $username, $password, OP_HALFOPEN); error_reporting($CFG->debug); if ($connection) { diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php index 247c1bb691..22bb9ec39e 100644 --- a/auth/ldap/auth.php +++ b/auth/ldap/auth.php @@ -156,13 +156,13 @@ class auth_plugin_ldap extends auth_plugin_base { * Function should return all information available. If you are saving * this information to moodle user-table you should honor syncronization flags * - * @param string $username username (with system magic quotes) + * @param string $username username * * @return mixed array with no magic quotes or false on error */ function get_userinfo($username) { $textlib = textlib_get_instance(); - $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->ldapencoding); + $extusername = $textlib->convert($username, 'utf-8', $this->config->ldapencoding); $ldapconnection = $this->ldap_connect(); $attrmap = $this->ldap_attributes(); diff --git a/auth/manual/auth.php b/auth/manual/auth.php index a8c469722f..bb80d52b7d 100644 --- a/auth/manual/auth.php +++ b/auth/manual/auth.php @@ -40,8 +40,8 @@ class auth_plugin_manual extends auth_plugin_base { * @return bool Authentication success or failure. */ function user_login ($username, $password) { - global $CFG; - if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) { + global $CFG, $DB; + if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id))) { return validate_internal_user_password($user, $password); } return false; diff --git a/auth/nntp/auth.php b/auth/nntp/auth.php index da549b915e..27454d4a3f 100644 --- a/auth/nntp/auth.php +++ b/auth/nntp/auth.php @@ -35,8 +35,8 @@ class auth_plugin_nntp extends auth_plugin_base { * Returns true if the username and password work and false if they are * wrong or don't exist. * - * @param string $username The username (with system magic quotes) - * @param string $password The password (with system magic quotes) + * @param string $username The username + * @param string $password The password * @return bool Authentication success or failure. */ function user_login ($username, $password) { @@ -53,7 +53,7 @@ class auth_plugin_nntp extends auth_plugin_base { $host = '{' . trim($host) . ':' . $this->config->port . '/nntp}'; error_reporting(0); - $connection = imap_open($host, stripslashes($username), stripslashes($password), OP_HALFOPEN); + $connection = imap_open($host, $username, $password, OP_HALFOPEN); error_reporting($CFG->debug); if ($connection) { diff --git a/auth/none/auth.php b/auth/none/auth.php index 9b2da1e04b..8914bba3d8 100644 --- a/auth/none/auth.php +++ b/auth/none/auth.php @@ -40,8 +40,8 @@ class auth_plugin_none extends auth_plugin_base { * @return bool Authentication success or failure. */ function user_login ($username, $password) { - global $CFG; - if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) { + global $CFG, $DB; + if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id))) { return validate_internal_user_password($user, $password); } return true; diff --git a/auth/pam/auth.php b/auth/pam/auth.php index 94a179eb29..428479a340 100644 --- a/auth/pam/auth.php +++ b/auth/pam/auth.php @@ -55,8 +55,8 @@ class auth_plugin_pam extends auth_plugin_base { * Returns true if the username and password work and false if they are * wrong or don't exist. * - * @param string $username The username (with system magic quotes) - * @param string $password The password (with system magic quotes) + * @param string $username The username + * @param string $password The password * @return bool Authentication success or failure. */ function user_login ($username, $password) { @@ -68,7 +68,7 @@ class auth_plugin_pam extends auth_plugin_base { // call_time_pass_reference of errormessage is deprecated - throws warnings in multiauth //if (pam_auth($username, $password, &$errormessage)) { - if (pam_auth(stripslashes($username), stripslashes($password))) { + if (pam_auth($username, $password)) { return true; } else { diff --git a/auth/pop3/auth.php b/auth/pop3/auth.php index 888b0d6296..a4a66976af 100644 --- a/auth/pop3/auth.php +++ b/auth/pop3/auth.php @@ -35,8 +35,8 @@ class auth_plugin_pop3 extends auth_plugin_base { * Returns true if the username and password work and false if they are * wrong or don't exist. * - * @param string $username The username (with system magic quotes) - * @param string $password The password (with system magic quotes) + * @param string $username The username + * @param string $password The password * @return bool Authentication success or failure. */ function user_login($username, $password) { @@ -70,7 +70,7 @@ class auth_plugin_pop3 extends auth_plugin_base { } error_reporting(0); - $connection = imap_open($host, stripslashes($username), stripslashes($password)); + $connection = imap_open($host, $username, $password); error_reporting($CFG->debug); if ($connection) { diff --git a/auth/radius/auth.php b/auth/radius/auth.php index e01fe2c3d1..4e2dd44edb 100644 --- a/auth/radius/auth.php +++ b/auth/radius/auth.php @@ -36,8 +36,8 @@ class auth_plugin_radius extends auth_plugin_base { * Returns true if the username and password work and false if they are * wrong or don't exist. * - * @param string $username The username (with system magic quotes) - * @param string $password The password (with system magic quotes) + * @param string $username The username + * @param string $password The password * @return bool Authentication success or failure. */ function user_login ($username, $password) { @@ -50,7 +50,7 @@ class auth_plugin_radius extends auth_plugin_base { // printf("nasport: $this->config->nasport
"); // printf("secret: $this->config->secret
"); - $rauth = new Auth_RADIUS_PAP(stripslashes($username), stripslashes($password)); + $rauth = new Auth_RADIUS_PAP($username, $password); $rauth->addServer($this->config->host, $this->config->nasport, $this->config->secret); if (!$rauth->start()) { diff --git a/auth/shibboleth/auth.php b/auth/shibboleth/auth.php index 22d850b4ca..8ed938150f 100644 --- a/auth/shibboleth/auth.php +++ b/auth/shibboleth/auth.php @@ -46,8 +46,8 @@ class auth_plugin_shibboleth extends auth_plugin_base { * Returns true if the username and password work and false if they are * wrong or don't exist. * - * @param string $username The username (with system magic quotes) - * @param string $password The password (with system magic quotes) + * @param string $username The username + * @param string $password The password * @return bool Authentication success or failure. */ function user_login($username, $password) { diff --git a/lib/authlib.php b/lib/authlib.php index 01a414a40d..5521dbe5ef 100644 --- a/lib/authlib.php +++ b/lib/authlib.php @@ -260,7 +260,7 @@ class auth_plugin_base { * Function should return all information available. If you are saving * this information to moodle user-table you should honor syncronization flags * - * @param string $username username (with system magic quotes) + * @param string $username username * * @return mixed array with no magic quotes or false on error */ diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 60a4cf9741..4587df3394 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -2889,10 +2889,11 @@ function update_user_record($username, $authplugin) { return get_complete_user_data('username', $username); } +/** + * will truncate userinfo as it comes from auth_get_userinfo (from external auth) + * which may have large fields + */ function truncate_userinfo($info) { -/// will truncate userinfo as it comes from auth_get_userinfo (from external auth) -/// which may have large fields - // define the limits $limit = array( 'username' => 100, diff --git a/login/change_password_form.php b/login/change_password_form.php index 7b34e56b5e..7e11f19756 100644 --- a/login/change_password_form.php +++ b/login/change_password_form.php @@ -47,7 +47,7 @@ class login_change_password_form extends moodleform { update_login_count(); // ignore submitted username - if (!$user = authenticate_user_login($USER->username, $data['password'])) { + if (!$user = authenticate_user_login($USER->username, stripslashes($data['password']))) { // TODO: remove soon $errors['password'] = get_string('invalidlogin'); return $errors; } diff --git a/login/index.php b/login/index.php index 062df4d979..ca701c285f 100644 --- a/login/index.php +++ b/login/index.php @@ -90,11 +90,11 @@ httpsrequired(); if ($user) { $frm->username = $user->username; } else { - $frm = data_submitted(); + $frm = data_submitted(false); } } else { - $frm = data_submitted(); + $frm = data_submitted(false); } /// Check if the user has actually submitted login data to us diff --git a/login/index_form.html b/login/index_form.html index bfed5054f7..012075adf0 100644 --- a/login/index_form.html +++ b/login/index_form.html @@ -30,7 +30,7 @@ if ($show_instructions) {
- +