/**
* LDAP Authentication init
*
* These parameters are required for the event API, but we won't use them:
*
* @param unknown_type $event
* @param unknown_type $object_type
* @param unknown_type $object
*/
function ldap_auth_init()
{
global $CONFIG;
// Register the authentication handler
register_pam_handler('ldap_auth_authenticate');
register_translations($CONFIG->pluginspath . "ldap_auth/languages/");
}
function uservalidationbyemail_init()
{
require_once dirname(__FILE__) . '/lib/functions.php';
// Register page handler to validate users
// This doesn't need to be an action because security is handled by the validation codes.
elgg_register_page_handler('uservalidationbyemail', 'uservalidationbyemail_page_handler');
// mark users as unvalidated and disable when they register
elgg_register_plugin_hook_handler('register', 'user', 'uservalidationbyemail_disable_new_user');
// forward to uservalidationbyemail/emailsent page after register
elgg_register_plugin_hook_handler('forward', 'system', 'uservalidationbyemail_after_registration_url');
// canEdit override to allow not logged in code to disable a user
elgg_register_plugin_hook_handler('permissions_check', 'user', 'uservalidationbyemail_allow_new_user_can_edit');
// prevent users from logging in if they aren't validated
register_pam_handler('uservalidationbyemail_check_auth_attempt', "required");
// when requesting a new password
elgg_register_plugin_hook_handler('action', 'user/requestnewpassword', 'uservalidationbyemail_check_request_password');
// prevent the engine from logging in users via login()
elgg_register_event_handler('login:before', 'user', 'uservalidationbyemail_check_manual_login');
// make admin users always validated
elgg_register_event_handler('make_admin', 'user', 'uservalidationbyemail_validate_new_admin_user');
// register Walled Garden public pages
elgg_register_plugin_hook_handler('public_pages', 'walled_garden', 'uservalidationbyemail_public_pages');
// admin interface to manually validate users
elgg_register_admin_menu_item('administer', 'unvalidated', 'users');
elgg_extend_view('admin.css', 'uservalidationbyemail/css');
elgg_extend_view('elgg.js', 'uservalidationbyemail/js');
$action_path = dirname(__FILE__) . '/actions';
elgg_register_action('uservalidationbyemail/validate', "{$action_path}/validate.php", 'admin');
elgg_register_action('uservalidationbyemail/resend_validation', "{$action_path}/resend_validation.php", 'admin');
elgg_register_action('uservalidationbyemail/delete', "{$action_path}/delete.php", 'admin');
elgg_register_action('uservalidationbyemail/bulk_action', "{$action_path}/bulk_action.php", 'admin');
}
function cas_auth_init()
{
global $CONFIG;
$root = dirname(__FILE__);
elgg_register_library('elgg:cas_auth', "{$root}/lib/lib.php");
// actions
$action_path = "{$root}/actions/cas_auth";
elgg_register_action('login', "{$action_path}/login.php", 'public');
elgg_register_action('logout', "{$action_path}/logout.php");
register_pam_handler('cas_auth_authenticate');
register_translations("{$root}/languages/");
}
/**
* Initialize plugin
* @return void
*/
function init()
{
elgg_register_plugin_hook_handler('container_permissions_check', 'object', __NAMESPACE__ . '\\calendar_permissions');
elgg_register_plugin_hook_handler('export:instance', 'events_api', __NAMESPACE__ . '\\export_ical_instance');
elgg_register_plugin_hook_handler('cron', 'daily', __NAMESPACE__ . '\\daily_build_reminders');
elgg_register_event_handler('delete', 'object', __NAMESPACE__ . '\\delete_event_handler');
elgg_register_action('calendar/edit', __DIR__ . '/actions/calendar/edit.php');
elgg_register_action('calendar/delete', __DIR__ . '/actions/calendar/delete.php');
elgg_register_action('calendar/add_event', __DIR__ . '/actions/calendar/add_event.php');
elgg_register_action('events/edit', __DIR__ . '/actions/events/edit.php');
elgg_register_action('events/move', __DIR__ . '/actions/events/move.php');
elgg_register_action('events/resize', __DIR__ . '/actions/events/resize.php');
elgg_register_action('events/delete', __DIR__ . '/actions/events/delete.php');
elgg_register_action('events/cancel', __DIR__ . '/actions/events/cancel.php');
register_pam_handler(__NAMESPACE__ . '\\pam_handler', PAM::IMPORTANCE, PAM::POLICY);
}
/**
* Gets called during system initialization
*
* @return void
*/
function uservalidationbyadmin_init()
{
// register pam handler to check authentication
register_pam_handler("uservalidationbyadmin_pam_handler", "required");
// register events
elgg_register_event_handler("login", "user", "uservalidationbyadmin_login_event");
elgg_register_event_handler("enable", "user", "\\ColdTrick\\UserValidationByAdmin\\User::enableUser");
// register hooks
elgg_register_plugin_hook_handler("register", "user", "uservalidationbyadmin_register_user_hook");
elgg_register_plugin_hook_handler("permissions_check", "user", "uservalidationbyadmin_permissions_check_hook");
elgg_register_plugin_hook_handler("fail", "auth", "uservalidationbyadmin_auth_fail_hook");
elgg_register_plugin_hook_handler("cron", "daily", "uservalidationbyadmin_cron_hook");
elgg_register_plugin_hook_handler("cron", "weekly", "uservalidationbyadmin_cron_hook");
// register actions
elgg_register_action("uservalidationbyadmin/validate", dirname(__FILE__) . "/actions/validate.php", "admin");
elgg_register_action("uservalidationbyadmin/delete", dirname(__FILE__) . "/actions/delete.php", "admin");
elgg_register_action("uservalidationbyadmin/bulk_action", dirname(__FILE__) . "/actions/bulk_action.php", "admin");
}
/**
* Elgg oauth client and server
*
* @author Justin Richer
* @copyright The MITRE Corporation
* @link http://mitre.org/
*/
function oauth_init()
{
// Get config
global $CONFIG;
// include the OAuth library
if (!class_exists('OAuthConsumer')) {
include $CONFIG->pluginspath . 'oauth/lib/OAuth.php';
}
// set up the data store
include $CONFIG->pluginspath . 'oauth/lib/ElggOAuthDataStore.php';
// set up our actions and hooks
// mechanisms to register and unregister consumers
elgg_register_action('oauth/register', $CONFIG->pluginspath . 'oauth/actions/register.php');
elgg_register_action('oauth/unregister', $CONFIG->pluginspath . 'oauth/actions/unregister.php');
elgg_register_action('oauth/editconsumer', $CONFIG->pluginspath . 'oauth/actions/editconsumer.php');
// mechanisms to let the user authorize and revoke their tokens
elgg_register_action('oauth/authorize', $CONFIG->pluginspath . 'oauth/actions/authorize.php');
elgg_register_action('oauth/revoke', $CONFIG->pluginspath . 'oauth/actions/revoke.php');
// mechanisms to allow consumers of remote sites to request tokens
elgg_register_action('oauth/gettoken', $CONFIG->pluginspath . 'oauth/actions/gettoken.php');
// page handler
elgg_register_page_handler('oauth', 'oauth_page_handler');
// plugins hooks (for permissions on OAuth token and consumer objects)
elgg_register_plugin_hook_handler('permissions_check', 'object', 'oauth_permissions_check');
// cron to clean up old nonces and tokens
elgg_register_plugin_hook_handler('cron', 'hourly', 'oauth_cron_cleanup');
// add our menu pieces
elgg_register_menu_item('site', array('name' => elgg_echo('oauth:menu'), 'text' => elgg_echo('oauth:menu'), 'href' => $CONFIG->wwwroot . 'oauth/authorize'));
// hook for the PAM permissions system
register_pam_handler('oauth_pam_handler', 'sufficient', 'user');
register_pam_handler('oauth_pam_handler', 'sufficient', 'api');
// API Test function
expose_function('oauth.echo', 'oauth_echo', array('string' => array('type' => 'string')), 'A testing method for OAuth authentication', 'GET', true, true);
// run our set up and upgrade functions
run_function_once('oauth_run_once');
run_function_once('oauth_upgrade_201004');
}
/**
* plugin initialization
*/
function init()
{
// register actions
elgg_register_action('elgg_stormpath/settings/save', __DIR__ . '/actions/stormpath/settings.php', 'admin');
// these things only work if we have a real api connection
if (get_application()) {
$importance = elgg_get_plugin_setting('importance', PLUGIN_ID);
register_pam_handler(__NAMESPACE__ . '\\pam_handler', $importance);
elgg_register_page_handler('stormpath', __NAMESPACE__ . '\\pagehandler');
// add new users to stormpath
elgg_register_event_handler('create', 'user', __NAMESPACE__ . '\\event_user_create', 1000);
// make admin users always validated
elgg_register_event_handler('make_admin', 'user', __NAMESPACE__ . '\\validate_new_admin_user');
// mark users as unvalidated and disable when they register
elgg_register_plugin_hook_handler('register', 'user', __NAMESPACE__ . '\\disable_new_user');
// canEdit override to allow not logged in code to disable a user
elgg_register_plugin_hook_handler('permissions_check', 'user', __NAMESPACE__ . '\\allow_new_user_can_edit');
// add custom data to our stormpath user
elgg_register_plugin_hook_handler('elgg_stormpath', 'import', __NAMESPACE__ . '\\stormpath_custom_data');
elgg_register_action('user/requestnewpassword', __DIR__ . '/actions/stormpath/requestnewpassword.php', 'public');
elgg_register_action('user/passwordreset', __DIR__ . '/actions/stormpath/passwordreset.php', 'public');
// differentiation for 1.8/newer compatibility
if (is_elgg18()) {
elgg_register_event_handler('login', 'user', __NAMESPACE__ . '\\event_user_login', 1000);
elgg_unregister_plugin_hook_handler('usersettings:save', 'user', 'users_settings_save');
elgg_register_plugin_hook_handler('usersettings:save', 'user', __NAMESPACE__ . '\\users_settings_save');
} else {
elgg_register_event_handler('login:after', 'user', __NAMESPACE__ . '\\event_user_login', 1000);
elgg_unregister_plugin_hook_handler('usersettings:save', 'user', '_elgg_set_user_password');
elgg_register_plugin_hook_handler('usersettings:save', 'user', __NAMESPACE__ . '\\set_user_password');
}
if (elgg_is_active_plugin('vroom')) {
elgg_register_action('stormpath/import', __DIR__ . '/actions/stormpath/import.php', 'admin');
}
}
}
/**
* REST API handler
*
* @return void
* @access private
*
* @throws SecurityException|APIException
*/
function rest_handler()
{
global $CONFIG;
// Register the error handler
error_reporting(E_ALL);
set_error_handler('_php_api_error_handler');
// Register a default exception handler
set_exception_handler('_php_api_exception_handler');
// Check to see if the api is available
if (isset($CONFIG->disable_api) && $CONFIG->disable_api == true) {
throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied'));
}
// plugins should return true to control what API and user authentication handlers are registered
if (elgg_trigger_plugin_hook('rest', 'init', null, false) == false) {
// for testing from a web browser, you can use the session PAM
// do not use for production sites!!
//register_pam_handler('pam_auth_session');
// user token can also be used for user authentication
register_pam_handler('pam_auth_usertoken');
// simple API key check
register_pam_handler('api_auth_key', "sufficient", "api");
// hmac
register_pam_handler('api_auth_hmac', "sufficient", "api");
}
// Get parameter variables
$method = get_input('method');
$result = null;
// this will throw an exception if authentication fails
authenticate_method($method);
$result = execute_method($method);
if (!$result instanceof GenericResult) {
throw new APIException(elgg_echo('APIException:ApiResultUnknown'));
}
// Output the result
echo elgg_view_page($method, elgg_view("api/output", array("result" => $result)));
}
/**
* Initialises the system session and potentially logs the user in
*
* This function looks for:
*
* 1. $_SESSION['id'] - if not present, we're logged out, and this is set to 0
* 2. The cookie 'elggperm' - if present, checks it for an authentication
* token, validates it, and potentially logs the user in
*
* @uses $_SESSION
*
* @param string $event Event name
* @param string $object_type Object type
* @param mixed $object Object
*
* @return bool
*/
function session_init($event, $object_type, $object)
{
global $DB_PREFIX, $CONFIG;
// Use database for sessions
// HACK to allow access to prefix after object destruction
$DB_PREFIX = $CONFIG->dbprefix;
if (!isset($CONFIG->use_file_sessions)) {
session_set_save_handler("_elgg_session_open", "_elgg_session_close", "_elgg_session_read", "_elgg_session_write", "_elgg_session_destroy", "_elgg_session_gc");
}
session_name('Elgg');
session_start();
// Generate a simple token (private from potentially public session id)
if (!isset($_SESSION['__elgg_session'])) {
$_SESSION['__elgg_session'] = md5(microtime() . rand());
}
// test whether we have a user session
if (empty($_SESSION['guid'])) {
// clear session variables before checking cookie
unset($_SESSION['user']);
unset($_SESSION['id']);
unset($_SESSION['guid']);
unset($_SESSION['code']);
// is there a remember me cookie
if (isset($_COOKIE['elggperm'])) {
// we have a cookie, so try to log the user in
$code = $_COOKIE['elggperm'];
$code = md5($code);
if ($user = get_user_by_code($code)) {
// we have a user, log him in
$_SESSION['user'] = $user;
$_SESSION['id'] = $user->getGUID();
$_SESSION['guid'] = $_SESSION['id'];
$_SESSION['code'] = $_COOKIE['elggperm'];
}
}
} else {
// we have a session and we have already checked the fingerprint
// reload the user object from database in case it has changed during the session
if ($user = get_user($_SESSION['guid'])) {
$_SESSION['user'] = $user;
$_SESSION['id'] = $user->getGUID();
$_SESSION['guid'] = $_SESSION['id'];
} else {
// user must have been deleted with a session active
unset($_SESSION['user']);
unset($_SESSION['id']);
unset($_SESSION['guid']);
unset($_SESSION['code']);
}
}
if (isset($_SESSION['guid'])) {
set_last_action($_SESSION['guid']);
}
elgg_register_action("login", '', 'public');
elgg_register_action("logout");
// Register a default PAM handler
register_pam_handler('pam_auth_userpass');
// Initialise the magic session
global $SESSION;
$SESSION = new ElggSession();
// Finally we ensure that a user who has been banned with an open session is kicked.
if (isset($_SESSION['user']) && $_SESSION['user']->isBanned()) {
session_destroy();
return false;
}
// Since we have loaded a new user, this user may have different language preferences
register_translations(dirname(dirname(dirname(__FILE__))) . "/languages/");
return true;
}
/**
* Initializes the session and checks for the remember me cookie
*
* @return bool
* @access private
*/
function _elgg_session_boot()
{
elgg_register_action('login', '', 'public');
elgg_register_action('logout');
register_pam_handler('pam_auth_userpass');
$session = _elgg_services()->session;
$session->start();
// test whether we have a user session
if ($session->has('guid')) {
$user = get_user($session->get('guid'));
if (!$user) {
// OMG user has been deleted.
$session->invalidate();
forward('');
}
$session->setLoggedInUser($user);
_elgg_services()->persistentLogin->replaceLegacyToken($user);
} else {
$user = _elgg_services()->persistentLogin->bootSession();
if ($user) {
$session->setLoggedInUser($user);
}
}
if ($session->has('guid')) {
set_last_action($session->get('guid'));
}
// initialize the deprecated global session wrapper
global $SESSION;
$SESSION = new \Elgg\DeprecationWrapper($session, "\$SESSION is deprecated", 1.9);
// logout a user with open session who has been banned
$user = $session->getLoggedInUser();
if ($user && $user->isBanned()) {
logout();
return false;
}
return true;
}
// Register the error handler
error_reporting(E_ALL);
set_error_handler('__php_api_error_handler');
// Register a default exception handler
set_exception_handler('__php_api_exception_handler');
// Check to see if the api is available
if (isset($CONFIG->disable_api) && $CONFIG->disable_api == true) {
throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied'));
}
// plugins should return true to control what API and user authentication handlers are registered
if (trigger_plugin_hook('rest', 'init', null, false) == false) {
// check session - this usually means a REST call from a web browser
register_pam_handler('pam_auth_session');
// user token can also be used for user authentication
register_pam_handler('pam_auth_usertoken');
// simple API key check
register_pam_handler('api_auth_key', "sufficient", "api");
// hmac
register_pam_handler('api_auth_hmac', "sufficient", "api");
}
// Get parameter variables
$method = get_input('method');
$result = null;
// this will throw an exception if authentication fails
authenticate_method($method);
$result = execute_method($method);
if (!$result instanceof GenericResult) {
throw new APIException(elgg_echo('APIException:ApiResultUnknown'));
}
// Output the result
page_draw($method, elgg_view("api/output", array("result" => $result)));
/**
* REST API handler
*
* @return void
* @access private
*
* @throws SecurityException|APIException
*/
function ws_rest_handler()
{
$viewtype = elgg_get_viewtype();
if (!elgg_view_exists('api/output', $viewtype)) {
header("HTTP/1.0 400 Bad Request");
header("Content-type: text/plain");
echo "Missing view 'api/output' in viewtype '{$viewtype}'.";
if (in_array($viewtype, ['xml', 'php'])) {
echo "\nEnable the 'data_views' plugin to add this view.";
}
exit;
}
elgg_load_library('elgg:ws');
// Register the error handler
error_reporting(E_ALL);
set_error_handler('_php_api_error_handler');
// Register a default exception handler
set_exception_handler('_php_api_exception_handler');
// plugins should return true to control what API and user authentication handlers are registered
if (elgg_trigger_plugin_hook('rest', 'init', null, false) == false) {
// for testing from a web browser, you can use the session PAM
// do not use for production sites!!
//register_pam_handler('pam_auth_session');
// user token can also be used for user authentication
register_pam_handler('pam_auth_usertoken');
// simple API key check
register_pam_handler('api_auth_key', "sufficient", "api");
// hmac
register_pam_handler('api_auth_hmac', "sufficient", "api");
}
// Get parameter variables
$method = get_input('method');
$result = null;
// this will throw an exception if authentication fails
authenticate_method($method);
$result = execute_method($method);
if (!$result instanceof GenericResult) {
throw new APIException(elgg_echo('APIException:ApiResultUnknown'));
}
// Output the result
echo elgg_view_page($method, elgg_view("api/output", array("result" => $result)));
}
/**
* Initializes the session and checks for the remember me cookie
*
* @return bool
* @access private
*/
function _elgg_session_boot()
{
_elgg_services()->timer->begin([__FUNCTION__]);
elgg_register_action('login', '', 'public');
elgg_register_action('logout');
register_pam_handler('pam_auth_userpass');
$session = _elgg_services()->session;
$session->start();
// test whether we have a user session
if ($session->has('guid')) {
$user = _elgg_services()->entityTable->get($session->get('guid'), 'user');
if (!$user) {
// OMG user has been deleted.
$session->invalidate();
forward('');
}
$session->setLoggedInUser($user);
_elgg_services()->persistentLogin->replaceLegacyToken($user);
} else {
$user = _elgg_services()->persistentLogin->bootSession();
if ($user) {
$session->setLoggedInUser($user);
}
}
if ($session->has('guid')) {
set_last_action($session->get('guid'));
}
// logout a user with open session who has been banned
$user = $session->getLoggedInUser();
if ($user && $user->isBanned()) {
logout();
return false;
}
_elgg_services()->timer->end([__FUNCTION__]);
return true;
}
global $CONFIG;
// Register the error handler
error_reporting(E_ALL);
set_error_handler('__php_api_error_handler');
// Register a default exception handler
set_exception_handler('__php_api_exception_handler');
// Check to see if the api is available
if (isset($CONFIG->disable_api) && $CONFIG->disable_api == true) {
throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied'));
}
// Register some default PAM methods, plugins can add their own
register_pam_handler('pam_auth_session_or_hmac');
// Command must either be authenticated by a hmac or the user is already logged in
register_pam_handler('pam_auth_usertoken', 'required');
// Either token present and valid OR method doesn't require one.
register_pam_handler('pam_auth_anonymous_method');
// Support anonymous functions
// Get parameter variables
$method = get_input('method');
$result = null;
// Authenticate session
if (pam_authenticate()) {
// Authenticated somehow, now execute.
$token = "";
$params = get_parameters_for_method($method);
// Use $CONFIG->input instead of $_REQUEST since this is called by the pagehandler
if (isset($params['auth_token'])) {
$token = $params['auth_token'];
}
$result = execute_method($method, $params, $token);
} else {
/**
* Initialises the system session and potentially logs the user in
*
* This function looks for:
*
* 1. $_SESSION['id'] - if not present, we're logged out, and this is set to 0
* 2. The cookie 'elggperm' - if present, checks it for an authentication
* token, validates it, and potentially logs the user in
*
* @uses $_SESSION
*
* @return bool
* @access private
*/
function _elgg_session_boot()
{
global $DB_PREFIX, $CONFIG;
// Use database for sessions
// HACK to allow access to prefix after object destruction
$DB_PREFIX = $CONFIG->dbprefix;
if (!isset($CONFIG->use_file_sessions)) {
session_set_save_handler("_elgg_session_open", "_elgg_session_close", "_elgg_session_read", "_elgg_session_write", "_elgg_session_destroy", "_elgg_session_gc");
}
session_name('Elgg');
session_start();
// Generate a simple token (private from potentially public session id)
if (!isset($_SESSION['__elgg_session'])) {
$_SESSION['__elgg_session'] = ElggCrypto::getRandomString(32, ElggCrypto::CHARS_HEX);
}
// test whether we have a user session
if (empty($_SESSION['guid'])) {
// clear session variables before checking cookie
unset($_SESSION['user']);
unset($_SESSION['id']);
unset($_SESSION['guid']);
unset($_SESSION['code']);
// is there a remember me cookie
if (!empty($_COOKIE['elggperm'])) {
// we have a cookie, so try to log the user in
$code = $_COOKIE['elggperm'];
$code = md5($code);
if ($user = get_user_by_code($code)) {
// we have a user, log him in
$_SESSION['user'] = $user;
$_SESSION['id'] = $user->getGUID();
$_SESSION['guid'] = $_SESSION['id'];
$_SESSION['code'] = $_COOKIE['elggperm'];
} else {
if (_elgg_is_legacy_remember_me_token($_COOKIE['elggperm'])) {
// may be attempt to brute force legacy low-entropy codes
sleep(1);
}
setcookie("elggperm", "", time() - 86400 * 30, "/");
}
}
} else {
// we have a session and we have already checked the fingerprint
// reload the user object from database in case it has changed during the session
if ($user = get_user($_SESSION['guid'])) {
$_SESSION['user'] = $user;
$_SESSION['id'] = $user->getGUID();
$_SESSION['guid'] = $_SESSION['id'];
} else {
// user must have been deleted with a session active
unset($_SESSION['user']);
unset($_SESSION['id']);
unset($_SESSION['guid']);
unset($_SESSION['code']);
if (!empty($_COOKIE['elggperm']) && _elgg_is_legacy_remember_me_token($_COOKIE['elggperm'])) {
// replace user's old weaker-entropy code with new one
$code = _elgg_generate_remember_me_token();
$_SESSION['code'] = $code;
$user->code = md5($code);
$user->save();
setcookie("elggperm", $code, time() + 86400 * 30, "/");
}
}
}
if (isset($_SESSION['guid'])) {
set_last_action($_SESSION['guid']);
}
elgg_register_action('login', '', 'public');
elgg_register_action('logout');
// Register a default PAM handler
register_pam_handler('pam_auth_userpass');
// Initialise the magic session
global $SESSION;
$SESSION = new ElggSession();
// Finally we ensure that a user who has been banned with an open session is kicked.
if (isset($_SESSION['user']) && $_SESSION['user']->isBanned()) {
session_destroy();
return false;
}
return true;
}
/**
* Initializes the session and checks for the remember me cookie
*
* @return bool
* @access private
*/
function _elgg_session_boot()
{
elgg_register_action('login', '', 'public');
elgg_register_action('logout');
register_pam_handler('pam_auth_userpass');
$session = _elgg_services()->session;
$session->start();
// test whether we have a user session
if ($session->has('guid')) {
$session->setLoggedInUser(get_user($session->get('guid')));
} else {
// is there a remember me cookie
if (isset($_COOKIE['elggperm'])) {
// we have a cookie, so try to log the user in
$user = get_user_by_code(md5($_COOKIE['elggperm']));
if ($user) {
$session->setLoggedInUser($user);
$session->set('code', md5($_COOKIE['elggperm']));
}
}
}
if ($session->has('guid')) {
set_last_action($session->get('guid'));
}
// initialize the deprecated global session wrapper
global $SESSION;
$SESSION = new Elgg_DeprecationWrapper(_elgg_services()->session, "\$SESSION is deprecated", 1.9);
// logout a user with open session who has been banned
$user = $session->getLoggedInUser();
if ($user && $user->isBanned()) {
logout();
return false;
}
return true;
}
/**
* Initialises the system session and potentially logs the user in
*
* This function looks for:
*
* 1. $_SESSION['id'] - if not present, we're logged out, and this is set to 0
* 2. The cookie 'elggperm' - if present, checks it for an authentication token, validates it, and potentially logs the user in
*
* @uses $_SESSION
* @param unknown_type $event
* @param unknown_type $object_type
* @param unknown_type $object
*/
function session_init($event, $object_type, $object)
{
global $DB_PREFIX, $CONFIG;
if (!is_db_installed()) {
return false;
}
// Use database for sessions
$DB_PREFIX = $CONFIG->dbprefix;
// HACK to allow access to prefix after object distruction
if (!isset($CONFIG->use_file_sessions)) {
session_set_save_handler("__elgg_session_open", "__elgg_session_close", "__elgg_session_read", "__elgg_session_write", "__elgg_session_destroy", "__elgg_session_gc");
}
session_name('Elgg');
session_start();
// Do some sanity checking by generating a fingerprint (makes some XSS attacks harder)
if (isset($_SESSION['__elgg_fingerprint'])) {
if ($_SESSION['__elgg_fingerprint'] != get_session_fingerprint()) {
session_destroy();
return false;
}
} else {
$_SESSION['__elgg_fingerprint'] = get_session_fingerprint();
}
// Generate a simple token (private from potentially public session id)
if (!isset($_SESSION['__elgg_session'])) {
$_SESSION['__elgg_session'] = md5(microtime() . rand());
}
if (empty($_SESSION['guid'])) {
if (isset($_COOKIE['elggperm'])) {
$code = $_COOKIE['elggperm'];
$code = md5($code);
unset($_SESSION['guid']);
//$_SESSION['guid'] = 0;
unset($_SESSION['id']);
//$_SESSION['id'] = 0;
if ($user = get_user_by_code($code)) {
$_SESSION['user'] = $user;
$_SESSION['id'] = $user->getGUID();
$_SESSION['guid'] = $_SESSION['id'];
$_SESSION['code'] = $_COOKIE['elggperm'];
}
} else {
unset($_SESSION['id']);
//$_SESSION['id'] = 0;
unset($_SESSION['guid']);
//$_SESSION['guid'] = 0;
unset($_SESSION['code']);
//$_SESSION['code'] = "";
}
} else {
if (!empty($_SESSION['code'])) {
$code = md5($_SESSION['code']);
if ($user = get_user_by_code($code)) {
$_SESSION['user'] = $user;
$_SESSION['id'] = $user->getGUID();
$_SESSION['guid'] = $_SESSION['id'];
} else {
unset($_SESSION['user']);
unset($_SESSION['id']);
//$_SESSION['id'] = 0;
unset($_SESSION['guid']);
//$_SESSION['guid'] = 0;
unset($_SESSION['code']);
//$_SESSION['code'] = "";
}
} else {
//$_SESSION['user'] = new ElggDummy();
unset($_SESSION['id']);
//$_SESSION['id'] = 0;
unset($_SESSION['guid']);
//$_SESSION['guid'] = 0;
unset($_SESSION['code']);
//$_SESSION['code'] = "";
}
}
if ($_SESSION['id'] > 0) {
set_last_action($_SESSION['id']);
}
register_action("login", true);
register_action("logout");
// Register a default PAM handler
register_pam_handler('pam_auth_userpass');
// Initialise the magic session
global $SESSION;
$SESSION = new ElggSession();
// Finally we ensure that a user who has been banned with an open session is kicked.
if (isset($_SESSION['user']) && $_SESSION['user']->isBanned()) {
session_destroy();
return false;
}
// Since we have loaded a new user, this user may have different language preferences
register_translations(dirname(dirname(dirname(__FILE__))) . "/languages/");
return true;
}
/**
* LDAP Authentication init
*/
function ldap_auth_init()
{
// Register the authentication handler
register_pam_handler('ldap_auth_authenticate');
}