/** * LDAP Authentication init * * These parameters are required for the event API, but we won't use them: * * @param unknown_type $event * @param unknown_type $object_type * @param unknown_type $object */ function ldap_auth_init() { global $CONFIG; // Register the authentication handler register_pam_handler('ldap_auth_authenticate'); register_translations($CONFIG->pluginspath . "ldap_auth/languages/"); }
function uservalidationbyemail_init() { require_once dirname(__FILE__) . '/lib/functions.php'; // Register page handler to validate users // This doesn't need to be an action because security is handled by the validation codes. elgg_register_page_handler('uservalidationbyemail', 'uservalidationbyemail_page_handler'); // mark users as unvalidated and disable when they register elgg_register_plugin_hook_handler('register', 'user', 'uservalidationbyemail_disable_new_user'); // forward to uservalidationbyemail/emailsent page after register elgg_register_plugin_hook_handler('forward', 'system', 'uservalidationbyemail_after_registration_url'); // canEdit override to allow not logged in code to disable a user elgg_register_plugin_hook_handler('permissions_check', 'user', 'uservalidationbyemail_allow_new_user_can_edit'); // prevent users from logging in if they aren't validated register_pam_handler('uservalidationbyemail_check_auth_attempt', "required"); // when requesting a new password elgg_register_plugin_hook_handler('action', 'user/requestnewpassword', 'uservalidationbyemail_check_request_password'); // prevent the engine from logging in users via login() elgg_register_event_handler('login:before', 'user', 'uservalidationbyemail_check_manual_login'); // make admin users always validated elgg_register_event_handler('make_admin', 'user', 'uservalidationbyemail_validate_new_admin_user'); // register Walled Garden public pages elgg_register_plugin_hook_handler('public_pages', 'walled_garden', 'uservalidationbyemail_public_pages'); // admin interface to manually validate users elgg_register_admin_menu_item('administer', 'unvalidated', 'users'); elgg_extend_view('admin.css', 'uservalidationbyemail/css'); elgg_extend_view('elgg.js', 'uservalidationbyemail/js'); $action_path = dirname(__FILE__) . '/actions'; elgg_register_action('uservalidationbyemail/validate', "{$action_path}/validate.php", 'admin'); elgg_register_action('uservalidationbyemail/resend_validation', "{$action_path}/resend_validation.php", 'admin'); elgg_register_action('uservalidationbyemail/delete', "{$action_path}/delete.php", 'admin'); elgg_register_action('uservalidationbyemail/bulk_action', "{$action_path}/bulk_action.php", 'admin'); }
function cas_auth_init() { global $CONFIG; $root = dirname(__FILE__); elgg_register_library('elgg:cas_auth', "{$root}/lib/lib.php"); // actions $action_path = "{$root}/actions/cas_auth"; elgg_register_action('login', "{$action_path}/login.php", 'public'); elgg_register_action('logout', "{$action_path}/logout.php"); register_pam_handler('cas_auth_authenticate'); register_translations("{$root}/languages/"); }
/** * Initialize plugin * @return void */ function init() { elgg_register_plugin_hook_handler('container_permissions_check', 'object', __NAMESPACE__ . '\\calendar_permissions'); elgg_register_plugin_hook_handler('export:instance', 'events_api', __NAMESPACE__ . '\\export_ical_instance'); elgg_register_plugin_hook_handler('cron', 'daily', __NAMESPACE__ . '\\daily_build_reminders'); elgg_register_event_handler('delete', 'object', __NAMESPACE__ . '\\delete_event_handler'); elgg_register_action('calendar/edit', __DIR__ . '/actions/calendar/edit.php'); elgg_register_action('calendar/delete', __DIR__ . '/actions/calendar/delete.php'); elgg_register_action('calendar/add_event', __DIR__ . '/actions/calendar/add_event.php'); elgg_register_action('events/edit', __DIR__ . '/actions/events/edit.php'); elgg_register_action('events/move', __DIR__ . '/actions/events/move.php'); elgg_register_action('events/resize', __DIR__ . '/actions/events/resize.php'); elgg_register_action('events/delete', __DIR__ . '/actions/events/delete.php'); elgg_register_action('events/cancel', __DIR__ . '/actions/events/cancel.php'); register_pam_handler(__NAMESPACE__ . '\\pam_handler', PAM::IMPORTANCE, PAM::POLICY); }
/** * Gets called during system initialization * * @return void */ function uservalidationbyadmin_init() { // register pam handler to check authentication register_pam_handler("uservalidationbyadmin_pam_handler", "required"); // register events elgg_register_event_handler("login", "user", "uservalidationbyadmin_login_event"); elgg_register_event_handler("enable", "user", "\\ColdTrick\\UserValidationByAdmin\\User::enableUser"); // register hooks elgg_register_plugin_hook_handler("register", "user", "uservalidationbyadmin_register_user_hook"); elgg_register_plugin_hook_handler("permissions_check", "user", "uservalidationbyadmin_permissions_check_hook"); elgg_register_plugin_hook_handler("fail", "auth", "uservalidationbyadmin_auth_fail_hook"); elgg_register_plugin_hook_handler("cron", "daily", "uservalidationbyadmin_cron_hook"); elgg_register_plugin_hook_handler("cron", "weekly", "uservalidationbyadmin_cron_hook"); // register actions elgg_register_action("uservalidationbyadmin/validate", dirname(__FILE__) . "/actions/validate.php", "admin"); elgg_register_action("uservalidationbyadmin/delete", dirname(__FILE__) . "/actions/delete.php", "admin"); elgg_register_action("uservalidationbyadmin/bulk_action", dirname(__FILE__) . "/actions/bulk_action.php", "admin"); }
/** * Elgg oauth client and server * * @author Justin Richer * @copyright The MITRE Corporation * @link http://mitre.org/ */ function oauth_init() { // Get config global $CONFIG; // include the OAuth library if (!class_exists('OAuthConsumer')) { include $CONFIG->pluginspath . 'oauth/lib/OAuth.php'; } // set up the data store include $CONFIG->pluginspath . 'oauth/lib/ElggOAuthDataStore.php'; // set up our actions and hooks // mechanisms to register and unregister consumers elgg_register_action('oauth/register', $CONFIG->pluginspath . 'oauth/actions/register.php'); elgg_register_action('oauth/unregister', $CONFIG->pluginspath . 'oauth/actions/unregister.php'); elgg_register_action('oauth/editconsumer', $CONFIG->pluginspath . 'oauth/actions/editconsumer.php'); // mechanisms to let the user authorize and revoke their tokens elgg_register_action('oauth/authorize', $CONFIG->pluginspath . 'oauth/actions/authorize.php'); elgg_register_action('oauth/revoke', $CONFIG->pluginspath . 'oauth/actions/revoke.php'); // mechanisms to allow consumers of remote sites to request tokens elgg_register_action('oauth/gettoken', $CONFIG->pluginspath . 'oauth/actions/gettoken.php'); // page handler elgg_register_page_handler('oauth', 'oauth_page_handler'); // plugins hooks (for permissions on OAuth token and consumer objects) elgg_register_plugin_hook_handler('permissions_check', 'object', 'oauth_permissions_check'); // cron to clean up old nonces and tokens elgg_register_plugin_hook_handler('cron', 'hourly', 'oauth_cron_cleanup'); // add our menu pieces elgg_register_menu_item('site', array('name' => elgg_echo('oauth:menu'), 'text' => elgg_echo('oauth:menu'), 'href' => $CONFIG->wwwroot . 'oauth/authorize')); // hook for the PAM permissions system register_pam_handler('oauth_pam_handler', 'sufficient', 'user'); register_pam_handler('oauth_pam_handler', 'sufficient', 'api'); // API Test function expose_function('oauth.echo', 'oauth_echo', array('string' => array('type' => 'string')), 'A testing method for OAuth authentication', 'GET', true, true); // run our set up and upgrade functions run_function_once('oauth_run_once'); run_function_once('oauth_upgrade_201004'); }
/** * plugin initialization */ function init() { // register actions elgg_register_action('elgg_stormpath/settings/save', __DIR__ . '/actions/stormpath/settings.php', 'admin'); // these things only work if we have a real api connection if (get_application()) { $importance = elgg_get_plugin_setting('importance', PLUGIN_ID); register_pam_handler(__NAMESPACE__ . '\\pam_handler', $importance); elgg_register_page_handler('stormpath', __NAMESPACE__ . '\\pagehandler'); // add new users to stormpath elgg_register_event_handler('create', 'user', __NAMESPACE__ . '\\event_user_create', 1000); // make admin users always validated elgg_register_event_handler('make_admin', 'user', __NAMESPACE__ . '\\validate_new_admin_user'); // mark users as unvalidated and disable when they register elgg_register_plugin_hook_handler('register', 'user', __NAMESPACE__ . '\\disable_new_user'); // canEdit override to allow not logged in code to disable a user elgg_register_plugin_hook_handler('permissions_check', 'user', __NAMESPACE__ . '\\allow_new_user_can_edit'); // add custom data to our stormpath user elgg_register_plugin_hook_handler('elgg_stormpath', 'import', __NAMESPACE__ . '\\stormpath_custom_data'); elgg_register_action('user/requestnewpassword', __DIR__ . '/actions/stormpath/requestnewpassword.php', 'public'); elgg_register_action('user/passwordreset', __DIR__ . '/actions/stormpath/passwordreset.php', 'public'); // differentiation for 1.8/newer compatibility if (is_elgg18()) { elgg_register_event_handler('login', 'user', __NAMESPACE__ . '\\event_user_login', 1000); elgg_unregister_plugin_hook_handler('usersettings:save', 'user', 'users_settings_save'); elgg_register_plugin_hook_handler('usersettings:save', 'user', __NAMESPACE__ . '\\users_settings_save'); } else { elgg_register_event_handler('login:after', 'user', __NAMESPACE__ . '\\event_user_login', 1000); elgg_unregister_plugin_hook_handler('usersettings:save', 'user', '_elgg_set_user_password'); elgg_register_plugin_hook_handler('usersettings:save', 'user', __NAMESPACE__ . '\\set_user_password'); } if (elgg_is_active_plugin('vroom')) { elgg_register_action('stormpath/import', __DIR__ . '/actions/stormpath/import.php', 'admin'); } } }
/** * REST API handler * * @return void * @access private * * @throws SecurityException|APIException */ function rest_handler() { global $CONFIG; // Register the error handler error_reporting(E_ALL); set_error_handler('_php_api_error_handler'); // Register a default exception handler set_exception_handler('_php_api_exception_handler'); // Check to see if the api is available if (isset($CONFIG->disable_api) && $CONFIG->disable_api == true) { throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied')); } // plugins should return true to control what API and user authentication handlers are registered if (elgg_trigger_plugin_hook('rest', 'init', null, false) == false) { // for testing from a web browser, you can use the session PAM // do not use for production sites!! //register_pam_handler('pam_auth_session'); // user token can also be used for user authentication register_pam_handler('pam_auth_usertoken'); // simple API key check register_pam_handler('api_auth_key', "sufficient", "api"); // hmac register_pam_handler('api_auth_hmac', "sufficient", "api"); } // Get parameter variables $method = get_input('method'); $result = null; // this will throw an exception if authentication fails authenticate_method($method); $result = execute_method($method); if (!$result instanceof GenericResult) { throw new APIException(elgg_echo('APIException:ApiResultUnknown')); } // Output the result echo elgg_view_page($method, elgg_view("api/output", array("result" => $result))); }
/** * Initialises the system session and potentially logs the user in * * This function looks for: * * 1. $_SESSION['id'] - if not present, we're logged out, and this is set to 0 * 2. The cookie 'elggperm' - if present, checks it for an authentication * token, validates it, and potentially logs the user in * * @uses $_SESSION * * @param string $event Event name * @param string $object_type Object type * @param mixed $object Object * * @return bool */ function session_init($event, $object_type, $object) { global $DB_PREFIX, $CONFIG; // Use database for sessions // HACK to allow access to prefix after object destruction $DB_PREFIX = $CONFIG->dbprefix; if (!isset($CONFIG->use_file_sessions)) { session_set_save_handler("_elgg_session_open", "_elgg_session_close", "_elgg_session_read", "_elgg_session_write", "_elgg_session_destroy", "_elgg_session_gc"); } session_name('Elgg'); session_start(); // Generate a simple token (private from potentially public session id) if (!isset($_SESSION['__elgg_session'])) { $_SESSION['__elgg_session'] = md5(microtime() . rand()); } // test whether we have a user session if (empty($_SESSION['guid'])) { // clear session variables before checking cookie unset($_SESSION['user']); unset($_SESSION['id']); unset($_SESSION['guid']); unset($_SESSION['code']); // is there a remember me cookie if (isset($_COOKIE['elggperm'])) { // we have a cookie, so try to log the user in $code = $_COOKIE['elggperm']; $code = md5($code); if ($user = get_user_by_code($code)) { // we have a user, log him in $_SESSION['user'] = $user; $_SESSION['id'] = $user->getGUID(); $_SESSION['guid'] = $_SESSION['id']; $_SESSION['code'] = $_COOKIE['elggperm']; } } } else { // we have a session and we have already checked the fingerprint // reload the user object from database in case it has changed during the session if ($user = get_user($_SESSION['guid'])) { $_SESSION['user'] = $user; $_SESSION['id'] = $user->getGUID(); $_SESSION['guid'] = $_SESSION['id']; } else { // user must have been deleted with a session active unset($_SESSION['user']); unset($_SESSION['id']); unset($_SESSION['guid']); unset($_SESSION['code']); } } if (isset($_SESSION['guid'])) { set_last_action($_SESSION['guid']); } elgg_register_action("login", '', 'public'); elgg_register_action("logout"); // Register a default PAM handler register_pam_handler('pam_auth_userpass'); // Initialise the magic session global $SESSION; $SESSION = new ElggSession(); // Finally we ensure that a user who has been banned with an open session is kicked. if (isset($_SESSION['user']) && $_SESSION['user']->isBanned()) { session_destroy(); return false; } // Since we have loaded a new user, this user may have different language preferences register_translations(dirname(dirname(dirname(__FILE__))) . "/languages/"); return true; }
/** * Initializes the session and checks for the remember me cookie * * @return bool * @access private */ function _elgg_session_boot() { elgg_register_action('login', '', 'public'); elgg_register_action('logout'); register_pam_handler('pam_auth_userpass'); $session = _elgg_services()->session; $session->start(); // test whether we have a user session if ($session->has('guid')) { $user = get_user($session->get('guid')); if (!$user) { // OMG user has been deleted. $session->invalidate(); forward(''); } $session->setLoggedInUser($user); _elgg_services()->persistentLogin->replaceLegacyToken($user); } else { $user = _elgg_services()->persistentLogin->bootSession(); if ($user) { $session->setLoggedInUser($user); } } if ($session->has('guid')) { set_last_action($session->get('guid')); } // initialize the deprecated global session wrapper global $SESSION; $SESSION = new \Elgg\DeprecationWrapper($session, "\$SESSION is deprecated", 1.9); // logout a user with open session who has been banned $user = $session->getLoggedInUser(); if ($user && $user->isBanned()) { logout(); return false; } return true; }
// Register the error handler error_reporting(E_ALL); set_error_handler('__php_api_error_handler'); // Register a default exception handler set_exception_handler('__php_api_exception_handler'); // Check to see if the api is available if (isset($CONFIG->disable_api) && $CONFIG->disable_api == true) { throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied')); } // plugins should return true to control what API and user authentication handlers are registered if (trigger_plugin_hook('rest', 'init', null, false) == false) { // check session - this usually means a REST call from a web browser register_pam_handler('pam_auth_session'); // user token can also be used for user authentication register_pam_handler('pam_auth_usertoken'); // simple API key check register_pam_handler('api_auth_key', "sufficient", "api"); // hmac register_pam_handler('api_auth_hmac', "sufficient", "api"); } // Get parameter variables $method = get_input('method'); $result = null; // this will throw an exception if authentication fails authenticate_method($method); $result = execute_method($method); if (!$result instanceof GenericResult) { throw new APIException(elgg_echo('APIException:ApiResultUnknown')); } // Output the result page_draw($method, elgg_view("api/output", array("result" => $result)));
/** * REST API handler * * @return void * @access private * * @throws SecurityException|APIException */ function ws_rest_handler() { $viewtype = elgg_get_viewtype(); if (!elgg_view_exists('api/output', $viewtype)) { header("HTTP/1.0 400 Bad Request"); header("Content-type: text/plain"); echo "Missing view 'api/output' in viewtype '{$viewtype}'."; if (in_array($viewtype, ['xml', 'php'])) { echo "\nEnable the 'data_views' plugin to add this view."; } exit; } elgg_load_library('elgg:ws'); // Register the error handler error_reporting(E_ALL); set_error_handler('_php_api_error_handler'); // Register a default exception handler set_exception_handler('_php_api_exception_handler'); // plugins should return true to control what API and user authentication handlers are registered if (elgg_trigger_plugin_hook('rest', 'init', null, false) == false) { // for testing from a web browser, you can use the session PAM // do not use for production sites!! //register_pam_handler('pam_auth_session'); // user token can also be used for user authentication register_pam_handler('pam_auth_usertoken'); // simple API key check register_pam_handler('api_auth_key', "sufficient", "api"); // hmac register_pam_handler('api_auth_hmac', "sufficient", "api"); } // Get parameter variables $method = get_input('method'); $result = null; // this will throw an exception if authentication fails authenticate_method($method); $result = execute_method($method); if (!$result instanceof GenericResult) { throw new APIException(elgg_echo('APIException:ApiResultUnknown')); } // Output the result echo elgg_view_page($method, elgg_view("api/output", array("result" => $result))); }
/** * Initializes the session and checks for the remember me cookie * * @return bool * @access private */ function _elgg_session_boot() { _elgg_services()->timer->begin([__FUNCTION__]); elgg_register_action('login', '', 'public'); elgg_register_action('logout'); register_pam_handler('pam_auth_userpass'); $session = _elgg_services()->session; $session->start(); // test whether we have a user session if ($session->has('guid')) { $user = _elgg_services()->entityTable->get($session->get('guid'), 'user'); if (!$user) { // OMG user has been deleted. $session->invalidate(); forward(''); } $session->setLoggedInUser($user); _elgg_services()->persistentLogin->replaceLegacyToken($user); } else { $user = _elgg_services()->persistentLogin->bootSession(); if ($user) { $session->setLoggedInUser($user); } } if ($session->has('guid')) { set_last_action($session->get('guid')); } // logout a user with open session who has been banned $user = $session->getLoggedInUser(); if ($user && $user->isBanned()) { logout(); return false; } _elgg_services()->timer->end([__FUNCTION__]); return true; }
global $CONFIG; // Register the error handler error_reporting(E_ALL); set_error_handler('__php_api_error_handler'); // Register a default exception handler set_exception_handler('__php_api_exception_handler'); // Check to see if the api is available if (isset($CONFIG->disable_api) && $CONFIG->disable_api == true) { throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied')); } // Register some default PAM methods, plugins can add their own register_pam_handler('pam_auth_session_or_hmac'); // Command must either be authenticated by a hmac or the user is already logged in register_pam_handler('pam_auth_usertoken', 'required'); // Either token present and valid OR method doesn't require one. register_pam_handler('pam_auth_anonymous_method'); // Support anonymous functions // Get parameter variables $method = get_input('method'); $result = null; // Authenticate session if (pam_authenticate()) { // Authenticated somehow, now execute. $token = ""; $params = get_parameters_for_method($method); // Use $CONFIG->input instead of $_REQUEST since this is called by the pagehandler if (isset($params['auth_token'])) { $token = $params['auth_token']; } $result = execute_method($method, $params, $token); } else {
/** * Initialises the system session and potentially logs the user in * * This function looks for: * * 1. $_SESSION['id'] - if not present, we're logged out, and this is set to 0 * 2. The cookie 'elggperm' - if present, checks it for an authentication * token, validates it, and potentially logs the user in * * @uses $_SESSION * * @return bool * @access private */ function _elgg_session_boot() { global $DB_PREFIX, $CONFIG; // Use database for sessions // HACK to allow access to prefix after object destruction $DB_PREFIX = $CONFIG->dbprefix; if (!isset($CONFIG->use_file_sessions)) { session_set_save_handler("_elgg_session_open", "_elgg_session_close", "_elgg_session_read", "_elgg_session_write", "_elgg_session_destroy", "_elgg_session_gc"); } session_name('Elgg'); session_start(); // Generate a simple token (private from potentially public session id) if (!isset($_SESSION['__elgg_session'])) { $_SESSION['__elgg_session'] = ElggCrypto::getRandomString(32, ElggCrypto::CHARS_HEX); } // test whether we have a user session if (empty($_SESSION['guid'])) { // clear session variables before checking cookie unset($_SESSION['user']); unset($_SESSION['id']); unset($_SESSION['guid']); unset($_SESSION['code']); // is there a remember me cookie if (!empty($_COOKIE['elggperm'])) { // we have a cookie, so try to log the user in $code = $_COOKIE['elggperm']; $code = md5($code); if ($user = get_user_by_code($code)) { // we have a user, log him in $_SESSION['user'] = $user; $_SESSION['id'] = $user->getGUID(); $_SESSION['guid'] = $_SESSION['id']; $_SESSION['code'] = $_COOKIE['elggperm']; } else { if (_elgg_is_legacy_remember_me_token($_COOKIE['elggperm'])) { // may be attempt to brute force legacy low-entropy codes sleep(1); } setcookie("elggperm", "", time() - 86400 * 30, "/"); } } } else { // we have a session and we have already checked the fingerprint // reload the user object from database in case it has changed during the session if ($user = get_user($_SESSION['guid'])) { $_SESSION['user'] = $user; $_SESSION['id'] = $user->getGUID(); $_SESSION['guid'] = $_SESSION['id']; } else { // user must have been deleted with a session active unset($_SESSION['user']); unset($_SESSION['id']); unset($_SESSION['guid']); unset($_SESSION['code']); if (!empty($_COOKIE['elggperm']) && _elgg_is_legacy_remember_me_token($_COOKIE['elggperm'])) { // replace user's old weaker-entropy code with new one $code = _elgg_generate_remember_me_token(); $_SESSION['code'] = $code; $user->code = md5($code); $user->save(); setcookie("elggperm", $code, time() + 86400 * 30, "/"); } } } if (isset($_SESSION['guid'])) { set_last_action($_SESSION['guid']); } elgg_register_action('login', '', 'public'); elgg_register_action('logout'); // Register a default PAM handler register_pam_handler('pam_auth_userpass'); // Initialise the magic session global $SESSION; $SESSION = new ElggSession(); // Finally we ensure that a user who has been banned with an open session is kicked. if (isset($_SESSION['user']) && $_SESSION['user']->isBanned()) { session_destroy(); return false; } return true; }
/** * Initializes the session and checks for the remember me cookie * * @return bool * @access private */ function _elgg_session_boot() { elgg_register_action('login', '', 'public'); elgg_register_action('logout'); register_pam_handler('pam_auth_userpass'); $session = _elgg_services()->session; $session->start(); // test whether we have a user session if ($session->has('guid')) { $session->setLoggedInUser(get_user($session->get('guid'))); } else { // is there a remember me cookie if (isset($_COOKIE['elggperm'])) { // we have a cookie, so try to log the user in $user = get_user_by_code(md5($_COOKIE['elggperm'])); if ($user) { $session->setLoggedInUser($user); $session->set('code', md5($_COOKIE['elggperm'])); } } } if ($session->has('guid')) { set_last_action($session->get('guid')); } // initialize the deprecated global session wrapper global $SESSION; $SESSION = new Elgg_DeprecationWrapper(_elgg_services()->session, "\$SESSION is deprecated", 1.9); // logout a user with open session who has been banned $user = $session->getLoggedInUser(); if ($user && $user->isBanned()) { logout(); return false; } return true; }
/** * Initialises the system session and potentially logs the user in * * This function looks for: * * 1. $_SESSION['id'] - if not present, we're logged out, and this is set to 0 * 2. The cookie 'elggperm' - if present, checks it for an authentication token, validates it, and potentially logs the user in * * @uses $_SESSION * @param unknown_type $event * @param unknown_type $object_type * @param unknown_type $object */ function session_init($event, $object_type, $object) { global $DB_PREFIX, $CONFIG; if (!is_db_installed()) { return false; } // Use database for sessions $DB_PREFIX = $CONFIG->dbprefix; // HACK to allow access to prefix after object distruction if (!isset($CONFIG->use_file_sessions)) { session_set_save_handler("__elgg_session_open", "__elgg_session_close", "__elgg_session_read", "__elgg_session_write", "__elgg_session_destroy", "__elgg_session_gc"); } session_name('Elgg'); session_start(); // Do some sanity checking by generating a fingerprint (makes some XSS attacks harder) if (isset($_SESSION['__elgg_fingerprint'])) { if ($_SESSION['__elgg_fingerprint'] != get_session_fingerprint()) { session_destroy(); return false; } } else { $_SESSION['__elgg_fingerprint'] = get_session_fingerprint(); } // Generate a simple token (private from potentially public session id) if (!isset($_SESSION['__elgg_session'])) { $_SESSION['__elgg_session'] = md5(microtime() . rand()); } if (empty($_SESSION['guid'])) { if (isset($_COOKIE['elggperm'])) { $code = $_COOKIE['elggperm']; $code = md5($code); unset($_SESSION['guid']); //$_SESSION['guid'] = 0; unset($_SESSION['id']); //$_SESSION['id'] = 0; if ($user = get_user_by_code($code)) { $_SESSION['user'] = $user; $_SESSION['id'] = $user->getGUID(); $_SESSION['guid'] = $_SESSION['id']; $_SESSION['code'] = $_COOKIE['elggperm']; } } else { unset($_SESSION['id']); //$_SESSION['id'] = 0; unset($_SESSION['guid']); //$_SESSION['guid'] = 0; unset($_SESSION['code']); //$_SESSION['code'] = ""; } } else { if (!empty($_SESSION['code'])) { $code = md5($_SESSION['code']); if ($user = get_user_by_code($code)) { $_SESSION['user'] = $user; $_SESSION['id'] = $user->getGUID(); $_SESSION['guid'] = $_SESSION['id']; } else { unset($_SESSION['user']); unset($_SESSION['id']); //$_SESSION['id'] = 0; unset($_SESSION['guid']); //$_SESSION['guid'] = 0; unset($_SESSION['code']); //$_SESSION['code'] = ""; } } else { //$_SESSION['user'] = new ElggDummy(); unset($_SESSION['id']); //$_SESSION['id'] = 0; unset($_SESSION['guid']); //$_SESSION['guid'] = 0; unset($_SESSION['code']); //$_SESSION['code'] = ""; } } if ($_SESSION['id'] > 0) { set_last_action($_SESSION['id']); } register_action("login", true); register_action("logout"); // Register a default PAM handler register_pam_handler('pam_auth_userpass'); // Initialise the magic session global $SESSION; $SESSION = new ElggSession(); // Finally we ensure that a user who has been banned with an open session is kicked. if (isset($_SESSION['user']) && $_SESSION['user']->isBanned()) { session_destroy(); return false; } // Since we have loaded a new user, this user may have different language preferences register_translations(dirname(dirname(dirname(__FILE__))) . "/languages/"); return true; }
/** * LDAP Authentication init */ function ldap_auth_init() { // Register the authentication handler register_pam_handler('ldap_auth_authenticate'); }