MDL-23927 do not use = 'guest' because we have CFG->siteguest AND it …

…matches any other username with accents and different case in MySQL

enrol/authorize/enrol.php

@@ -67,7 +67,7 @@ public function print_entry($course)
             echo $OUTPUT->heading(get_string('choosemethod', 'enrol_authorize'));
         }
 
-        if ($USER->username == 'guest') { // only real guest user, not for users with guest role
+        if (isguestuser()) { // only real guest user, not for users with guest role
             $curcost = get_course_cost($course);
             echo '<div class="mdl-align">';
             echo '<p>'.get_string('paymentrequired').'</p>';

enrol/locallib.php

@@ -257,11 +257,11 @@ public function get_other_users($sort, $direction='ASC', $page=0, $perpage=25) {
      * @return array Array(totalusers => int, users => array)
      */
     public function get_potential_users($enrolid, $search='', $searchanywhere=false, $page=0, $perpage=25) {
-        global $DB;
+        global $DB, $CFG;
 
         // Add some additional sensible conditions
-        $tests = array("u.username <> 'guest'", 'u.deleted = 0', 'u.confirmed = 1');
-        $params = array();
+        $tests = array("id <> :guestid", 'u.deleted = 0', 'u.confirmed = 1');
+        $params = array('guestid' => $CFG->siteguest);
         if (!empty($search)) {
             $conditions = array('u.firstname','u.lastname');
             $ilike = ' ' . $DB->sql_ilike();
@@ -307,11 +307,11 @@ public function get_potential_users($enrolid, $search='', $searchanywhere=false,
      * @return array
      */
     public function search_other_users($search='', $searchanywhere=false, $page=0, $perpage=25) {
-        global $DB;
+        global $DB, $CFG;
 
         // Add some additional sensible conditions
-        $tests = array("u.username <> 'guest'", 'u.deleted = 0', 'u.confirmed = 1');
-        $params = array();
+        $tests = array("u.id <> :guestid", 'u.deleted = 0', 'u.confirmed = 1');
+        $params = array('guestid'=>$CFG->siteguest);
         if (!empty($search)) {
             $conditions = array('u.firstname','u.lastname');
             $ilike = ' ' . $DB->sql_ilike();

enrol/mnet/enrol.php

@@ -310,7 +310,7 @@ public function unenrol_user($username, $courseid) {
      * @return array
      */
     public function course_enrolments($courseid, $roles=null) {
-        global $DB;
+        global $DB, $CFG;
 
         if (!$client = get_mnet_remote_client()) {
             die('Callable via XML-RPC only');
@@ -323,11 +323,12 @@ public function course_enrolments($courseid, $roles=null) {
                   JOIN {role} r ON e.roleid = r.id
                  WHERE u.mnethostid = :mnethostid
                        AND e.courseid = :courseid
-                       AND u.username != 'guest'
+                       AND u.id <> :guestid
                        AND u.confirmed = 1
                        AND u.deleted = 0";
         $params['mnethostid'] = $client->id;
         $params['courseid'] = $courseid;
+        $params['guestid'] = $CFG->siteguest;
 
         if (!is_null($roles)) {
             if (!is_array($roles)) {

enrol/paypal/lib.php

@@ -160,7 +160,7 @@ function enrol_page_hook(stdClass $instance) {
             echo '<p>'.get_string('nocost', 'enrol_paypal').'</p>';
         } else {
 
-            if ($USER->username == 'guest') { // force login only for guest user, not real users with guest role
+            if (isguestuser()) { // force login only for guest user, not real users with guest role
                 if (empty($CFG->loginhttps)) {
                     $wwwroot = $CFG->wwwroot;
                 } else {

lib/accesslib.php

@@ -2915,7 +2915,7 @@ function is_enrolled($context, $user = NULL, $withcapability = '', $onlyactive =
  * @return array list($sql, $params)
  */
 function get_enrolled_sql($context, $withcapability = '', $groupid = 0, $onlyactive = false) {
-    global $DB;
+    global $DB, $CFG;
 
     // use unique prefix just in case somebody makes some SQL magic with the result
     static $i = 0;
@@ -3034,7 +3034,8 @@ function get_enrolled_sql($context, $withcapability = '', $groupid = 0, $onlyact
 
     }
 
-    $wheres[] = "{$prefix}u.deleted = 0 AND {$prefix}u.username <> 'guest'";
+    $wheres[] = "{$prefix}u.deleted = 0 AND {$prefix}u.id <> :{$prefix}guestid";
+    $params["{$prefix}guestid"] = $CFG->siteguest;
 
     if ($isfrontpage) {
         // all users are "enrolled" on the frontpage
@@ -4832,8 +4833,9 @@ function get_users_by_capability($context, $capability, $fields='', $sort='', $l
         }
     }
 
-    /// We never return deleted users or guest acount.
-    $wherecond[] = "u.deleted = 0 AND u.username <> 'guest'";
+    /// We never return deleted users or guest account.
+    $wherecond[] = "u.deleted = 0 AND u.id <> :guestid";
+    $params['guestid'] = $CFG->siteguest;
 
     /// Groups
     if ($groups) {

lib/datalib.php

@@ -184,7 +184,7 @@ function search_users($courseid, $groupid, $searchtext, $sort='', array $excepti
  */
 function get_users($get=true, $search='', $confirmed=false, array $exceptions=null, $sort='firstname ASC',
                    $firstinitial='', $lastinitial='', $page='', $recordsperpage='', $fields='*', $extraselect='', array $extraparams=null) {
-    global $DB;
+    global $DB, $CFG;
 
     if ($get && !$recordsperpage) {
         debugging('Call to get_users with $get = true no $recordsperpage limit. ' .
@@ -196,8 +196,8 @@ function get_users($get=true, $search='', $confirmed=false, array $exceptions=nu
     $LIKE      = $DB->sql_ilike();
     $fullname  = $DB->sql_fullname();
 
-    $select = " username <> :guest AND deleted = 0";
-    $params = array('guest'=>'guest');
+    $select = " id <> :guestid AND deleted = 0";
+    $params = array('guestid'=>$CFG->siteguest);
 
     if (!empty($search)){
         $search = trim($search);
@@ -306,10 +306,10 @@ function get_users_listing($sort='lastaccess', $dir='ASC', $page=0, $recordsperp
  * @return array of unconfirmed users
  */
 function get_users_confirmed() {
-    global $DB;
+    global $DB, $CFG;
     return $DB->get_records_sql("SELECT *
                                    FROM {user}
-                                  WHERE confirmed = 1 AND deleted = 0 AND username <> ?", array('guest'));
+                                  WHERE confirmed = 1 AND deleted = 0 AND id <> ?", array($CFG->siteguest));
 }
 
 

lib/outputrenderers.php

@@ -418,7 +418,7 @@ public function login_info() {
             if (is_mnet_remote_user($USER) and $idprovider = $DB->get_record('mnet_host', array('id'=>$USER->mnethostid))) {
                 $username .= " from <a href=\"{$idprovider->wwwroot}\">{$idprovider->name}</a>";
             }
-            if (isset($USER->username) && $USER->username == 'guest') {
+            if (isguestuser()) {
                 $loggedinas = $realuserinfo.get_string('loggedinasguest').
                           " (<a href=\"$loginurl\">".get_string('login').'</a>)';
             } else if (!empty($USER->access['rsw'][$context->path])) {
@@ -442,7 +442,7 @@ public function login_info() {
         if (isset($SESSION->justloggedin)) {
             unset($SESSION->justloggedin);
             if (!empty($CFG->displayloginfailures)) {
-                if (!empty($USER->username) and $USER->username != 'guest') {
+                if (!isguestuser()) {
                     if ($count = count_login_failures($CFG->displayloginfailures, $USER->username, $USER->lastlogin)) {
                         $loggedinas .= '&nbsp;<div class="loginfailures">';
                         if (empty($count->accounts)) {

lib/sessionlib.php

@@ -471,7 +471,7 @@ public function handler_read($sid) {
             $ignoretimeout = false;
             if (!empty($record->userid)) { // skips not logged in
                 if ($user = $this->database->get_record('user', array('id'=>$record->userid))) {
-                    if ($user->username !== 'guest') {
+                    if (!isguestuser($user)) {
                         $authsequence = get_enabled_auth_plugins(); // auths, in sequence
                         foreach($authsequence as $authname) {
                             $authplugin = get_auth_plugin($authname);
@@ -727,8 +727,8 @@ function session_gc() {
         $sql = "SELECT u.*, s.sid, s.timecreated AS s_timecreated, s.timemodified AS s_timemodified
                   FROM {user} u
                   JOIN {sessions} s ON s.userid = u.id
-                 WHERE s.timemodified + ? < ? AND u.username <> 'guest'";
-        $params = array($maxlifetime, time());
+                 WHERE s.timemodified + ? < ? AND u.id <> ?";
+        $params = array($maxlifetime, time(), $CFG->siteguest);
 
         $authplugins = array();
         foreach($auth_sequence as $authname) {

login/index.php

@@ -136,7 +136,7 @@
     if ($user) {
 
         // language setup
-        if ($user->username == 'guest') {
+        if (isguestuser($user)) {
             // no predefined language for guests - use existing session or default site lang
             unset($user->lang);
 

mnet/service/enrol/locallib.php

@@ -280,7 +280,7 @@ public function req_course_enrolments($mnethostid, $remotecourseid) {
                     // see MDL-19219
                     return serialize(array('remote host running old version of mnet server - does not return username attribute'));
                 }
-                if ($remote['username'] == 'guest') {
+                if ($remote['username'] == 'guest') { // we can not use $CFG->siteguest here
                     // do not try nasty things you bastard!
                     continue;
                 }