moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-03 08:09:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-23927 do not use = 'guest' because we have CFG->siteguest AND it matches any other username with accents and different case in MySQL

Browse source
This commit is contained in:
Petr Skoda 2010-08-25 08:56:07 +00:00
parent 629e12fd81
commit b3df176457
10 changed files with 29 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

2
enrol/authorize/enrol.php
View file

@ -67,7 +67,7 @@ class enrolment_plugin_authorize
echo $OUTPUT->heading(get_string('choosemethod', 'enrol_authorize'));
}
if ($USER->username == 'guest') { // only real guest user, not for users with guest role
if (isguestuser()) { // only real guest user, not for users with guest role
$curcost = get_course_cost($course);
echo '<div class="mdl-align">';
echo '<p>'.get_string('paymentrequired').'</p>';

12
enrol/locallib.php
View file

@ -257,11 +257,11 @@ class course_enrolment_manager {
* @return array Array(totalusers => int, users => array)
*/
public function get_potential_users($enrolid, $search='', $searchanywhere=false, $page=0, $perpage=25) {
global $DB;
global $DB, $CFG;
// Add some additional sensible conditions
$tests = array("u.username <> 'guest'", 'u.deleted = 0', 'u.confirmed = 1');
$params = array();
$tests = array("id <> :guestid", 'u.deleted = 0', 'u.confirmed = 1');
$params = array('guestid' => $CFG->siteguest);
if (!empty($search)) {
$conditions = array('u.firstname','u.lastname');
$ilike = ' ' . $DB->sql_ilike();
@ -307,11 +307,11 @@ class course_enrolment_manager {
* @return array
*/
public function search_other_users($search='', $searchanywhere=false, $page=0, $perpage=25) {
global $DB;
global $DB, $CFG;
// Add some additional sensible conditions
$tests = array("u.username <> 'guest'", 'u.deleted = 0', 'u.confirmed = 1');
$params = array();
$tests = array("u.id <> :guestid", 'u.deleted = 0', 'u.confirmed = 1');
$params = array('guestid'=>$CFG->siteguest);
if (!empty($search)) {
$conditions = array('u.firstname','u.lastname');
$ilike = ' ' . $DB->sql_ilike();

5
enrol/mnet/enrol.php
View file

@ -310,7 +310,7 @@ class enrol_mnet_mnetservice_enrol {
* @return array
*/
public function course_enrolments($courseid, $roles=null) {
global $DB;
global $DB, $CFG;
if (!$client = get_mnet_remote_client()) {
die('Callable via XML-RPC only');
@ -323,11 +323,12 @@ class enrol_mnet_mnetservice_enrol {
JOIN {role} r ON e.roleid = r.id
WHERE u.mnethostid = :mnethostid
AND e.courseid = :courseid
AND u.username != 'guest'
AND u.id <> :guestid
AND u.confirmed = 1
AND u.deleted = 0";
$params['mnethostid'] = $client->id;
$params['courseid'] = $courseid;
$params['guestid'] = $CFG->siteguest;
if (!is_null($roles)) {
if (!is_array($roles)) {

2
enrol/paypal/lib.php
View file

@ -160,7 +160,7 @@ class enrol_paypal_plugin extends enrol_plugin {
echo '<p>'.get_string('nocost', 'enrol_paypal').'</p>';
} else {
if ($USER->username == 'guest') { // force login only for guest user, not real users with guest role
if (isguestuser()) { // force login only for guest user, not real users with guest role
if (empty($CFG->loginhttps)) {
$wwwroot = $CFG->wwwroot;
} else {

10
lib/accesslib.php
View file

@ -2915,7 +2915,7 @@ function is_enrolled($context, $user = NULL, $withcapability = '', $onlyactive =
* @return array list($sql, $params)
*/
function get_enrolled_sql($context, $withcapability = '', $groupid = 0, $onlyactive = false) {
global $DB;
global $DB, $CFG;
// use unique prefix just in case somebody makes some SQL magic with the result
static $i = 0;
@ -3034,7 +3034,8 @@ function get_enrolled_sql($context, $withcapability = '', $groupid = 0, $onlyact
}
$wheres[] = "{$prefix}u.deleted = 0 AND {$prefix}u.username <> 'guest'";
$wheres[] = "{$prefix}u.deleted = 0 AND {$prefix}u.id <> :{$prefix}guestid";
$params["{$prefix}guestid"] = $CFG->siteguest;
if ($isfrontpage) {
// all users are "enrolled" on the frontpage
@ -4832,8 +4833,9 @@ function get_users_by_capability($context, $capability, $fields='', $sort='', $l
}
}
/// We never return deleted users or guest acount.
$wherecond[] = "u.deleted = 0 AND u.username <> 'guest'";
/// We never return deleted users or guest account.
$wherecond[] = "u.deleted = 0 AND u.id <> :guestid";
$params['guestid'] = $CFG->siteguest;
/// Groups
if ($groups) {

10
lib/datalib.php
View file

@ -184,7 +184,7 @@ function search_users($courseid, $groupid, $searchtext, $sort='', array $excepti
*/
function get_users($get=true, $search='', $confirmed=false, array $exceptions=null, $sort='firstname ASC',
$firstinitial='', $lastinitial='', $page='', $recordsperpage='', $fields='*', $extraselect='', array $extraparams=null) {
global $DB;
global $DB, $CFG;
if ($get && !$recordsperpage) {
debugging('Call to get_users with $get = true no $recordsperpage limit. ' .
@ -196,8 +196,8 @@ function get_users($get=true, $search='', $confirmed=false, array $exceptions=nu
$LIKE = $DB->sql_ilike();
$fullname = $DB->sql_fullname();
$select = " username <> :guest AND deleted = 0";
$params = array('guest'=>'guest');
$select = " id <> :guestid AND deleted = 0";
$params = array('guestid'=>$CFG->siteguest);
if (!empty($search)){
$search = trim($search);
@ -306,10 +306,10 @@ function get_users_listing($sort='lastaccess', $dir='ASC', $page=0, $recordsperp
* @return array of unconfirmed users
*/
function get_users_confirmed() {
global $DB;
global $DB, $CFG;
return $DB->get_records_sql("SELECT *
FROM {user}
WHERE confirmed = 1 AND deleted = 0 AND username <> ?", array('guest'));
WHERE confirmed = 1 AND deleted = 0 AND id <> ?", array($CFG->siteguest));
}

4
lib/outputrenderers.php
View file

@ -418,7 +418,7 @@ class core_renderer extends renderer_base {
if (is_mnet_remote_user($USER) and $idprovider = $DB->get_record('mnet_host', array('id'=>$USER->mnethostid))) {
$username .= " from <a href=\"{$idprovider->wwwroot}\">{$idprovider->name}</a>";
}
if (isset($USER->username) && $USER->username == 'guest') {
if (isguestuser()) {
$loggedinas = $realuserinfo.get_string('loggedinasguest').
" (<a href=\"$loginurl\">".get_string('login').'</a>)';
} else if (!empty($USER->access['rsw'][$context->path])) {
@ -442,7 +442,7 @@ class core_renderer extends renderer_base {
if (isset($SESSION->justloggedin)) {
unset($SESSION->justloggedin);
if (!empty($CFG->displayloginfailures)) {
if (!empty($USER->username) and $USER->username != 'guest') {
if (!isguestuser()) {
if ($count = count_login_failures($CFG->displayloginfailures, $USER->username, $USER->lastlogin)) {
$loggedinas .= '&nbsp;<div class="loginfailures">';
if (empty($count->accounts)) {

6
lib/sessionlib.php
View file

@ -471,7 +471,7 @@ class database_session extends session_stub {
$ignoretimeout = false;
if (!empty($record->userid)) { // skips not logged in
if ($user = $this->database->get_record('user', array('id'=>$record->userid))) {
if ($user->username !== 'guest') {
if (!isguestuser($user)) {
$authsequence = get_enabled_auth_plugins(); // auths, in sequence
foreach($authsequence as $authname) {
$authplugin = get_auth_plugin($authname);
@ -727,8 +727,8 @@ function session_gc() {
$sql = "SELECT u.*, s.sid, s.timecreated AS s_timecreated, s.timemodified AS s_timemodified
FROM {user} u
JOIN {sessions} s ON s.userid = u.id
WHERE s.timemodified + ? < ? AND u.username <> 'guest'";
$params = array($maxlifetime, time());
WHERE s.timemodified + ? < ? AND u.id <> ?";
$params = array($maxlifetime, time(), $CFG->siteguest);
$authplugins = array();
foreach($auth_sequence as $authname) {

2
login/index.php
View file

@ -136,7 +136,7 @@ if (empty($CFG->usesid) and $testcookies and (get_moodle_cookie() == '')) { /
if ($user) {
// language setup
if ($user->username == 'guest') {
if (isguestuser($user)) {
// no predefined language for guests - use existing session or default site lang
unset($user->lang);

2
mnet/service/enrol/locallib.php
View file

@ -280,7 +280,7 @@ class mnetservice_enrol {
// see MDL-19219
return serialize(array('remote host running old version of mnet server - does not return username attribute'));
}
if ($remote['username'] == 'guest') {
if ($remote['username'] == 'guest') { // we can not use $CFG->siteguest here
// do not try nasty things you bastard!
continue;
}