public function checkUserCredentials($login, $password) { $user = $this->getUser($login); // a typesafe comparisson is very important as elgg_authenticate returns true or string. if ($user && elgg_authenticate($user->username, $password) === true) { return true; } else { return false; } }
static function login($input) { $username = Helpers::getUsernameByInput($input["username"]); if (elgg_authenticate($username, $input['password']) !== true) { throw new Exception("could_not_login"); } $user = get_user_by_username($username); if (!$user) { throw new Exception("could_not_login"); } if ($input['rememberMe']) { $rememberMe = true; } else { $rememberMe = false; } try { login($user, $rememberMe); unset($_SESSION['last_forward_from']); } catch (LoginException $e) { register_error($e->getMessage()); } }
function engap_gettoken($username, $password) { //error_log("user".$username); if (is_email_address($username)) { $users = get_user_by_email($username); if (is_array($users) && count($users) == 1) { $user = $users[0]; $username = $user->username; } } else { $user = get_user_by_username($username); } // validate username and password if ($user instanceof ELGGUser) { if (true === elgg_authenticate($username, $password)) { //expiry in minute //1 hour = 60 //24 hours = 1440 $token = create_user_token($username, 1440); //1 day if ($token) { $return['token'] = $token; $return['username'] = $user->username; $return['user_guid'] = $user->guid; $return['email'] = $user->email; $return['phone'] = $user->phone; $return['city'] = $user->city; $return['avatar_path'] = $user->getIconURL('large'); $plugin = elgg_get_plugin_from_id("engap"); $return['plugin_version'] = $plugin->getManifest()->getVersion(); return $return; } } } throw new SecurityException(elgg_echo('SecurityException:authenticationfailed')); }
/** * The auth.gettoken API. * This API call lets a user log in, returning an authentication token which can be used * to authenticate a user for a period of time. It is passed in future calls as the parameter * auth_token. * * @param string $username Username * @param string $password Clear text password * * @return string Token string or exception * @throws SecurityException * @access private */ function auth_gettoken($username, $password) { // check if username is an email address if (is_email_address($username)) { $users = get_user_by_email($username); // check if we have a unique user if (is_array($users) && count($users) == 1) { $username = $users[0]->username; } } // validate username and password if (true === elgg_authenticate($username, $password)) { $token = create_user_token($username); if ($token) { return $token; } } throw new SecurityException(elgg_echo('SecurityException:authenticationfailed')); }
/** * Set a user's email address * Returns null if no change is required or input is not present in the form * Returns true or false indicating success or failure if change was needed * * @return bool|void * @since 1.8.0 * @access private */ function _elgg_set_user_email() { $email = get_input('email'); $user_guid = get_input('guid'); if (!isset($email)) { return; } if ($user_guid) { $user = get_user($user_guid); } else { $user = elgg_get_logged_in_user_entity(); } if (!is_email_address($email)) { register_error(elgg_echo('email:save:fail')); return false; } if (!$user instanceof ElggUser) { register_error(elgg_echo('email:save:fail')); return false; } if (strcmp($email, $user->email) === 0) { // no change return; } if (elgg_get_config('security_email_require_password') && $user->getGUID() === elgg_get_logged_in_user_guid()) { // validate password $pwd = get_input('email_password'); $auth = elgg_authenticate($user->username, $pwd); if ($auth !== true) { register_error(elgg_echo('email:save:fail:password')); return false; } } if (!get_user_by_email($email)) { $user->email = $email; if ($user->save()) { system_message(elgg_echo('email:save:success')); return true; } else { register_error(elgg_echo('email:save:fail')); } } else { register_error(elgg_echo('registration:dupeemail')); } return false; }
if ($email_verified) { $email = $email_verified; $verified = true; } $name = get_input('name'); $friend_guid = (int) get_input('friend_guid', 0); $invitecode = get_input('invitecode'); $provider_uid = get_input('provider_uid'); $provider = get_input('provider'); $photo_url = get_input('photo_url'); // The user has an existing account. Lets prompt for their password if ($users = get_user_by_email($email)) { $return_url = elgg_get_site_url() . "hybridauth/authenticate?provider={$provider}&require_auth=true&e=" . urlencode($email); if ($authpass) { // Authenticate the user $result = elgg_authenticate($users[0]->username, $authpass); if ($result !== true) { register_error($result); forward($return_url . '&auth_fail=1'); } // We have a successful authentication forward("hybridauth/authenticate?provider={$provider}&email={$email}"); } // Go back to the registration screen and request a password forward($return_url); } if (elgg_get_config('allow_registration')) { try { if (trim($password) == "" || trim($password2) == "") { throw new RegistrationException(elgg_echo('RegistrationException:EmptyPassword')); }
// forward to main index page $forward_url = ''; } $username = get_input('username'); $password = get_input('password', null, false); $persistent = get_input("persistent", false); $result = false; if (empty($username) || empty($password)) { register_error(elgg_echo('login:empty')); forward(); } // check if logging in with email address if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { $username = $users[0]->username; } $result = elgg_authenticate($username, $password); if ($result !== true) { register_error($result); forward(REFERER); } $user = get_user_by_username($username); if (!$user) { register_error(elgg_echo('login:baduser')); forward(REFERER); } try { login($user, $persistent); // re-register at least the core language file for users with language other than site default register_translations(dirname(dirname(__FILE__)) . "/languages/"); } catch (LoginException $e) { register_error($e->getMessage());
function siteaccess_login_hook($hook, $type, $result, $params) { if (siteaccess_login_captcha_enabled()) { $username = get_input('username'); $password = get_input('password', null, false); if (empty($username) || empty($password)) { return true; // if not set bail } // check if logging in with email address if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { $username = $users[0]->username; } $user = get_user_by_username($username); if (!$user) { return true; // doesn't exit bail } if (!$_SESSION['login_failure']) { $_SESSION['login_failure'] = (int) $user->getPrivateSetting("login_failures"); } if ($_SESSION['login_failure'] >= siteaccess_login_threshold()) { if (!siteaccess_validate_captcha()) { return false; } } // require captcha if (elgg_authenticate($username, $password) !== true) { $_SESSION['login_failure']++; register_error(elgg_echo('login:baduser')); return false; } else { $_SESSION['login_failure'] = 0; } } return true; }
/** * The auth.gettoken API. * This API call lets a user log in, returning an authentication token which can be used * to authenticate a user for a period of time. It is passed in future calls as the parameter * auth_token. * * @param string $username Username * @param string $password Clear text password * * @return string Token string or exception * @throws SecurityException * @access private */ function auth_gettoken($username, $password) { if (true === elgg_authenticate($username, $password)) { $token = create_user_token($username); if ($token) { return $token; } } throw new SecurityException(elgg_echo('SecurityException:authenticationfailed')); }
function TopicLogin($username, $password) { $result = FALSE; if (empty($username) || empty($password)) { return $result; } else { return $result = elgg_authenticate($username, $password); } }
register_error(elgg_echo('member_selfdelete:error:delete:admin')); forward(REFERER); } $confirmation = get_input('confirmation'); $reason = get_input('reason'); if (elgg_get_plugin_setting('method', PLUGIN_ID) == "choose") { $method = get_input('method', 'delete'); if (!in_array($method, array('delete', 'ban', 'transfer'))) { $method = "delete"; // no valid method selected, somethings wrong, delete them for hacking! hehe } } else { $method = elgg_get_plugin_setting('method', PLUGIN_ID); } // make sure they entered their password into the confirmation if (elgg_authenticate(elgg_get_logged_in_user_entity()->username, $confirmation) !== true) { // not confirmed register_error(elgg_echo('member_selfdelete:invalid:confirmation')); forward(REFERER); } if (!empty($reason)) { // they gave some feedback - log it $prefix = "Username: "******"<br> Reason for leaving: <br>"; // annotate the site, set the owner_guid to -9999 create_annotation(elgg_get_logged_in_user_entity()->site_guid, 'selfdeletefeedback', $prefix . $reason, 'text', elgg_get_site_entity()->guid, ACCESS_PRIVATE); system_message(elgg_echo('member_selfdelete:feedback:thanks')); } $user = elgg_get_logged_in_user_entity(); switch ($method) { case "ban": // just bans the user
} $editable = $targetUser->canEdit(); if (!$editable) { register_error(elgg_echo("profile:noaccess")); forward(); } $currentPassword = get_input("currentPassword"); $newPassword = get_input("newPassword"); $newPasswordValidation = get_input("newPasswordValidation"); $categories = profile_manager_get_categorized_fields($targetUser, true); if ($currentPassword == $newPassword) { register_error(elgg_echo('rijkshuisstijl:password:change:sameasold')); forward(); } if ($newPassword != $newPasswordValidation) { register_error(elgg_echo('user:password:fail:notsame')); forward(); } if (!validate_password($newPassword)) { register_error(elgg_echo('registration:passwordnotvalid')); forward(); } $result = elgg_authenticate($targetUser->username, $currentPassword); if ($result !== true) { register_error(elgg_echo('user:password:fail:incorrect_current_password')); forward(); } $targetUser->setPassword($newPassword); $targetUser->save(); system_message(elgg_echo('user:password:success')); forward();