moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-23927 do not use = 'guest' because we have CFG->siteguest AND it matches any other username with accents and different case in MySQL

Browse source
This commit is contained in:
Petr Skoda 2010-08-25 08:56:07 +00:00
parent 629e12fd81
commit b3df176457
10 changed files with 29 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

2
enrol/authorize/enrol.php
View file

@ -67,7 +67,7 @@ class enrolment_plugin_authorize
echo $OUTPUT->heading(get_string('choosemethod', 'enrol_authorize')); echo $OUTPUT->heading(get_string('choosemethod', 'enrol_authorize'));
} }
if ($USER->username == 'guest') { // only real guest user, not for users with guest role if (isguestuser()) { // only real guest user, not for users with guest role
$curcost = get_course_cost($course); $curcost = get_course_cost($course);
echo '<div class="mdl-align">'; echo '<div class="mdl-align">';
echo '<p>'.get_string('paymentrequired').'</p>'; echo '<p>'.get_string('paymentrequired').'</p>';

12
enrol/locallib.php
View file

@ -257,11 +257,11 @@ class course_enrolment_manager {
* @return array Array(totalusers => int, users => array) * @return array Array(totalusers => int, users => array)
*/ */
public function get_potential_users($enrolid, $search='', $searchanywhere=false, $page=0, $perpage=25) { public function get_potential_users($enrolid, $search='', $searchanywhere=false, $page=0, $perpage=25) {
global $DB; global $DB, $CFG;
// Add some additional sensible conditions // Add some additional sensible conditions
$tests = array("u.username <> 'guest'", 'u.deleted = 0', 'u.confirmed = 1'); $tests = array("id <> :guestid", 'u.deleted = 0', 'u.confirmed = 1');
$params = array(); $params = array('guestid' => $CFG->siteguest);
if (!empty($search)) { if (!empty($search)) {
$conditions = array('u.firstname','u.lastname'); $conditions = array('u.firstname','u.lastname');
$ilike = ' ' . $DB->sql_ilike(); $ilike = ' ' . $DB->sql_ilike();
@ -307,11 +307,11 @@ class course_enrolment_manager {
* @return array * @return array
*/ */
public function search_other_users($search='', $searchanywhere=false, $page=0, $perpage=25) { public function search_other_users($search='', $searchanywhere=false, $page=0, $perpage=25) {
global $DB; global $DB, $CFG;
// Add some additional sensible conditions // Add some additional sensible conditions
$tests = array("u.username <> 'guest'", 'u.deleted = 0', 'u.confirmed = 1'); $tests = array("u.id <> :guestid", 'u.deleted = 0', 'u.confirmed = 1');
$params = array(); $params = array('guestid'=>$CFG->siteguest);
if (!empty($search)) { if (!empty($search)) {
$conditions = array('u.firstname','u.lastname'); $conditions = array('u.firstname','u.lastname');
$ilike = ' ' . $DB->sql_ilike(); $ilike = ' ' . $DB->sql_ilike();

5
enrol/mnet/enrol.php
View file

@ -310,7 +310,7 @@ class enrol_mnet_mnetservice_enrol {
* @return array * @return array
*/ */
public function course_enrolments($courseid, $roles=null) { public function course_enrolments($courseid, $roles=null) {
global $DB; global $DB, $CFG;
if (!$client = get_mnet_remote_client()) { if (!$client = get_mnet_remote_client()) {
die('Callable via XML-RPC only'); die('Callable via XML-RPC only');
@ -323,11 +323,12 @@ class enrol_mnet_mnetservice_enrol {
JOIN {role} r ON e.roleid = r.id JOIN {role} r ON e.roleid = r.id
WHERE u.mnethostid = :mnethostid WHERE u.mnethostid = :mnethostid
AND e.courseid = :courseid AND e.courseid = :courseid
AND u.username != 'guest' AND u.id <> :guestid
AND u.confirmed = 1 AND u.confirmed = 1
AND u.deleted = 0"; AND u.deleted = 0";
$params['mnethostid'] = $client->id; $params['mnethostid'] = $client->id;
$params['courseid'] = $courseid; $params['courseid'] = $courseid;
$params['guestid'] = $CFG->siteguest;
if (!is_null($roles)) { if (!is_null($roles)) {
if (!is_array($roles)) { if (!is_array($roles)) {

2
enrol/paypal/lib.php
View file

@ -160,7 +160,7 @@ class enrol_paypal_plugin extends enrol_plugin {
echo '<p>'.get_string('nocost', 'enrol_paypal').'</p>'; echo '<p>'.get_string('nocost', 'enrol_paypal').'</p>';
} else { } else {
if ($USER->username == 'guest') { // force login only for guest user, not real users with guest role if (isguestuser()) { // force login only for guest user, not real users with guest role
if (empty($CFG->loginhttps)) { if (empty($CFG->loginhttps)) {
$wwwroot = $CFG->wwwroot; $wwwroot = $CFG->wwwroot;
} else { } else {

10
lib/accesslib.php
View file

@ -2915,7 +2915,7 @@ function is_enrolled($context, $user = NULL, $withcapability = '', $onlyactive =
* @return array list($sql, $params) * @return array list($sql, $params)
*/ */
function get_enrolled_sql($context, $withcapability = '', $groupid = 0, $onlyactive = false) { function get_enrolled_sql($context, $withcapability = '', $groupid = 0, $onlyactive = false) {
global $DB; global $DB, $CFG;
// use unique prefix just in case somebody makes some SQL magic with the result // use unique prefix just in case somebody makes some SQL magic with the result
static $i = 0; static $i = 0;
@ -3034,7 +3034,8 @@ function get_enrolled_sql($context, $withcapability = '', $groupid = 0, $onlyact
} }
$wheres[] = "{$prefix}u.deleted = 0 AND {$prefix}u.username <> 'guest'"; $wheres[] = "{$prefix}u.deleted = 0 AND {$prefix}u.id <> :{$prefix}guestid";
$params["{$prefix}guestid"] = $CFG->siteguest;
if ($isfrontpage) { if ($isfrontpage) {
// all users are "enrolled" on the frontpage // all users are "enrolled" on the frontpage
@ -4832,8 +4833,9 @@ function get_users_by_capability($context, $capability, $fields='', $sort='', $l
} }
} }
/// We never return deleted users or guest acount. /// We never return deleted users or guest account.
$wherecond[] = "u.deleted = 0 AND u.username <> 'guest'"; $wherecond[] = "u.deleted = 0 AND u.id <> :guestid";
$params['guestid'] = $CFG->siteguest;
/// Groups /// Groups
if ($groups) { if ($groups) {

10
lib/datalib.php
View file

@ -184,7 +184,7 @@ function search_users($courseid, $groupid, $searchtext, $sort='', array $excepti
*/ */
function get_users($get=true, $search='', $confirmed=false, array $exceptions=null, $sort='firstname ASC', function get_users($get=true, $search='', $confirmed=false, array $exceptions=null, $sort='firstname ASC',
$firstinitial='', $lastinitial='', $page='', $recordsperpage='', $fields='*', $extraselect='', array $extraparams=null) { $firstinitial='', $lastinitial='', $page='', $recordsperpage='', $fields='*', $extraselect='', array $extraparams=null) {
global $DB; global $DB, $CFG;
if ($get && !$recordsperpage) { if ($get && !$recordsperpage) {
debugging('Call to get_users with $get = true no $recordsperpage limit. ' . debugging('Call to get_users with $get = true no $recordsperpage limit. ' .
@ -196,8 +196,8 @@ function get_users($get=true, $search='', $confirmed=false, array $exceptions=nu
$LIKE = $DB->sql_ilike(); $LIKE = $DB->sql_ilike();
$fullname = $DB->sql_fullname(); $fullname = $DB->sql_fullname();
$select = " username <> :guest AND deleted = 0"; $select = " id <> :guestid AND deleted = 0";
$params = array('guest'=>'guest'); $params = array('guestid'=>$CFG->siteguest);
if (!empty($search)){ if (!empty($search)){
$search = trim($search); $search = trim($search);
@ -306,10 +306,10 @@ function get_users_listing($sort='lastaccess', $dir='ASC', $page=0, $recordsperp
* @return array of unconfirmed users * @return array of unconfirmed users
*/ */
function get_users_confirmed() { function get_users_confirmed() {
global $DB; global $DB, $CFG;
return $DB->get_records_sql("SELECT * return $DB->get_records_sql("SELECT *
FROM {user} FROM {user}
WHERE confirmed = 1 AND deleted = 0 AND username <> ?", array('guest')); WHERE confirmed = 1 AND deleted = 0 AND id <> ?", array($CFG->siteguest));
} }

4
lib/outputrenderers.php
View file

@ -418,7 +418,7 @@ class core_renderer extends renderer_base {
if (is_mnet_remote_user($USER) and $idprovider = $DB->get_record('mnet_host', array('id'=>$USER->mnethostid))) { if (is_mnet_remote_user($USER) and $idprovider = $DB->get_record('mnet_host', array('id'=>$USER->mnethostid))) {
$username .= " from <a href=\"{$idprovider->wwwroot}\">{$idprovider->name}</a>"; $username .= " from <a href=\"{$idprovider->wwwroot}\">{$idprovider->name}</a>";
} }
if (isset($USER->username) && $USER->username == 'guest') { if (isguestuser()) {
$loggedinas = $realuserinfo.get_string('loggedinasguest'). $loggedinas = $realuserinfo.get_string('loggedinasguest').
" (<a href=\"$loginurl\">".get_string('login').'</a>)'; " (<a href=\"$loginurl\">".get_string('login').'</a>)';
} else if (!empty($USER->access['rsw'][$context->path])) { } else if (!empty($USER->access['rsw'][$context->path])) {
@ -442,7 +442,7 @@ class core_renderer extends renderer_base {
if (isset($SESSION->justloggedin)) { if (isset($SESSION->justloggedin)) {
unset($SESSION->justloggedin); unset($SESSION->justloggedin);
if (!empty($CFG->displayloginfailures)) { if (!empty($CFG->displayloginfailures)) {
if (!empty($USER->username) and $USER->username != 'guest') { if (!isguestuser()) {
if ($count = count_login_failures($CFG->displayloginfailures, $USER->username, $USER->lastlogin)) { if ($count = count_login_failures($CFG->displayloginfailures, $USER->username, $USER->lastlogin)) {
$loggedinas .= '&nbsp;<div class="loginfailures">'; $loggedinas .= '&nbsp;<div class="loginfailures">';
if (empty($count->accounts)) { if (empty($count->accounts)) {

6
lib/sessionlib.php
View file

@ -471,7 +471,7 @@ class database_session extends session_stub {
$ignoretimeout = false; $ignoretimeout = false;
if (!empty($record->userid)) { // skips not logged in if (!empty($record->userid)) { // skips not logged in
if ($user = $this->database->get_record('user', array('id'=>$record->userid))) { if ($user = $this->database->get_record('user', array('id'=>$record->userid))) {
if ($user->username !== 'guest') { if (!isguestuser($user)) {
$authsequence = get_enabled_auth_plugins(); // auths, in sequence $authsequence = get_enabled_auth_plugins(); // auths, in sequence
foreach($authsequence as $authname) { foreach($authsequence as $authname) {
$authplugin = get_auth_plugin($authname); $authplugin = get_auth_plugin($authname);
@ -727,8 +727,8 @@ function session_gc() {
$sql = "SELECT u.*, s.sid, s.timecreated AS s_timecreated, s.timemodified AS s_timemodified $sql = "SELECT u.*, s.sid, s.timecreated AS s_timecreated, s.timemodified AS s_timemodified
FROM {user} u FROM {user} u
JOIN {sessions} s ON s.userid = u.id JOIN {sessions} s ON s.userid = u.id
WHERE s.timemodified + ? < ? AND u.username <> 'guest'"; WHERE s.timemodified + ? < ? AND u.id <> ?";
$params = array($maxlifetime, time()); $params = array($maxlifetime, time(), $CFG->siteguest);
$authplugins = array(); $authplugins = array();
foreach($auth_sequence as $authname) { foreach($auth_sequence as $authname) {

2
login/index.php
View file

@ -136,7 +136,7 @@ if (empty($CFG->usesid) and $testcookies and (get_moodle_cookie() == '')) { /
if ($user) { if ($user) {
// language setup // language setup
if ($user->username == 'guest') { if (isguestuser($user)) {
// no predefined language for guests - use existing session or default site lang // no predefined language for guests - use existing session or default site lang
unset($user->lang); unset($user->lang);

2
mnet/service/enrol/locallib.php
View file

@ -280,7 +280,7 @@ class mnetservice_enrol {
// see MDL-19219 // see MDL-19219
return serialize(array('remote host running old version of mnet server - does not return username attribute')); return serialize(array('remote host running old version of mnet server - does not return username attribute'));
} }
if ($remote['username'] == 'guest') { if ($remote['username'] == 'guest') { // we can not use $CFG->siteguest here
// do not try nasty things you bastard! // do not try nasty things you bastard!
continue; continue;
} }