mirror of
https://github.com/moodle/moodle.git
synced 2025-08-05 00:46:50 +02:00
MDL-23927 do not use = 'guest' because we have CFG->siteguest AND it matches any other username with accents and different case in MySQL
This commit is contained in:
Petr Skoda
parent
629e12fd81
commit
b3df176457
10 changed files with 29 additions and 26 deletions
|
|
@ -2915,7 +2915,7 @@ function is_enrolled($context, $user = NULL, $withcapability = '', $onlyactive =
|
|||
* @return array list($sql, $params)
|
||||
*/
|
||||
function get_enrolled_sql($context, $withcapability = '', $groupid = 0, $onlyactive = false) {
|
||||
global $DB;
|
||||
global $DB, $CFG;
|
||||
|
||||
// use unique prefix just in case somebody makes some SQL magic with the result
|
||||
static $i = 0;
|
||||
|
|
@ -3034,7 +3034,8 @@ function get_enrolled_sql($context, $withcapability = '', $groupid = 0, $onlyact
|
|||
|
||||
}
|
||||
|
||||
$wheres[] = "{$prefix}u.deleted = 0 AND {$prefix}u.username <> 'guest'";
|
||||
$wheres[] = "{$prefix}u.deleted = 0 AND {$prefix}u.id <> :{$prefix}guestid";
|
||||
$params["{$prefix}guestid"] = $CFG->siteguest;
|
||||
|
||||
if ($isfrontpage) {
|
||||
// all users are "enrolled" on the frontpage
|
||||
|
|
@ -4832,8 +4833,9 @@ function get_users_by_capability($context, $capability, $fields='', $sort='', $l
|
|||
}
|
||||
}
|
||||
|
||||
/// We never return deleted users or guest acount.
|
||||
$wherecond[] = "u.deleted = 0 AND u.username <> 'guest'";
|
||||
/// We never return deleted users or guest account.
|
||||
$wherecond[] = "u.deleted = 0 AND u.id <> :guestid";
|
||||
$params['guestid'] = $CFG->siteguest;
|
||||
|
||||
/// Groups
|
||||
if ($groups) {
|
||||
|
|
|
|||
|
|
@ -184,7 +184,7 @@ function search_users($courseid, $groupid, $searchtext, $sort='', array $excepti
|
|||
*/
|
||||
function get_users($get=true, $search='', $confirmed=false, array $exceptions=null, $sort='firstname ASC',
|
||||
$firstinitial='', $lastinitial='', $page='', $recordsperpage='', $fields='*', $extraselect='', array $extraparams=null) {
|
||||
global $DB;
|
||||
global $DB, $CFG;
|
||||
|
||||
if ($get && !$recordsperpage) {
|
||||
debugging('Call to get_users with $get = true no $recordsperpage limit. ' .
|
||||
|
|
@ -196,8 +196,8 @@ function get_users($get=true, $search='', $confirmed=false, array $exceptions=nu
|
|||
$LIKE = $DB->sql_ilike();
|
||||
$fullname = $DB->sql_fullname();
|
||||
|
||||
$select = " username <> :guest AND deleted = 0";
|
||||
$params = array('guest'=>'guest');
|
||||
$select = " id <> :guestid AND deleted = 0";
|
||||
$params = array('guestid'=>$CFG->siteguest);
|
||||
|
||||
if (!empty($search)){
|
||||
$search = trim($search);
|
||||
|
|
@ -306,10 +306,10 @@ function get_users_listing($sort='lastaccess', $dir='ASC', $page=0, $recordsperp
|
|||
* @return array of unconfirmed users
|
||||
*/
|
||||
function get_users_confirmed() {
|
||||
global $DB;
|
||||
global $DB, $CFG;
|
||||
return $DB->get_records_sql("SELECT *
|
||||
FROM {user}
|
||||
WHERE confirmed = 1 AND deleted = 0 AND username <> ?", array('guest'));
|
||||
WHERE confirmed = 1 AND deleted = 0 AND id <> ?", array($CFG->siteguest));
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -418,7 +418,7 @@ class core_renderer extends renderer_base {
|
|||
if (is_mnet_remote_user($USER) and $idprovider = $DB->get_record('mnet_host', array('id'=>$USER->mnethostid))) {
|
||||
$username .= " from <a href=\"{$idprovider->wwwroot}\">{$idprovider->name}</a>";
|
||||
}
|
||||
if (isset($USER->username) && $USER->username == 'guest') {
|
||||
if (isguestuser()) {
|
||||
$loggedinas = $realuserinfo.get_string('loggedinasguest').
|
||||
" (<a href=\"$loginurl\">".get_string('login').'</a>)';
|
||||
} else if (!empty($USER->access['rsw'][$context->path])) {
|
||||
|
|
@ -442,7 +442,7 @@ class core_renderer extends renderer_base {
|
|||
if (isset($SESSION->justloggedin)) {
|
||||
unset($SESSION->justloggedin);
|
||||
if (!empty($CFG->displayloginfailures)) {
|
||||
if (!empty($USER->username) and $USER->username != 'guest') {
|
||||
if (!isguestuser()) {
|
||||
if ($count = count_login_failures($CFG->displayloginfailures, $USER->username, $USER->lastlogin)) {
|
||||
$loggedinas .= ' <div class="loginfailures">';
|
||||
if (empty($count->accounts)) {
|
||||
|
|
|
|||
|
|
@ -471,7 +471,7 @@ class database_session extends session_stub {
|
|||
$ignoretimeout = false;
|
||||
if (!empty($record->userid)) { // skips not logged in
|
||||
if ($user = $this->database->get_record('user', array('id'=>$record->userid))) {
|
||||
if ($user->username !== 'guest') {
|
||||
if (!isguestuser($user)) {
|
||||
$authsequence = get_enabled_auth_plugins(); // auths, in sequence
|
||||
foreach($authsequence as $authname) {
|
||||
$authplugin = get_auth_plugin($authname);
|
||||
|
|
@ -727,8 +727,8 @@ function session_gc() {
|
|||
$sql = "SELECT u.*, s.sid, s.timecreated AS s_timecreated, s.timemodified AS s_timemodified
|
||||
FROM {user} u
|
||||
JOIN {sessions} s ON s.userid = u.id
|
||||
WHERE s.timemodified + ? < ? AND u.username <> 'guest'";
|
||||
$params = array($maxlifetime, time());
|
||||
WHERE s.timemodified + ? < ? AND u.id <> ?";
|
||||
$params = array($maxlifetime, time(), $CFG->siteguest);
|
||||
|
||||
$authplugins = array();
|
||||
foreach($auth_sequence as $authname) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue