=== modified file 'moodle/auth/nologin/auth.php' --- old/moodle/auth/nologin/auth.php 2009-11-05 03:34:11 +0000 +++ new/moodle/auth/nologin/auth.php 2009-11-10 16:01:54 +0000 @@ -36,7 +36,10 @@ * */ function user_login($username, $password) { - return false; + // give users a chance to guess what is wrong with their accounts. + // Change to AUTH_FAIL if you do not want to give any hints, we could add new + // plugin preference if needed. + return AUTH_DENIED; } /** === modified file 'moodle/lang/en_utf8/moodle.php' --- old/moodle/lang/en_utf8/moodle.php 2009-11-05 03:34:11 +0000 +++ new/moodle/lang/en_utf8/moodle.php 2009-11-10 16:01:41 +0000 @@ -921,6 +921,8 @@ $string['loginalready'] = 'You are already logged in'; $string['loginas'] = 'Login as'; $string['loginaspasswordexplain'] = '

You must enter the special \"loginas password\" to use this feature.
If you do not know it, ask your server administrator.

'; +$string['logindenied'] = 'Login denied.'; +$string['loginerror'] = 'Login error. Please contact your site administrator.'; $string['loginguest'] = 'Login as a guest'; $string['loginsite'] = 'Login to the site'; $string['loginsteps'] = 'Hi! For full access to courses you\'ll need to take === modified file 'moodle/lib/authlib.php' --- old/moodle/lib/authlib.php 2009-11-05 03:34:11 +0000 +++ new/moodle/lib/authlib.php 2009-11-10 16:03:07 +0000 @@ -26,17 +26,20 @@ */ /** + * Returned when the login was unsuccessful. Other auth plugins are tried. + */ +define('AUTH_FAIL', 0); + +/** * Returned when the login was successful. */ -define('AUTH_OK', 0); - -/** - * Returned when the login was unsuccessful. - */ -define('AUTH_FAIL', 1); - -/** - * Returned when the login was denied (a reason for AUTH_FAIL). +define('AUTH_OK', 1); + +/** + * Returned when the login was denied, this indicates no other + * authentication plugins should be tried. UI displayes a different + * message which indicates username login failed. The failure should not + * depend on supplied password. */ define('AUTH_DENIED', 2); === modified file 'moodle/lib/moodlelib.php' --- old/moodle/lib/moodlelib.php 2009-11-05 03:34:11 +0000 +++ new/moodle/lib/moodlelib.php 2009-11-10 16:01:10 +0000 @@ -3519,9 +3519,12 @@ foreach ($auths as $auth) { $authplugin = get_auth_plugin($auth); - // on auth fail fall through to the next plugin - if (!$authplugin->user_login($username, $password)) { - continue; + // on AUTH_FAIL (or 'false', for backward-compat) fall through to the next plugin + $rc = $authplugin->user_login($username, $password); + if ($rc === false or $rc === AUTH_FAIL) { + continue; + } elseif ($rc === AUTH_DENIED) { + return $rc; } // successful authentication === modified file 'moodle/login/index.php' --- old/moodle/login/index.php 2009-11-05 03:34:11 +0000 +++ new/moodle/login/index.php 2009-11-10 16:07:03 +0000 @@ -92,7 +92,7 @@ if (function_exists('weblink_auth')) { $user = weblink_auth($SESSION->wantsurl); } - if ($user) { + if (is_object($user)) { $frm->username = $user->username; } else { $frm = data_submitted(); @@ -135,7 +135,7 @@ } update_login_count(); - if ($user) { + if (is_object($user)) { // language setup if ($user->username == 'guest') { @@ -226,9 +226,19 @@ exit; } else { - if (empty($errormsg)) { - $errormsg = get_string("invalidlogin"); + if (!$user) { + // AUTH_FAIL or false + $errormsg = get_string('invalidlogin'); $errorcode = 3; + } else if ($user === AUTH_DENIED) { + $errormsg = get_string('logindenied'); + $errorcode = 5; + } else if ($user === AUTH_ERROR or empty($errormsg)) { + $errormsg = get_string('loginerror'); + $errorcode = 6; + } else { + $errormsg = get_string('loginerror'); + $errorcode = 7; } // TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user