Example #1
0
/**
 * Hook into the PAM system which accepts a username and password and attempts to authenticate
 * it against a known user.
 *
 * @param array $credentials Associated array of credentials passed to
 *                           Elgg's PAM system. This function expects
 *                           'username' and 'password' (cleartext).
 *
 * @return bool
 * @throws LoginException
 * @access private
 */
function pam_auth_userpass(array $credentials = array())
{
    if (!isset($credentials['username']) || !isset($credentials['password'])) {
        return false;
    }
    $user = get_user_by_username($credentials['username']);
    if (!$user) {
        throw new LoginException(elgg_echo('LoginException:UsernameFailure'));
    }
    if (check_rate_limit_exceeded($user->guid)) {
        throw new LoginException(elgg_echo('LoginException:AccountLocked'));
    }
    if ($user->password !== generate_user_password($user, $credentials['password'])) {
        log_login_failure($user->guid);
        throw new LoginException(elgg_echo('LoginException:PasswordFailure'));
    }
    return true;
}
Example #2
0
/**
 * Logs in a specified ElggUser. For standard registration, use in conjunction
 * with authenticate.
 * 
 * @see authenticate
 * @param ElggUser $user A valid Elgg user object
 * @param boolean $persistent Should this be a persistent login?
 * @return true|false Whether login was successful
 */
function login(ElggUser $user, $persistent = false)
{
    global $CONFIG;
    if ($user->isBanned()) {
        return false;
    }
    // User is banned, return false.
    if (check_rate_limit_exceeded($user->guid)) {
        return false;
    }
    // Check rate limit
    $_SESSION['user'] = $user;
    $_SESSION['guid'] = $user->getGUID();
    $_SESSION['id'] = $_SESSION['guid'];
    $_SESSION['username'] = $user->username;
    $_SESSION['name'] = $user->name;
    $code = md5($user->name . $user->username . time() . rand());
    $user->code = md5($code);
    $_SESSION['code'] = $code;
    if ($persistent) {
        setcookie("elggperm", $code, time() + 86400 * 30, "/");
    }
    if (!$user->save() || !trigger_elgg_event('login', 'user', $user)) {
        unset($_SESSION['username']);
        unset($_SESSION['name']);
        unset($_SESSION['code']);
        unset($_SESSION['guid']);
        unset($_SESSION['id']);
        unset($_SESSION['user']);
        setcookie("elggperm", "", time() - 86400 * 30, "/");
        return false;
    }
    // Users privilege has been elevated, so change the session id (help prevent session hijacking)
    session_regenerate_id();
    // Update statistics
    set_last_login($_SESSION['guid']);
    reset_login_failure_count($user->guid);
    // Reset any previous failed login attempts
    // Set admin shortcut flag if this is an admin
    if (isadminloggedin()) {
        global $is_admin;
        $is_admin = true;
    }
    return true;
}
Example #3
0
/**
 * Hook into the PAM system which accepts a username and password and attempts to authenticate
 * it against a known user.
 *
 * @param array $credentials Associated array of credentials passed to
 *                           Elgg's PAM system. This function expects
 *                           'username' and 'password' (cleartext).
 *
 * @return bool
 * @throws LoginException
 * @access private
 */
function pam_auth_userpass(array $credentials = array())
{
    if (!isset($credentials['username']) || !isset($credentials['password'])) {
        return false;
    }
    $user = get_user_by_username($credentials['username']);
    if (!$user) {
        throw new \LoginException(_elgg_services()->translator->translate('LoginException:UsernameFailure'));
    }
    if (check_rate_limit_exceeded($user->guid)) {
        throw new \LoginException(_elgg_services()->translator->translate('LoginException:AccountLocked'));
    }
    $password_svc = _elgg_services()->passwords;
    $password = $credentials['password'];
    $hash = $user->password_hash;
    if (!$hash) {
        // try legacy hash
        $legacy_hash = $password_svc->generateLegacyHash($user, $password);
        if ($user->password !== $legacy_hash) {
            log_login_failure($user->guid);
            throw new \LoginException(_elgg_services()->translator->translate('LoginException:PasswordFailure'));
        }
        // migrate password
        $password_svc->forcePasswordReset($user, $password);
        return true;
    }
    if (!$password_svc->verify($password, $hash)) {
        log_login_failure($user->guid);
        throw new \LoginException(_elgg_services()->translator->translate('LoginException:PasswordFailure'));
    }
    if ($password_svc->needsRehash($hash)) {
        $password_svc->forcePasswordReset($user, $password);
    }
    return true;
}