Skip to:

Opened 6 years ago

Closed 6 years ago

#4245 closed defect (bug) (fixed)

Improve authentication routine

Reported by: r-a-y Owned by:
Milestone: 1.6 Priority: normal
Severity: normal Version: 1.5
Component: Members Keywords: has-patch


In bp_core_signup_disable_inactive() and bp_core_boot_spammer(), checks are done against the $username parameter.

This isn't necessary; we should just use the passed $auth_obj and do checks against that as some plugins might already take advantage of the 'authenticate' filter and the $auth_obj variable (like the WP Email Login plugin).

(This ticket was created because of an issue with BuddyPress and the WP Email Login plugin.)

In the attached patch, I have renamed $auth_obj to $user, changed the authentication logic and cleaned up the PHPDoc for these two functions.

Let me know if you guys have any Qs!

Attachments (1)

4245.01.patch (4.2 KB) - added by r-a-y 6 years ago.

Download all attachments as: .zip

Change History (3)

6 years ago

#1 @boonebgorges
6 years ago

  • Milestone changed from Awaiting Review to 1.6

Good call, r-a-y - this looks right. I'm going to do some more testing in the next day or two, but it looks like it should be doable for this release.

#2 @boonebgorges
6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [6072]) Cleans up the authentication checks for spammers and inactive users

  • Saves a lookup by examining the $auth_obj passed from the 'authenticate' hook instead of looking the user up by $username, in both bp_core_boot_spammer() and bp_core_signup_disable_inactive()
  • Updates documentation for the relevant functions

Fixes #4245
Props r-a-y

Note: See TracTickets for help on using tickets.