moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 17:06:53 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-34101 do not try to authenticate non-existent users when user creation is prevented

Browse source
This commit is contained in:
Petr Škoda 2012-06-30 13:06:13 +02:00
parent 13951f0ce7
commit 8956a329a6
1 changed files with 9 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
lib/moodlelib.php
View file

@ -4043,6 +4043,13 @@ function authenticate_user_login($username, $password) {
return false;
}
// Do not try to authenticate non-existent accounts when user creation is not disabled.
if (!empty($CFG->authpreventaccountcreation)) {
add_to_log(SITEID, 'login', 'error', 'index.php', $username);
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Unknown user, can not create new accounts: $username ".$_SERVER['HTTP_USER_AGENT']);
return false;
}
// User does not exist
$auths = $authsenabled;
$user = new stdClass();
@ -4074,12 +4081,8 @@ function authenticate_user_login($username, $password) {
$user = update_user_record($username);
}
} else {
// if user not found and user creation is not disabled, create it
if (empty($CFG->authpreventaccountcreation)) {
// Create account, we verified above that user creation is allowed.
$user = create_user_record($username, $password, $auth);
} else {
continue;
}
}
$authplugin->sync_roles($user);