/** * @param int $user_record The account_id * @param bool $login_initial default false * @param bool $interactive default false * @param bool $return * @param bool $update_lastlog */ function authenticate_success($user_record, $channel = null, $login_initial = false, $interactive = false, $return = false, $update_lastlog = false) { $_SESSION['addr'] = $_SERVER['REMOTE_ADDR']; $lastlog_updated = false; if (x($user_record, 'account_id')) { App::$account = $user_record; $_SESSION['account_id'] = $user_record['account_id']; $_SESSION['authenticated'] = 1; if ($channel) { $uid_to_load = $channel['channel_id']; } if (!$uid_to_load) { $uid_to_load = x($_SESSION, 'uid') && intval($_SESSION['uid']) ? intval($_SESSION['uid']) : intval(App::$account['account_default_channel']); } if ($uid_to_load) { change_channel($uid_to_load); } if ($login_initial || $update_lastlog) { q("update account set account_lastlog = '%s' where account_id = %d", dbesc(datetime_convert()), intval($_SESSION['account_id'])); App::$account['account_lastlog'] = datetime_convert(); $lastlog_updated = true; call_hooks('logged_in', App::$account); } } if ($login_initial && !$lastlog_updated) { call_hooks('logged_in', $user_record); // might want to log success here } if ($return || x($_SESSION, 'workflow')) { unset($_SESSION['workflow']); return; } if (App::$module !== 'home' && x($_SESSION, 'login_return_url') && strlen($_SESSION['login_return_url'])) { $return_url = $_SESSION['login_return_url']; // don't let members get redirected to a raw ajax page update - this can happen // if DHCP changes the IP address at an unfortunate time and paranoia is turned on if (strstr($return_url, 'update_')) { $return_url = ''; } unset($_SESSION['login_return_url']); goaway(z_root() . '/' . $return_url); } /* This account has never created a channel. Send them to new_channel by default */ if (App::$module === 'login') { $r = q("select count(channel_id) as total from channel where channel_account_id = %d and channel_removed = 0 ", intval(App::$account['account_id'])); if ($r && !$r[0]['total']) { goaway(z_root() . '/new_channel'); } } /* else just return */ }
public static function set_account($acct) { self::$account = $acct; }
* A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record * Plugins should never set 'authenticated' except to indicate success - as hooks may be chained * and later plugins should not interfere with an earlier one that succeeded. * */ call_hooks('authenticate', $addon_auth); $atoken = null; $account = null; if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) { $account = $addon_auth['user_record']; } else { $verify = account_verify_password($_POST['username'], $_POST['password']); if ($verify) { $atoken = $verify['xchan']; $channel = $verify['channel']; $account = App::$account = $verify['account']; } if (App::$account) { $_SESSION['account_id'] = App::$account['account_id']; } elseif ($atoken) { atoken_login($atoken); } else { notice(t('Failed authentication') . EOL); } } if (!($account || $atoken)) { $error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']; logger($error); // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention $authlog = get_config('system', 'authlog'); if ($authlog) {
} if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') { $record = null; $addon_auth = array('username' => trim($_POST['username']), 'password' => trim($_POST['password']), 'authenticated' => 0, 'user_record' => null); /** * * A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record * Plugins should never set 'authenticated' except to indicate success - as hooks may be chained * and later plugins should not interfere with an earlier one that succeeded. * */ call_hooks('authenticate', $addon_auth); if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) { $record = $addon_auth['user_record']; } else { $record = App::$account = account_verify_password($_POST['username'], $_POST['password']); if (App::$account) { $_SESSION['account_id'] = App::$account['account_id']; } else { notice(t('Failed authentication') . EOL); } logger('authenticate: ' . print_r(App::$account, true), LOGGER_ALL); } if (!$record || !count($record)) { $error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']; logger($error); // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention $authlog = get_config('system', 'authlog'); if ($authlog) { @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND); }