/**
* @param int $user_record The account_id
* @param bool $login_initial default false
* @param bool $interactive default false
* @param bool $return
* @param bool $update_lastlog
*/
function authenticate_success($user_record, $channel = null, $login_initial = false, $interactive = false, $return = false, $update_lastlog = false)
{
$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
$lastlog_updated = false;
if (x($user_record, 'account_id')) {
App::$account = $user_record;
$_SESSION['account_id'] = $user_record['account_id'];
$_SESSION['authenticated'] = 1;
if ($channel) {
$uid_to_load = $channel['channel_id'];
}
if (!$uid_to_load) {
$uid_to_load = x($_SESSION, 'uid') && intval($_SESSION['uid']) ? intval($_SESSION['uid']) : intval(App::$account['account_default_channel']);
}
if ($uid_to_load) {
change_channel($uid_to_load);
}
if ($login_initial || $update_lastlog) {
q("update account set account_lastlog = '%s' where account_id = %d", dbesc(datetime_convert()), intval($_SESSION['account_id']));
App::$account['account_lastlog'] = datetime_convert();
$lastlog_updated = true;
call_hooks('logged_in', App::$account);
}
}
if ($login_initial && !$lastlog_updated) {
call_hooks('logged_in', $user_record);
// might want to log success here
}
if ($return || x($_SESSION, 'workflow')) {
unset($_SESSION['workflow']);
return;
}
if (App::$module !== 'home' && x($_SESSION, 'login_return_url') && strlen($_SESSION['login_return_url'])) {
$return_url = $_SESSION['login_return_url'];
// don't let members get redirected to a raw ajax page update - this can happen
// if DHCP changes the IP address at an unfortunate time and paranoia is turned on
if (strstr($return_url, 'update_')) {
$return_url = '';
}
unset($_SESSION['login_return_url']);
goaway(z_root() . '/' . $return_url);
}
/* This account has never created a channel. Send them to new_channel by default */
if (App::$module === 'login') {
$r = q("select count(channel_id) as total from channel where channel_account_id = %d and channel_removed = 0 ", intval(App::$account['account_id']));
if ($r && !$r[0]['total']) {
goaway(z_root() . '/new_channel');
}
}
/* else just return */
}
public static function set_account($acct)
{
self::$account = $acct;
}
* A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record
* Plugins should never set 'authenticated' except to indicate success - as hooks may be chained
* and later plugins should not interfere with an earlier one that succeeded.
*
*/
call_hooks('authenticate', $addon_auth);
$atoken = null;
$account = null;
if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) {
$account = $addon_auth['user_record'];
} else {
$verify = account_verify_password($_POST['username'], $_POST['password']);
if ($verify) {
$atoken = $verify['xchan'];
$channel = $verify['channel'];
$account = App::$account = $verify['account'];
}
if (App::$account) {
$_SESSION['account_id'] = App::$account['account_id'];
} elseif ($atoken) {
atoken_login($atoken);
} else {
notice(t('Failed authentication') . EOL);
}
}
if (!($account || $atoken)) {
$error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR'];
logger($error);
// Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention
$authlog = get_config('system', 'authlog');
if ($authlog) {
}
if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') {
$record = null;
$addon_auth = array('username' => trim($_POST['username']), 'password' => trim($_POST['password']), 'authenticated' => 0, 'user_record' => null);
/**
*
* A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record
* Plugins should never set 'authenticated' except to indicate success - as hooks may be chained
* and later plugins should not interfere with an earlier one that succeeded.
*
*/
call_hooks('authenticate', $addon_auth);
if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) {
$record = $addon_auth['user_record'];
} else {
$record = App::$account = account_verify_password($_POST['username'], $_POST['password']);
if (App::$account) {
$_SESSION['account_id'] = App::$account['account_id'];
} else {
notice(t('Failed authentication') . EOL);
}
logger('authenticate: ' . print_r(App::$account, true), LOGGER_ALL);
}
if (!$record || !count($record)) {
$error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR'];
logger($error);
// Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention
$authlog = get_config('system', 'authlog');
if ($authlog) {
@file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND);
}
