diff options
| author | Gerrit Uitslag <klapinklapin@gmail.com> | 2014-09-28 13:46:04 +0200 |
|---|---|---|
| committer | Gerrit Uitslag <klapinklapin@gmail.com> | 2014-09-28 13:46:04 +0200 |
| commit | b79379f2e598abaa2febb299cdfcebe0a95d034c (patch) | |
| tree | 7098c3a758f606394f4b38d679b5198f8973cffe /inc/auth.php | |
| parent | 73411587cb6d2c54aefebe90c87799c4aa1d31ec (diff) | |
| parent | da9572711f54d13ce3c5506971154b0bc359723f (diff) | |
| download | rpg-b79379f2e598abaa2febb299cdfcebe0a95d034c.tar.gz rpg-b79379f2e598abaa2febb299cdfcebe0a95d034c.tar.bz2 | |
Merge remote-tracking branch 'origin/master' into overridablelangstrings
Conflicts:
inc/plugin.php
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/inc/auth.php b/inc/auth.php index 2bdc3eb00..e938830ef 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -95,9 +95,10 @@ function auth_setup() { $INPUT->set('http_credentials', true); } - // apply cleaning + // apply cleaning (auth specific user names, remove control chars) if (true === $auth->success) { - $INPUT->set('u', $auth->cleanUser($INPUT->str('u'))); + $INPUT->set('u', $auth->cleanUser(stripctl($INPUT->str('u')))); + $INPUT->set('p', stripctl($INPUT->str('p'))); } if($INPUT->str('authtok')) { @@ -228,7 +229,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { if(!empty($user)) { //usual login - if($auth->checkPass($user, $pass)) { + if(!empty($pass) && $auth->checkPass($user, $pass)) { // make logininfo globally available $INPUT->server->set('REMOTE_USER', $user); $secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session @@ -638,6 +639,7 @@ function auth_isMember($memberlist, $user, array $groups) { // compare cleaned values foreach($members as $member) { + if($member == '@ALL' ) return true; if(!$auth->isCaseSensitive()) $member = utf8_strtolower($member); if($member[0] == '@') { $member = $auth->cleanGroup(substr($member, 1)); @@ -922,7 +924,7 @@ function auth_sendPassword($user, $password) { if(!$auth) return false; $user = $auth->cleanUser($user); - $userinfo = $auth->getUserData($user); + $userinfo = $auth->getUserData($user, $requireGroups = false); if(!$userinfo['mail']) return false; @@ -1080,7 +1082,7 @@ function updateprofile() { } } - if($result = $auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), $changes))) { + if($result = $auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), &$changes))) { // update cookie and session with the changed data if($changes['pass']) { list( /*user*/, $sticky, /*pass*/) = auth_getCookie(); @@ -1184,7 +1186,7 @@ function act_resendpwd() { } $user = io_readfile($tfile); - $userinfo = $auth->getUserData($user); + $userinfo = $auth->getUserData($user, $requireGroups = false); if(!$userinfo['mail']) { msg($lang['resendpwdnouser'], -1); return false; @@ -1236,7 +1238,7 @@ function act_resendpwd() { $user = trim($auth->cleanUser($INPUT->post->str('login'))); } - $userinfo = $auth->getUserData($user); + $userinfo = $auth->getUserData($user, $requireGroups = false); if(!$userinfo['mail']) { msg($lang['resendpwdnouser'], -1); return false; |