/**
* Replace the current user session
*
* @param ElggUser $user New user to login as (null to log out)
* @return ElggUser|null Removed session user (or null)
*/
public function replaceSession(ElggUser $user = null)
{
$session = elgg_get_session();
$old = $session->getLoggedInUser();
if ($user) {
$session->setLoggedInUser($user);
} else {
$session->removeLoggedInUser();
}
return $old;
}
/**
* Add a menu item to the topbar menu for logging out of an account
*/
function login_as_add_topbar_link()
{
$session = elgg_get_session();
$original_user_guid = $session->get('login_as_original_user_guid');
// short circuit view if not logged in as someone else.
if (!$original_user_guid) {
return;
}
$title = elgg_echo('login_as:return_to_user', array(elgg_get_logged_in_user_entity()->username, get_entity($original_user_guid)->username));
$html = elgg_view('login_as/topbar_return', array('user_guid' => $original_user_guid));
elgg_register_menu_item('topbar', array('name' => 'login_as_return', 'text' => $html, 'href' => 'action/logout_as', 'is_action' => true, 'title' => $title, 'link_class' => 'login-as-topbar', 'priority' => 700));
}
/**
* Messages page handler
*
* @param array $page Array of URL components for routing
* @return bool
*/
function messages_page_handler($page)
{
$current_user = elgg_get_logged_in_user_entity();
if (!$current_user) {
register_error(elgg_echo('noaccess'));
elgg_get_session()->set('last_forward_from', current_page_url());
forward('');
}
elgg_load_library('elgg:messages');
elgg_push_breadcrumb(elgg_echo('messages'), 'messages/inbox/' . $current_user->username);
if (!isset($page[0])) {
$page[0] = 'inbox';
}
// Support the old inbox url /messages/<username>, but only if it matches the logged in user.
// Otherwise having a username like "read" on the system could confuse this function.
if ($current_user->username === $page[0]) {
$page[1] = $page[0];
$page[0] = 'inbox';
}
if (!isset($page[1])) {
$page[1] = $current_user->username;
}
$base_dir = elgg_get_plugins_path() . 'messages/pages/messages';
switch ($page[0]) {
case 'inbox':
set_input('username', $page[1]);
include "{$base_dir}/inbox.php";
break;
case 'sent':
set_input('username', $page[1]);
include "{$base_dir}/sent.php";
break;
case 'read':
set_input('guid', $page[1]);
include "{$base_dir}/read.php";
break;
case 'compose':
case 'add':
include "{$base_dir}/send.php";
break;
default:
return false;
}
return true;
}
/**
* Request user validation email.
* Send email out to the address and request a confirmation.
*
* @param int $user_guid The user's GUID
* @return mixed
*/
function uservalidationbyemail_request_validation($user_guid)
{
$site = elgg_get_site_entity();
$user_guid = (int) $user_guid;
$user = get_entity($user_guid);
if ($user && $user instanceof ElggUser) {
// Work out validate link
$link = "{$site->url}uservalidationbyemail/confirm?u={$user_guid}";
$link = elgg_http_get_signed_url($link);
// Get email to show in the next page
elgg_get_session()->set('emailsent', $user->email);
$subject = elgg_echo('email:validate:subject', array($user->name, $site->name), $user->language);
$body = elgg_echo('email:validate:body', array($user->name, $site->name, $link, $site->name, $site->url), $user->language);
$params = ['action' => 'uservalidationbyemail', 'object' => $user, 'link' => $link];
// Send validation email
$result = notify_user($user->guid, $site->guid, $subject, $body, $params, 'email');
return $result;
}
return FALSE;
}
function setUp()
{
$this->pages = dirname(dirname(__FILE__)) . '/test_files/pages';
$this->fooHandlerCalls = 0;
$session = ElggSession::getMock();
_elgg_services()->setValue('session', $session);
_elgg_services()->session->start();
$config = $this->config();
_elgg_services()->setValue('config', $config);
$this->input = new Input();
_elgg_services()->setValue('input', $this->input);
$this->request = $this->prepareHttpRequest('', 'GET');
_elgg_services()->setValue('request', $this->request);
$this->translator = new Translator();
$this->translator->addTranslation('en', ['__test__' => 'Test']);
$this->hooks = new PluginHooksService();
$this->router = new Router($this->hooks);
$this->system_messages = new SystemMessagesService(elgg_get_session());
$this->viewsDir = dirname(dirname(__FILE__)) . "/test_files/views";
$this->createService();
_elgg_services()->logger->disable();
}
/**
* Request user validation email.
* Send email out to the address and request a confirmation.
*
* @param int $user_guid The user's GUID
* @param bool $admin_requested Was it requested by admin
* @return mixed
*/
function uservalidationbyemail_request_validation($user_guid, $admin_requested = 'deprecated')
{
if ($admin_requested != 'deprecated') {
elgg_deprecatednotice('Second param $admin_requested no more used in uservalidationbyemail_request_validation function', 1.9);
}
$site = elgg_get_site_entity();
$user_guid = (int) $user_guid;
$user = get_entity($user_guid);
if ($user && $user instanceof ElggUser) {
// Work out validate link
$code = uservalidationbyemail_generate_code($user_guid, $user->email);
$link = "{$site->url}uservalidationbyemail/confirm?u={$user_guid}&c={$code}";
// Get email to show in the next page
elgg_get_session()->set('emailsent', $user->email);
$subject = elgg_echo('email:validate:subject', array($user->name, $site->name), $user->language);
$body = elgg_echo('email:validate:body', array($user->name, $site->name, $link, $site->name, $site->url), $user->language);
// Send validation email
$result = notify_user($user->guid, $site->guid, $subject, $body, array(), 'email');
return $result;
}
return FALSE;
}
<?php
/**
* Assembles and outputs the forgotten password page.
*/
if (elgg_is_logged_in()) {
forward();
}
$title = elgg_echo('user:password:lost');
$hash_missing_username = elgg_get_session()->get('forgotpassword:hash_missing');
if ($hash_missing_username) {
elgg_get_session()->remove('forgotpassword:hash_missing');
register_error(elgg_echo('user:password:hash_missing'));
}
$form_vars = ['class' => 'elgg-form-account'];
$body_vars = ['username' => $hash_missing_username];
$content = elgg_view_form('user/requestnewpassword', $form_vars, $body_vars);
$shell = elgg_get_config('walled_garden') ? 'walled_garden' : 'default';
$body = elgg_view_layout('default', ['content' => $content, 'title' => $title, 'sidebar' => false]);
echo elgg_view_page($title, $body, $shell);
<?php
elgg_get_session()->set('event_manager_files_migration_offset', 0);
// Upgrade also possible hidden entities. This feature get run
// by an administrator so there's no need to ignore access.
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
$count = elgg_get_entities_from_metadata(['type' => 'object', 'subtype' => \Event::SUBTYPE, 'metadata_names' => ['icontime', 'files'], 'count' => true]);
echo elgg_view('output/longtext', ['value' => elgg_echo('admin:upgrades:migrate_files_to_event:description')]);
echo elgg_view('admin/upgrades/view', ['count' => $count, 'action' => 'action/event_manager/upgrades/files_migration']);
access_show_hidden_entities($access_status);
/**
* Override the URL to be forwarded after registration
*
* @param string $hook
* @param string $type
* @param bool $value
* @param array $params
* @return string
*/
function uservalidationbyemail_after_registration_url($hook, $type, $value, $params)
{
$url = elgg_extract('current_url', $params);
if ($url == elgg_get_site_url() . 'action/register') {
$session = elgg_get_session();
$email = $session->get('emailsent', '');
if ($email) {
return elgg_get_site_url() . 'uservalidationbyemail/emailsent';
}
}
}
/**
* Returns the access token to use in twitter calls.
*
* @param bool $oauth_verifier
* @return array
*/
function twitter_api_get_access_token($oauth_verifier = FALSE)
{
$session = elgg_get_session();
// retrieve stored tokens
$api_settings = $session->get('twitter_api');
$oauth_token = $api_settings['oauth_token'];
$oauth_token_secret = $api_settings['oauth_token_secret'];
$session->remove('twitter_api');
// fetch an access token
$api = twitter_api_get_api_object($oauth_token, $oauth_token_secret);
return $api->getAccessToken($oauth_verifier);
}
/**
* Helper function to remove information from $_SESSION
*
* @param string $name the name to remove
*
* @access private
*
* @return mixed
*/
function simplesaml_remove_from_session($name)
{
$session = elgg_get_session();
return $session->remove($name);
}
// save profile field
if (!is_array($value)) {
create_metadata($user->getGUID(), $metadata_name, $value, '', $user->getGUID(), ACCESS_LOGGED_IN);
} else {
// correctly save tag/array values
foreach ($value as $v) {
create_metadata($user->getGUID(), $metadata_name, $v, '', $user->getGUID(), ACCESS_LOGGED_IN, true);
}
}
}
}
elgg_clear_sticky_form('wizard');
// user did this wizard
$entity->addRelationship($user->getGUID(), 'done');
// cleanup session
elgg_get_session()->remove('wizards');
// if (empty($_SESSION['wizards'])) {
// $_SESSION['wizards'] = true;
// } elseif ($_SESSION['wizards'] !== true) {
// $wizards = $_SESSION['wizards'];
// foreach ($wizards as $index => $guid) {
// if ($guid == $entity->getGUID()) {
// unset($wizards[$index]);
// }
// }
// if (empty($wizards)) {
// // no more wizards to follow
// $_SESSION['wizards'] = true;
// } else {
// // you need to do more wizards
// $_SESSION['wizards'] = $wizards;
<?php
/**
* Logout as the current user, back to the original user.
*/
$session = elgg_get_session();
$user_guid = $session->get('login_as_original_user_guid');
$user = get_entity($user_guid);
$persistent = $session->get('login_as_original_persistent');
if (!$user instanceof ElggUser || !$user->isadmin()) {
register_error(elgg_echo('login_as:unknown_user'));
} else {
if (login($user, $persistent)) {
$session->remove('login_as_original_user_guid');
$session->remove('login_as_original_persistent');
system_message(elgg_echo('login_as:logged_in_as_user', array($user->username)));
} else {
register_error(elgg_echo('login_as:could_not_login_as_user', array($user->username)));
}
}
forward(REFERER);
/**
* Make sure users follow the wizard
*
* @return void|Wizard
*/
function wizard_check_wizards()
{
$user = elgg_get_logged_in_user_entity();
if (empty($user)) {
// only logged in users
return;
}
if (elgg_is_xhr()) {
// only check on regular pages
return;
}
if (elgg_in_context('wizard') || elgg_in_context('admin')) {
// deadloop prevention and /admin is allowed
return;
}
$SESSION = elgg_get_session();
if ($SESSION->has('wizards')) {
if ($SESSION->get('wizards') === true) {
return;
} else {
foreach ($SESSION->get('wizards', []) as $index => $guid) {
$wizard = get_entity($guid);
if (!$wizard instanceof Wizard) {
unset($SESSION['wizards'][$index]);
continue;
}
return $wizard;
}
if ($SESSION->get('wizards')) {
$SESSION->set('wizards', true);
}
}
}
$dbprefix = elgg_get_config('dbprefix');
$endtime_id = elgg_get_metastring_id('endtime');
$entities = elgg_get_entities_from_metadata(['type' => 'object', 'subtype' => \Wizard::SUBTYPE, 'limit' => false, 'metadata_name_value_pairs' => [['name' => 'starttime', 'value' => time(), 'operand' => '<=']], 'joins' => ["JOIN {$dbprefix}metadata mde ON e.guid = mde.entity_guid", "JOIN {$dbprefix}metastrings mse ON mde.value_id = mse.id"], 'wheres' => ["(e.guid NOT IN (SELECT guid_one\n\t\t\t\tFROM {$dbprefix}entity_relationships\n\t\t\t\tWHERE relationship = 'done'\n\t\t\t\tAND guid_two = {$user->getGUID()}\n\t\t\t))", "(mde.name_id = {$endtime_id} AND mse.string = 0 OR mse.string > " . time() . ")"]]);
if (empty($entities)) {
$SESSION->set('wizards', true);
return;
}
$guids = [];
$new_users_guids = [];
$user_need_new_user_wizards = $user->getPrivateSetting('wizard_check_first_login_wizards');
foreach ($entities as $e) {
if ($e->show_users == 'new_users') {
if ($user_need_new_user_wizards) {
$new_users_guids[] = $e->getGUID();
}
} else {
$guids[] = $e->getGUID();
}
}
if (($user_need_new_user_wizards || $user_need_new_user_wizards === null) && empty($new_users_guids)) {
// there are no more new user wizards to show, so report the user as done
$user->setPrivateSetting('wizard_check_first_login_wizards', false);
}
if (empty($new_users_guids) && empty($guids)) {
$SESSION->set('wizards', true);
return;
}
if (!empty($new_users_guids)) {
$SESSION->set('wizards', $new_users_guids);
} else {
$SESSION->set('wizards', $guids);
}
$wizards = $SESSION->get('wizards');
return get_entity($wizards[0]);
}
if (empty($username) || empty($password)) {
return elgg_error_response(elgg_echo('login:empty'));
}
// check if logging in with email address
if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {
$username = $users[0]->username;
}
$user = get_user_by_username($username);
$result = elgg_authenticate($username, $password);
if ($result !== true) {
// was due to missing hash?
if ($user && !$user->password_hash) {
// if we did this in pam_auth_userpass(), visitors could sniff account usernames from
// email addresses. Instead, this lets us give the visitor only the information
// they provided.
elgg_get_session()->set('forgotpassword:hash_missing', get_input('username'));
$output = ['forward' => 'forgotpassword'];
return elgg_ok_response($output, '', 'forgotpassword');
}
return elgg_error_response($result);
}
if (!$user) {
return elgg_error_response(elgg_echo('login:baduser'));
}
try {
login($user, $persistent);
// re-register at least the core language file for users with language other than site default
register_translations(dirname(dirname(__FILE__)) . "/languages/");
} catch (LoginException $e) {
return elgg_error_response($e->getMessage());
}
/**
* Generate a token from a session token (specifying the user), the timestamp, and the site key.
*
* @see generate_action_token
*
* @param int $timestamp Unix timestamp
* @param string $session_token Session-specific token
*
* @return string
* @access private
*/
public function generateActionToken($timestamp, $session_token = '')
{
if (!$session_token) {
$session_token = elgg_get_session()->get('__elgg_session');
if (!$session_token) {
return false;
}
}
return _elgg_services()->crypto->getHmac([(int) $timestamp, $session_token], 'md5')->getToken();
}
<?php
if (elgg_is_logged_in()) {
forward();
}
$email = elgg_get_session()->get('emailsent', '');
if (!$email) {
forward();
}
$shell = elgg_get_config('walled_garden') ? 'walled_garden' : 'default';
$title = elgg_echo('uservalidationbyemail:emailsent', [$email]);
$body = elgg_view_layout('default', ['title' => $title, 'content' => elgg_echo('uservalidationbyemail:registerok'), 'sidebar' => false]);
echo elgg_view_page(strip_tags($title), $body, $shell);
/**
* @group AjaxService
*/
public function testCanRefreshTokens()
{
elgg_register_page_handler('refresh_token', [$this->actions, 'handleTokenRefreshRequest']);
$dt = new \DateTime();
$this->actions->setCurrentTime($dt);
$ts = $dt->getTimestamp();
$token = $this->actions->generateActionToken($ts);
$session_token = elgg_get_session()->get('__elgg_session');
$this->request = $this->prepareHttpRequest('refresh_token', 'POST', [], 1);
$this->createService();
set_input('pairs', ["{$ts},{$token}", "{$ts},fake"]);
set_input('session_token', $session_token);
$this->route();
$response = _elgg_services()->responseFactory->getSentResponse();
$this->assertInstanceOf(Response::class, $response);
$this->assertEquals(ELGG_HTTP_OK, $response->getStatusCode());
$this->assertContains('application/json', $response->headers->get('Content-Type'));
$expected = json_encode(['token' => ['__elgg_ts' => $ts, '__elgg_token' => $token, 'logged_in' => false], 'valid_tokens' => [$token => true], 'session_token' => $session_token, 'user_guid' => 0]);
$this->assertEquals($expected, $response->getContent());
}
public function testHasAccessToEntity()
{
$session = elgg_get_session();
$test_user = $session->getLoggedInUser();
$object = new ElggObject();
$object->access_id = ACCESS_PRIVATE;
$object->save();
$session->removeLoggedInUser();
$this->assertFalse(has_access_to_entity($object));
$this->assertFalse(has_access_to_entity($object, $this->user));
$session->setLoggedInUser($test_user);
$object->access_id = ACCESS_PUBLIC;
$object->save();
$session->removeLoggedInUser();
$this->assertTrue(has_access_to_entity($object));
$this->assertTrue(has_access_to_entity($object, $this->user));
$session->setLoggedInUser($test_user);
$object->access_id = ACCESS_LOGGED_IN;
$object->save();
$session->removeLoggedInUser();
$this->assertFalse(has_access_to_entity($object));
$this->assertTrue(has_access_to_entity($object, $this->user));
$session->setLoggedInUser($test_user);
$test_user->addFriend($this->user->guid);
$object->access_id = ACCESS_FRIENDS;
$object->save();
$session->removeLoggedInUser();
$this->assertFalse(has_access_to_entity($object));
$this->assertTrue(has_access_to_entity($object, $this->user));
$session->setLoggedInUser($test_user);
$test_user->removeFriend($this->user->guid);
$object->delete();
}
public function testCanAnnotateDefault()
{
$object = new \ElggObject();
$object->subtype = 'test_1389988642';
$object->save();
$this->assertTrue($object->canAnnotate());
$user = elgg_get_logged_in_user_entity();
elgg_get_session()->removeLoggedInUser();
$this->assertFalse($object->canAnnotate());
elgg_get_session()->setLoggedInUser($user);
$object->delete();
}
if (empty($wizard)) {
return;
}
if (!$wizard instanceof Wizard) {
return;
}
$can_close = 'false';
if ($wizard->user_can_close) {
// remove check from session... if user aborts the wizard will not trigger again during session
$wizards = elgg_get_session()->get('wizards');
$index = array_search($wizard->guid, $wizards);
unset($wizards[$index]);
if (empty($wizards)) {
elgg_get_session()->set('wizards', true);
} else {
elgg_get_session()->set('wizards', $wizards);
}
$can_close = 'true';
}
if ($wizard->display_mode !== 'overlay') {
forward($wizard->getURL());
}
elgg_load_js('lightbox');
elgg_load_css('lightbox');
?>
<script>
require(['jquery', 'elgg'], function($, elgg){
$.colorbox({
href: '<?php
echo $wizard->getURL();
?>
