/** * Send validation reminder to a specified user with * some parameters. * * @param ElggUser $user User to send the reminder to * @param int $enddate The end date in a unix timestamp * @param int $pastdays The days we've passed since the validation */ function send_validation_reminder_mail($user, $enddate, $pastdays) { $daysleft = $enddate - $pastdays; $site = elgg_get_site_entity(); $code = uservalidationbyemail_generate_code($user->getGUID(), $user->email); $link = $site->url . 'uservalidationbyemail/confirm?u=' . $user->getGUID() . '&c=' . $code; $subject = elgg_echo('validation_reminder:validate:token:subject', array($user->name, $site->name), $user->language); $body = elgg_echo('validation_reminder:validate:token:body', array($user->name, $pastdays, $site->name, $user->token, $link, $daysleft, $site->name, $site->url), $user->language); // Send validation email notify_user($user->guid, $site->guid, $subject, $body, array(), 'email'); }
/** * Is $blocked_user blocked by $blocking_user? * * @param ElggUser $blocked_user * @param ElggUser $blocking_user * @return type bool */ function is_blocked(\ElggUser $blocked_user, \ElggUser $blocking_user) { if (!$blocked_user instanceof \ElggUser || !$blocking_user instanceof \ElggUser) { return false; } return (bool) check_entity_relationship($blocking_user->getGUID(), 'blocked', $blocked_user->getGUID()); }
function group_tools_invite_user(ElggGroup $group, ElggUser $user, $text = "", $resend = false) { $result = false; if (!empty($user) && $user instanceof ElggUser && !empty($group) && $group instanceof ElggGroup && ($loggedin_user = elgg_get_logged_in_user_entity())) { // Create relationship $relationship = add_entity_relationship($group->getGUID(), "invited", $user->getGUID()); if ($relationship || $resend) { // Send email $url = elgg_get_site_url() . "groups/invitations/" . $user->username; $subject = elgg_echo("groups:invite:subject", array($user->name, $group->name)); $msg = elgg_echo("group_tools:groups:invite:body", array($user->name, $loggedin_user->name, $group->name, $text, $url)); if ($res = notify_user($user->getGUID(), $group->getOwnerGUID(), $subject, $msg)) { $result = true; } } } return $result; }
/** * Delete messages from a user who is being deleted * * @param string $event * @param string $type * @param ElggUser $user */ function customizations_purge_messages($event, $type, $user) { // make sure we delete them all $entity_disable_override = access_get_show_hidden_status(); access_show_hidden_entities(true); $messages = elgg_get_entities_from_metadata(array('type' => 'object', 'subtype' => 'messages', 'metadata_name' => 'fromId', 'metadata_value' => $user->getGUID(), 'limit' => 0)); if ($messages) { foreach ($messages as $e) { $e->delete(); } } access_show_hidden_entities($entity_disable_override); }
/** * Updates author's list when an invited author registers * * @param string $event * @param string $object_type * @param ElggUser $object */ function publication_login_check($event, $object_type, $object) { if (empty($object->firstpublication) || empty($object->exauthor_name)) { return; } $exauthor_name = $object->exauthor_name; $pub = get_entity($object->firstpublication); if (empty($pub) || !$pub instanceof Publication) { return; } add_entity_relationship($pub->getGUID(), 'author', $object->getGUID()); unset($object->firstpubication); unset($object->exauthor_name); $authors = $pub->authors; $authors = explode(',', $authors); foreach ($authors as $key => $value) { if ($value == $exauthor_name) { $authors[$key] = $object->getGUID(); } } $authors = implode(',', $authors); $pub->authors = $authors; }
/** * Create a notification event * * @param \ElggData $object The object of the event (\ElggEntity) * @param string $action The name of the action (default: create) * @param \ElggUser $actor The user that caused the event (default: logged in user) * * @throws \InvalidArgumentException */ public function __construct(\ElggData $object, $action, \ElggUser $actor = null) { if (elgg_instanceof($object)) { $this->object_type = $object->getType(); $this->object_subtype = $object->getSubtype(); $this->object_id = $object->getGUID(); } else { $this->object_type = $object->getType(); $this->object_subtype = $object->getSubtype(); $this->object_id = $object->id; } if ($actor == null) { $this->actor_guid = _elgg_services()->session->getLoggedInUserGuid(); } else { $this->actor_guid = $actor->getGUID(); } $this->action = $action; }
/** * Create a notification event * * @param \ElggData $object The object of the event (\ElggEntity) * @param string $action The name of the action (default: create) * @param \ElggUser $actor The user that caused the event (default: logged in user) * * @throws \InvalidArgumentException */ public function __construct(\ElggData $object, $action, \ElggUser $actor = null) { if (elgg_instanceof($object)) { $this->object_type = $object->getType(); $this->object_subtype = $object->getSubtype(); $this->object_id = $object->getGUID(); } else { $this->object_type = $object->getType(); $this->object_subtype = $object->getSubtype(); $this->object_id = $object->id; } if ($actor == null) { $this->actor_guid = elgg_get_logged_in_user_guid(); } else { $this->actor_guid = $actor->getGUID(); } $this->action = $action; }
/** * Create a notification event * * @param ElggData $object The object of the event (ElggEntity, ElggAnnotation, ElggRelationship) * @param string $action The name of the action (default: create) * @param ElggUser $actor The user that caused the event (default: logged in user) * @throws InvalidArgumentException */ public function __construct($object, $action, $actor = null) { if (!$object instanceof ElggData) { throw new InvalidArgumentException('$object is not an instance of ElggData'); } if (elgg_instanceof($object)) { $this->object_type = $object->getType(); $this->object_subtype = $object->getSubtype(); $this->object_id = $object->getGUID(); } else { $this->object_type = $object->getType(); $this->object_subtype = $object->getSubtype(); $this->object_id = $object->id; } if ($actor == null) { $this->actor_guid = elgg_get_logged_in_user_guid(); } else { $this->actor_guid = $actor->getGUID(); } $this->action = $action; }
/** * Check if the user is receiving notifications from the group * * @param \ElggUser $user the user to check * @param \ElggGroup $group the group to check for * * @return bool */ public static function notificationsEnabledForGroup(\ElggUser $user, \ElggGroup $group) { if (!$user instanceof \ElggUser || !$group instanceof \ElggGroup) { return false; } $subscriptions = elgg_get_subscriptions_for_container($group->getGUID()); if (!is_array($subscriptions)) { return false; } if (!empty($subscriptions[$user->getGUID()])) { return true; } return false; }
/** * Can a user access an entity. * * @warning If a logged in user doesn't have access to an entity, the * core engine will not load that entity. * * @tip This is mostly useful for checking if a user other than the logged in * user has access to an entity that is currently loaded. * * @todo This function would be much more useful if we could pass the guid of the * entity to test access for. We need to be able to tell whether the entity exists * and whether the user has access to the entity. * * @param ElggEntity $entity The entity to check access for. * @param ElggUser $user Optionally user to check access for. Defaults to * logged in user (which is a useless default). * * @return bool * @link http://docs.elgg.org/Access */ function has_access_to_entity($entity, $user = null) { global $CONFIG; if (!isset($user)) { $access_bit = get_access_sql_suffix("e"); } else { $access_bit = get_access_sql_suffix("e", $user->getGUID()); } $query = "SELECT guid from {$CONFIG->dbprefix}entities e WHERE e.guid = " . $entity->getGUID(); // Add access controls $query .= " AND " . $access_bit; if (get_data($query)) { return true; } else { return false; } }
/** * Pull in the latest avatar from twitter. * * @param ElggUser $user * @param string $file_location */ function twitter_api_update_user_avatar($user, $file_location) { // twitter's images have a few suffixes: // _normal // _reasonably_small // _mini // the twitter app here returns _normal. We want standard, so remove the suffix. // @todo Should probably check that it's an image file. $file_location = str_replace('_normal.jpg', '.jpg', $file_location); $icon_sizes = elgg_get_config('icon_sizes'); $filehandler = new ElggFile(); $filehandler->owner_guid = $user->getGUID(); foreach ($icon_sizes as $size => $dimensions) { $image = get_resized_image_from_existing_file($file_location, $dimensions['w'], $dimensions['h'], $dimensions['square']); $filehandler->setFilename("profile/{$user->guid}{$size}.jpg"); $filehandler->open('write'); $filehandler->write($image); $filehandler->close(); } // update user's icontime $user->icontime = time(); }
/** * Check if page owner and user are a member of the same group * * @param ElggUser $page_owner the current page owner * @param ElggUser $user the user to check with * * @return bool */ function owner_gatekeeper_match_group(ElggUser $page_owner, ElggUser $user) { if (!$page_owner instanceof ElggUser || !$user instanceof ElggUser) { return false; } $options = ['type' => 'group', 'limit' => false, 'callback' => function ($row) { return (int) $row->guid; }, 'relationship' => 'member', 'relationship_guid' => $page_owner->getGUID()]; // page owners groups $page_owner_group_guids = elgg_get_entities_from_relationship($options); // users groups $options['relationship_guid'] = $user->getGUID(); $user_group_guids = elgg_get_entities_from_relationship($options); // same groups $matching_guids = array_intersect($page_owner_group_guids, $user_group_guids); return !empty($matching_guids); }
/** * Get the time_created from the group membership relation * * @param ElggUser $user the user to check * @param ElggGroup $group the group to check * * @return int */ function group_tools_get_membership_information(ElggUser $user, ElggGroup $group) { $result = 0; if (!empty($user) && !empty($group)) { $query = "SELECT *"; $query .= " FROM " . elgg_get_config("dbprefix") . "entity_relationships"; $query .= " WHERE guid_one = " . $user->getGUID(); $query .= " AND guid_two = " . $group->getGUID(); $query .= " AND relationship = 'member'"; $row = get_data_row($query); if (!empty($row)) { $result = $row->time_created; } } return $result; }
/** * Prevent a manual code login with login(). * * @param string $event * @param string $type * @param ElggUser $user * @return bool * * @throws LoginException */ function uservalidationbyemail_check_manual_login($event, $type, $user) { $access_status = access_get_show_hidden_status(); access_show_hidden_entities(TRUE); if ($user instanceof ElggUser && !$user->isEnabled() && !$user->validated) { // send new validation email uservalidationbyemail_request_validation($user->getGUID()); // restore hidden entities settings access_show_hidden_entities($access_status); // throw error so we get a nice error message throw new LoginException(elgg_echo('uservalidationbyemail:login:fail')); } access_show_hidden_entities($access_status); }
function subsite_manager_get_invited_subsites(ElggUser $user) { $result = false; if (!empty($user) && $user instanceof Elgguser) { // based on email adres $options = array("type" => "site", "subtype" => Subsite::SUBTYPE, "limit" => false, "site_guids" => false, "joins" => array("JOIN " . elgg_get_config("dbprefix") . "private_settings s ON e.guid = s.entity_guid"), "wheres" => array("(s.name = 'membership_invitation' AND s.value LIKE '%" . sanitise_string($user->email) . "%')")); $subsites_email = elgg_get_entities($options); // based on relationship $options = array("type" => "site", "subtype" => Subsite::SUBTYPE, "limit" => false, "site_guids" => false, "relationship" => "membership_invitation", "relationship_guid" => $user->getGUID()); $subsites_relations = elgg_get_entities_from_relationship($options); // make result if (!empty($subsites_email) && !empty($subsites_relations)) { $result = array_merge($subsites_email, $subsites_relations); } elseif (!empty($subsites_email)) { $result = $subsites_email; } elseif (!empty($subsites_relations)) { $result = $subsites_relations; } } return $result; }
/** * Adds uploaded files to your profile * * @param string $event Event name * @param string $object_type Event type * @param ElggUser $user User being updated * * @return void */ function profile_manager_profileupdate_user_event($event, $object_type, $user) { if (!empty($user) && $user instanceof ElggUser) { // upload a file to your profile $accesslevel = get_input('accesslevel'); if (!is_array($accesslevel)) { $accesslevel = array(); } $options = array("type" => "object", "subtype" => CUSTOM_PROFILE_FIELDS_PROFILE_SUBTYPE, "limit" => false, "metadata_name_value_pairs" => array("name" => "metadata_type", "value" => "pm_file")); $configured_fields = elgg_get_entities_from_metadata($options); if ($configured_fields) { foreach ($configured_fields as $field) { // check for uploaded files $metadata_name = $field->metadata_name; $current_file_guid = $user->{$metadata_name}; if (isset($accesslevel[$metadata_name])) { $access_id = (int) $accesslevel[$metadata_name]; } else { // this should never be executed since the access level should always be set $access_id = ACCESS_PRIVATE; } if (isset($_FILES[$metadata_name]) && $_FILES[$metadata_name]['error'] == 0) { // uploaded file exists so, save it to an ElggFile object // use current_file_guid to overwrite previously uploaded files $filehandler = new ElggFile($current_file_guid); $filehandler->owner_guid = $user->getGUID(); $filehandler->container_guid = $user->getGUID(); $filehandler->subtype = "file"; $filehandler->access_id = $access_id; $filehandler->title = $field->getTitle(); $filehandler->setFilename("profile_manager/" . $_FILES[$metadata_name]["name"]); $filehandler->setMimeType($_FILES[$metadata_name]["type"]); $filehandler->open("write"); $filehandler->write(get_uploaded_file($metadata_name)); $filehandler->close(); if ($filehandler->save()) { $filehandler->profile_manager_metadata_name = $metadata_name; // used to retrieve user file when deleting $filehandler->originalfilename = $_FILES[$metadata_name]["name"]; create_metadata($user->guid, $metadata_name, $filehandler->getGUID(), 'text', $user->guid, $access_id); } } else { // if file not uploaded should it be deleted??? if (empty($current_file_guid)) { // find the previously uploaded file and if exists... delete it $options = array("type" => "object", "subtype" => "file", "owner_guid" => $user->getGUID(), "limit" => 1, "metadata_name_value_pairs" => array("name" => "profile_manager_metadata_name", "value" => $metadata_name)); $files = elgg_get_entities_from_metadata($options); if ($files) { $file = $files[0]; $file->delete(); } } else { if ($file = get_entity($current_file_guid)) { // maybe we need to update the access id $file->access_id = $access_id; $file->save(); } } } } } // update profile completeness profile_manager_profile_completeness($user); } }
/** * Creates a relationship between this site and the user. * * @param string $event create * @param string $object_type user * @param ElggUser $object User object * * @return bool * @access private */ function user_create_hook_add_site_relationship($event, $object_type, $object) { global $CONFIG; add_entity_relationship($object->getGUID(), 'member_of_site', $CONFIG->site->getGUID()); }
/** * Adds default admin widgets to the admin dashboard. * * @param string $event * @param string $type * @param ElggUser $user * * @return null|true * @access private */ function elgg_add_admin_widgets($event, $type, $user) { elgg_set_ignore_access(true); // check if the user already has widgets if (elgg_get_widgets($user->getGUID(), 'admin')) { return true; } // In the form column => array of handlers in order, top to bottom $adminWidgets = array(1 => array('control_panel', 'admin_welcome'), 2 => array('online_users', 'new_users', 'content_stats')); foreach ($adminWidgets as $column => $handlers) { foreach ($handlers as $position => $handler) { $guid = elgg_create_widget($user->getGUID(), $handler, 'admin'); if ($guid) { $widget = get_entity($guid); /* @var ElggWidget $widget */ $widget->move($column, $position); } } } elgg_set_ignore_access(false); }
/** * Creates a relationship between this site and the user. * * @param string $event create * @param string $object_type user * @param \ElggUser $object User object * * @return void * @access private */ function user_create_hook_add_site_relationship($event, $object_type, $object) { add_entity_relationship($object->getGUID(), 'member_of_site', elgg_get_site_entity()->guid); }
/** * Pull in the latest avatar from twitter. * * @param ElggUser $user * @param string $file_location */ function twitter_api_update_user_avatar($user, $file_location) { // twitter's images have a few suffixes: // _normal // _resonably_small // _mini // the twitter app here returns _normal. We want standard, so remove the suffix. // @todo Should probably check that it's an image file. $file_location = str_replace('_normal.jpg', '.jpg', $file_location); $sizes = array('topbar' => array(16, 16, TRUE), 'tiny' => array(25, 25, TRUE), 'small' => array(40, 40, TRUE), 'medium' => array(100, 100, TRUE), 'large' => array(200, 200, FALSE), 'master' => array(550, 550, FALSE)); $filehandler = new ElggFile(); $filehandler->owner_guid = $user->getGUID(); foreach ($sizes as $size => $dimensions) { $image = get_resized_image_from_existing_file($file_location, $dimensions[0], $dimensions[1], $dimensions[2]); $filehandler->setFilename("profile/{$user->guid}{$size}.jpg"); $filehandler->open('write'); $filehandler->write($image); $filehandler->close(); } // update user's icontime $user->icontime = time(); }
/** * Logs in a specified ElggUser. For standard registration, use in conjunction * with elgg_authenticate. * * @see elgg_authenticate * * @param ElggUser $user A valid Elgg user object * @param boolean $persistent Should this be a persistent login? * * @return true or throws exception * @throws LoginException */ function login(ElggUser $user, $persistent = false) { // User is banned, return false. if ($user->isBanned()) { throw new LoginException(elgg_echo('LoginException:BannedUser')); } $_SESSION['user'] = $user; $_SESSION['guid'] = $user->getGUID(); $_SESSION['id'] = $_SESSION['guid']; $_SESSION['username'] = $user->username; $_SESSION['name'] = $user->name; // if remember me checked, set cookie with token and store token on user if ($persistent) { $code = md5($user->name . $user->username . time() . rand()); $_SESSION['code'] = $code; $user->code = md5($code); setcookie("elggperm", $code, time() + 86400 * 30, "/"); } if (!$user->save() || !elgg_trigger_event('login', 'user', $user)) { unset($_SESSION['username']); unset($_SESSION['name']); unset($_SESSION['code']); unset($_SESSION['guid']); unset($_SESSION['id']); unset($_SESSION['user']); setcookie("elggperm", "", time() - 86400 * 30, "/"); throw new LoginException(elgg_echo('LoginException:Unknown')); } // Users privilege has been elevated, so change the session id (prevents session fixation) session_regenerate_id(); // Update statistics set_last_login($_SESSION['guid']); reset_login_failure_count($user->guid); // Reset any previous failed login attempts // if memcache is enabled, invalidate the user in memcache @see https://github.com/Elgg/Elgg/issues/3143 if (is_memcache_available()) { // this needs to happen with a shutdown function because of the timing with set_last_login() register_shutdown_function("_elgg_invalidate_memcache_for_entity", $_SESSION['guid']); } return true; }
public function testAccessCaching() { // create a new user to check against $user = new ElggUser(); $user->username = '******'; $user->save(); foreach (array('get_access_list', 'get_access_array') as $func) { $cache = _elgg_get_access_cache(); $cache->clear(); // admin users run tests, so disable access elgg_set_ignore_access(true); $access = $func($user->getGUID()); elgg_set_ignore_access(false); $access2 = $func($user->getGUID()); $this->assertNotEqual($access, $access2, "Access test for {$func}"); } $user->delete(); }
/** * Logs in a specified ElggUser. For standard registration, use in conjunction * with elgg_authenticate. * * @see elgg_authenticate * * @param ElggUser $user A valid Elgg user object * @param boolean $persistent Should this be a persistent login? * * @return true or throws exception * @throws LoginException */ function login(ElggUser $user, $persistent = false) { global $CONFIG; // User is banned, return false. if ($user->isBanned()) { throw new LoginException(elgg_echo('LoginException:BannedUser')); } $_SESSION['user'] = $user; $_SESSION['guid'] = $user->getGUID(); $_SESSION['id'] = $_SESSION['guid']; $_SESSION['username'] = $user->username; $_SESSION['name'] = $user->name; // if remember me checked, set cookie with token and store token on user if ($persistent) { $code = md5($user->name . $user->username . time() . rand()); $_SESSION['code'] = $code; $user->code = md5($code); setcookie("elggperm", $code, time() + 86400 * 30, "/"); } if (!$user->save() || !elgg_trigger_event('login', 'user', $user)) { unset($_SESSION['username']); unset($_SESSION['name']); unset($_SESSION['code']); unset($_SESSION['guid']); unset($_SESSION['id']); unset($_SESSION['user']); setcookie("elggperm", "", time() - 86400 * 30, "/"); throw new LoginException(elgg_echo('LoginException:Unknown')); } // Users privilege has been elevated, so change the session id (prevents session fixation) session_regenerate_id(); // Update statistics set_last_login($_SESSION['guid']); reset_login_failure_count($user->guid); // Reset any previous failed login attempts return true; }
/** * Delete messages from a user who is being deleted * * @param string $event Event name * @param string $type Event type * @param ElggUser $user User being deleted */ function messages_purge($event, $type, $user) { if (!$user->getGUID()) { return; } // make sure we delete them all $entity_disable_override = access_get_show_hidden_status(); access_show_hidden_entities(true); $ia = elgg_set_ignore_access(true); $options = array('type' => 'object', 'subtype' => 'messages', 'metadata_name' => 'fromId', 'metadata_value' => $user->getGUID(), 'limit' => 0); $batch = new ElggBatch('elgg_get_entities_from_metadata', $options); foreach ($batch as $e) { $e->delete(); } elgg_set_ignore_access($ia); access_show_hidden_entities($entity_disable_override); }
function profile_manager_get_user_profile_data(ElggUser $user) { $profile_fields = elgg_get_config('profile_fields'); $result = false; if (!empty($user) && !empty($profile_fields)) { $fields = array_keys($profile_fields); $fields[] = "custom_profile_type"; $options = array("metadata_names" => $fields, "guid" => $user->getGUID(), "limit" => false); $rows = elgg_get_metadata($options); if ($rows) { $result = array(); foreach ($rows as $row) { if (!array_key_exists($row->name, $result)) { // create object $object = new stdClass(); $object->name = $row->name; $object->value = $row->value; $object->access_id = $row->access_id; $result[$row->name] = $object; } else { $result[$row->name]->value = $row->value . ", " . $result[$row->name]->value; } } } } return $result; }
/** * Can a user access an entity. * * @warning If a logged in user doesn't have access to an entity, the * core engine will not load that entity. * * @tip This is mostly useful for checking if a user other than the logged in * user has access to an entity that is currently loaded. * * @todo This function would be much more useful if we could pass the guid of the * entity to test access for. We need to be able to tell whether the entity exists * and whether the user has access to the entity. * * @param \ElggEntity $entity The entity to check access for. * @param \ElggUser $user Optionally user to check access for. Defaults to * logged in user (which is a useless default). * * @return bool */ function hasAccessToEntity($entity, $user = null) { // See #7159. Must not allow ignore access to affect query $ia = elgg_set_ignore_access(false); if (!isset($user)) { $access_bit = _elgg_get_access_where_sql(); } else { $access_bit = _elgg_get_access_where_sql(array('user_guid' => $user->getGUID())); } elgg_set_ignore_access($ia); $db = _elgg_services()->db; $prefix = $db->getTablePrefix(); $query = "SELECT guid from {$prefix}entities e WHERE e.guid = {$entity->guid}"; // Add access controls $query .= " AND " . $access_bit; if ($db->getData($query)) { return true; } else { return false; } }
/** * Checks if the user is a moderator of any item in the given container * * @param ElggEntity $container_entity container entity to check in * @param ElggUser $user user to check * * @return boolean */ function static_is_moderator_in_container(ElggEntity $container_entity, ElggUser $user) { if (empty($container_entity) || empty($user)) { return false; } $dbprefix = elgg_get_config('dbprefix'); $ia = elgg_set_ignore_access(true); $md = elgg_get_metadata(['selects' => ['msv.string as value'], 'metadata_names' => ['moderators'], 'limit' => false, 'joins' => ["JOIN {$dbprefix}metastrings msv ON n_table.value_id = msv.id", "JOIN {$dbprefix}entities e ON n_table.entity_guid = e.guid"], 'wheres' => ['msv.string <> ""', 'e.type = "object" AND e.subtype = ' . get_subtype_id('object', 'static'), 'e.container_guid = ' . $container_entity->getGUID()], 'callback' => function ($row) { $value = $row->value; if (!empty($value)) { return $value; } }]); elgg_set_ignore_access($ia); return in_array($user->getGUID(), $md); }
/** * Returns the redirect url after login * * @param ElggUser $user * @return false | string forward url */ function login_redirector_general_login(ElggUser $user) { $result = false; $plugin = elgg_get_plugin_from_id("login_redirector"); if ($plugin->useroverride == 'yes') { $pref = $plugin->getUserSetting("redirectpage", $user->getGUID()); } if (empty($pref)) { $pref = $plugin->redirectpage; } switch ($pref) { case "homepage": $url = elgg_get_site_url(); break; case "profile": if (elgg_is_active_plugin("profile")) { $url = elgg_get_site_url() . "profile/" . $user->username; } break; case "dashboard": if (elgg_is_active_plugin("dashboard")) { $url = elgg_get_site_url() . "dashboard"; } break; case "custom": if ($custom = $plugin->first_login_custom_redirect) { $url = str_ireplace("[wwwroot]", elgg_get_site_url(), $custom); $url = str_ireplace("[username]", $user->username, $url); } break; default: if (!empty($pref)) { $url = str_ireplace("[wwwroot]", elgg_get_site_url(), $pref); $url = str_ireplace("[username]", $user->username, $url); } break; } if ($url) { // set the redirect url correctly $result = elgg_normalize_url($url); } return $result; }
/** * Logs in a specified ElggUser. For standard registration, use in conjunction * with authenticate. * * @see authenticate * @param ElggUser $user A valid Elgg user object * @param boolean $persistent Should this be a persistent login? * @return true|false Whether login was successful */ function login(ElggUser $user, $persistent = false) { global $CONFIG; if ($user->isBanned()) { return false; } // User is banned, return false. if (check_rate_limit_exceeded($user->guid)) { return false; } // Check rate limit $_SESSION['user'] = $user; $_SESSION['guid'] = $user->getGUID(); $_SESSION['id'] = $_SESSION['guid']; $_SESSION['username'] = $user->username; $_SESSION['name'] = $user->name; $code = md5($user->name . $user->username . time() . rand()); $user->code = md5($code); $_SESSION['code'] = $code; if ($persistent) { setcookie("elggperm", $code, time() + 86400 * 30, "/"); } if (!$user->save() || !trigger_elgg_event('login', 'user', $user)) { unset($_SESSION['username']); unset($_SESSION['name']); unset($_SESSION['code']); unset($_SESSION['guid']); unset($_SESSION['id']); unset($_SESSION['user']); setcookie("elggperm", "", time() - 86400 * 30, "/"); return false; } // Users privilege has been elevated, so change the session id (help prevent session hijacking) session_regenerate_id(); // Update statistics set_last_login($_SESSION['guid']); reset_login_failure_count($user->guid); // Reset any previous failed login attempts // Set admin shortcut flag if this is an admin if (isadminloggedin()) { global $is_admin; $is_admin = true; } return true; }
/** * Remove a user from the group. * * @param ElggUser $user User * * @return bool */ public function leave(ElggUser $user) { return leave_group($this->getGUID(), $user->getGUID()); }