/** * Logs in a specified ElggUser. For standard registration, use in conjunction * with elgg_authenticate. * * @see elgg_authenticate * * @param ElggUser $user A valid Elgg user object * @param boolean $persistent Should this be a persistent login? * * @return true or throws exception * @throws LoginException */ function login(ElggUser $user, $persistent = false) { if ($user->isBanned()) { throw new LoginException(elgg_echo('LoginException:BannedUser')); } // give plugins a chance to reject the login of this user (no user in session!) if (!elgg_trigger_event('login', 'user', $user)) { throw new LoginException(elgg_echo('LoginException:Unknown')); } $session = _elgg_services()->session; // if remember me checked, set cookie with token and store token on user if ($persistent) { $code = md5($user->name . $user->username . time() . rand()); // @todo oooh, hashing a hash adds magical powers _elgg_add_remember_me_cookie($user, md5($code)); $session->set('code', $code); $cookie = new ElggCookie("elggperm"); $cookie->value = $code; $cookie->setExpiresTime("+30 days"); elgg_set_cookie($cookie); } // User's privilege has been elevated, so change the session id (prevents session fixation) $session->migrate(); $session->setLoggedInUser($user); set_last_login($user->guid); reset_login_failure_count($user->guid); return true; }
* new_remember_me_table * * Moves the remember code into the new table and then drops the code from * the users entity table */ $db_prefix = elgg_get_config('dbprefix'); // create remember me table $query1 = <<<SQL CREATE TABLE IF NOT EXISTS `{$db_prefix}users_remember_me_cookies` ( `code` varchar(32) NOT NULL, `guid` bigint(20) unsigned NOT NULL, `timestamp` int(11) unsigned NOT NULL, PRIMARY KEY (`code`), KEY `timestamp` (`timestamp`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; SQL; update_data($query1); // move codes $ia = elgg_set_ignore_access(true); $options = array('type' => 'user', 'limit' => 0, 'selects' => array("u.code as code"), 'joins' => array("JOIN {$db_prefix}users_entity u ON e.guid = u.guid")); $batch = new ElggBatch('elgg_get_entities', $options); foreach ($batch as $entity) { $code = $entity->getVolatileData('select:code'); if ($code) { _elgg_add_remember_me_cookie($entity, $code); } } elgg_set_ignore_access($ia); // drop code from users table $query2 = "ALTER TABLE {$db_prefix}users_entity DROP code"; update_data($query2);