From f1bb509dfc1d8cc7c10dd72386ebdf8b400394a4 Mon Sep 17 00:00:00 2001 From: Chad Horohoe Date: Mon, 1 Feb 2010 14:51:46 +0000 Subject: [PATCH] Cleanup r61694, move blocked check to after password check, global auth checks, etc. Prevents hunting for blocked users --- includes/specials/SpecialUserlogin.php | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index f43b2962be..671070b7d7 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -417,12 +417,6 @@ class LoginForm { return self::THROTTLED; } } - // If we've enabled it, make it so that a blocked user cannot login - global $wgBlockDisablesLogin; - $u = User::newFromName( $this->mName ); - if( $wgBlockDisablesLogin && !is_null( $u ) && $u->isBlocked() ) { - return self::USER_BLOCKED; - } // Load $wgUser now, and check to see if we're logging in as the same // name. This is necessary because loading $wgUser (say by calling @@ -439,6 +433,7 @@ class LoginForm { # TODO: Allow some magic here for invalid external names, e.g., let the # user choose a different wiki name. + $u = User::newFromName( $this->mName ); if( is_null( $u ) || !User::isUsableName( $u->getName() ) ) { return self::ILLEGAL; } @@ -470,6 +465,7 @@ class LoginForm { return $abort; } + global $wgBlockDisablesLogin; if (!$u->checkPassword( $this->mPassword )) { if( $u->checkTemporaryPassword( $this->mPassword ) ) { // The e-mailed temporary password should not be used for actu- @@ -500,6 +496,9 @@ class LoginForm { } else { $retval = ($this->mPassword == '') ? self::EMPTY_PASS : self::WRONG_PASS; } + } elseif ( $wgBlockDisablesLogin && $u->isBlocked() ) { + // If we've enabled it, make it so that a blocked user cannot login + $retval = self::USER_BLOCKED; } else { $wgAuth->updateUser( $u ); $wgUser = $u; -- 2.20.1