diff -r f13bb4f21890 -r 4415e50e4e84 plugins/SpecialUserFuncs.php --- a/plugins/SpecialUserFuncs.php Thu Feb 26 01:06:58 2009 -0500 +++ b/plugins/SpecialUserFuncs.php Thu Feb 26 01:07:32 2009 -0500 @@ -264,6 +264,9 @@ $errstring = $lang->get('user_err_locked_out', array('plural' => $s, 'captcha_blurb' => $captcha_string, 'time_rem' => $time_rem)); break; + default: + $errstring = $lang->get($errstring); + break; } echo '
'.$errstring.'
'; } @@ -343,6 +346,11 @@ } ?> setHook('login_form_html'); + foreach ( $code as $cmd ) + { + eval($cmd); + } if ( $level <= USER_LEVEL_MEMBER ) { // "remember me" switch @@ -504,7 +512,53 @@ return false; } - $result = $session->login_without_crypto($_POST['username'], $password, false, intval($_POST['auth_level']), $captcha_hash, $captcha_code, isset($_POST['remember'])); + // These are to allow auth plugins to work universally between JSON and HTML login forms + $userinfo =& $_POST; + $req = array( + 'level' => intval($_POST['auth_level']), + 'remember' => isset($_POST['remember']) + ); + + // At this point if any extra fields were injected into the login form, we need to let plugins process it + + /** + * Called upon processing an incoming login request from the plain HTML login form.. If you added anything to the form, + * that will be in the $userinfo array here and on $_POST. Expected return values are: true if your plugin has + * not only succeeded but ALSO issued a session key (bypass the whole Enano builtin login process) and an associative array + * with "mode" set to "error" and an error string in "error" to send an error back to the client. Any return value other + * than these will be ignored. + * @hook login_process_userdata_json + */ + + $skip_normal_login = false; + + $code = $plugins->setHook('login_process_userdata_json'); + foreach ( $code as $cmd ) + { + $result = eval($cmd); + if ( $result === true ) + { + $skip_normal_login = true; + $result = array('success' => true); + break; + } + else if ( is_array($result) ) + { + if ( isset($result['mode']) && $result['mode'] === 'error' && isset($result['error']) ) + { + $__login_status = array( + 'mode' => 'error', + 'error' => $result['error'] + ); + return false; + } + } + } + + if ( !$skip_normal_login ) + { + $result = $session->login_without_crypto($_POST['username'], $password, false, intval($_POST['auth_level']), $captcha_hash, $captcha_code, isset($_POST['remember'])); + } if($result['success']) {