/** * Hook into the PAM system which accepts a username and password and attempts to authenticate * it against a known user. * * @param array $credentials Associated array of credentials passed to * Elgg's PAM system. This function expects * 'username' and 'password' (cleartext). * * @return bool * @throws LoginException * @access private */ function pam_auth_userpass(array $credentials = array()) { if (!isset($credentials['username']) || !isset($credentials['password'])) { return false; } $user = get_user_by_username($credentials['username']); if (!$user) { throw new LoginException(elgg_echo('LoginException:UsernameFailure')); } if (check_rate_limit_exceeded($user->guid)) { throw new LoginException(elgg_echo('LoginException:AccountLocked')); } if ($user->password !== generate_user_password($user, $credentials['password'])) { log_login_failure($user->guid); throw new LoginException(elgg_echo('LoginException:PasswordFailure')); } return true; }
/** * Logs in a specified ElggUser. For standard registration, use in conjunction * with authenticate. * * @see authenticate * @param ElggUser $user A valid Elgg user object * @param boolean $persistent Should this be a persistent login? * @return true|false Whether login was successful */ function login(ElggUser $user, $persistent = false) { global $CONFIG; if ($user->isBanned()) { return false; } // User is banned, return false. if (check_rate_limit_exceeded($user->guid)) { return false; } // Check rate limit $_SESSION['user'] = $user; $_SESSION['guid'] = $user->getGUID(); $_SESSION['id'] = $_SESSION['guid']; $_SESSION['username'] = $user->username; $_SESSION['name'] = $user->name; $code = md5($user->name . $user->username . time() . rand()); $user->code = md5($code); $_SESSION['code'] = $code; if ($persistent) { setcookie("elggperm", $code, time() + 86400 * 30, "/"); } if (!$user->save() || !trigger_elgg_event('login', 'user', $user)) { unset($_SESSION['username']); unset($_SESSION['name']); unset($_SESSION['code']); unset($_SESSION['guid']); unset($_SESSION['id']); unset($_SESSION['user']); setcookie("elggperm", "", time() - 86400 * 30, "/"); return false; } // Users privilege has been elevated, so change the session id (help prevent session hijacking) session_regenerate_id(); // Update statistics set_last_login($_SESSION['guid']); reset_login_failure_count($user->guid); // Reset any previous failed login attempts // Set admin shortcut flag if this is an admin if (isadminloggedin()) { global $is_admin; $is_admin = true; } return true; }
/** * Hook into the PAM system which accepts a username and password and attempts to authenticate * it against a known user. * * @param array $credentials Associated array of credentials passed to * Elgg's PAM system. This function expects * 'username' and 'password' (cleartext). * * @return bool * @throws LoginException * @access private */ function pam_auth_userpass(array $credentials = array()) { if (!isset($credentials['username']) || !isset($credentials['password'])) { return false; } $user = get_user_by_username($credentials['username']); if (!$user) { throw new \LoginException(_elgg_services()->translator->translate('LoginException:UsernameFailure')); } if (check_rate_limit_exceeded($user->guid)) { throw new \LoginException(_elgg_services()->translator->translate('LoginException:AccountLocked')); } $password_svc = _elgg_services()->passwords; $password = $credentials['password']; $hash = $user->password_hash; if (!$hash) { // try legacy hash $legacy_hash = $password_svc->generateLegacyHash($user, $password); if ($user->password !== $legacy_hash) { log_login_failure($user->guid); throw new \LoginException(_elgg_services()->translator->translate('LoginException:PasswordFailure')); } // migrate password $password_svc->forcePasswordReset($user, $password); return true; } if (!$password_svc->verify($password, $hash)) { log_login_failure($user->guid); throw new \LoginException(_elgg_services()->translator->translate('LoginException:PasswordFailure')); } if ($password_svc->needsRehash($hash)) { $password_svc->forcePasswordReset($user, $password); } return true; }