- // NEVER allow blank passwords, even if they match the DB
- if (mb_strlen($password) == 0) {
- return false;
- }
- $user = User::staticGet('nickname', $nickname);
- if (is_null($user) || $user === false) {
- return false;
- } else {
- if (0 == strcmp(common_munge_password($password, $user->id),
- $user->password)) {
- return $user;
- } else {
- return false;
+ $authenticatedUser = false;
+
+ if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {
+ $user = User::staticGet('nickname', $nickname);
+ if (!empty($user)) {
+ if (!empty($password)) { // never allow login with blank password
+ if (0 == strcmp(common_munge_password($password, $user->id),
+ $user->password)) {
+ //internal checking passed
+ $authenticatedUser =& $user;
+ }
+ }