/**
* Send validation reminder to a specified user with
* some parameters.
*
* @param ElggUser $user User to send the reminder to
* @param int $enddate The end date in a unix timestamp
* @param int $pastdays The days we've passed since the validation
*/
function send_validation_reminder_mail($user, $enddate, $pastdays)
{
$daysleft = $enddate - $pastdays;
$site = elgg_get_site_entity();
$code = uservalidationbyemail_generate_code($user->getGUID(), $user->email);
$link = $site->url . 'uservalidationbyemail/confirm?u=' . $user->getGUID() . '&c=' . $code;
$subject = elgg_echo('validation_reminder:validate:token:subject', array($user->name, $site->name), $user->language);
$body = elgg_echo('validation_reminder:validate:token:body', array($user->name, $pastdays, $site->name, $user->token, $link, $daysleft, $site->name, $site->url), $user->language);
// Send validation email
notify_user($user->guid, $site->guid, $subject, $body, array(), 'email');
}
/**
* Is $blocked_user blocked by $blocking_user?
*
* @param ElggUser $blocked_user
* @param ElggUser $blocking_user
* @return type bool
*/
function is_blocked(\ElggUser $blocked_user, \ElggUser $blocking_user)
{
if (!$blocked_user instanceof \ElggUser || !$blocking_user instanceof \ElggUser) {
return false;
}
return (bool) check_entity_relationship($blocking_user->getGUID(), 'blocked', $blocked_user->getGUID());
}
function group_tools_invite_user(ElggGroup $group, ElggUser $user, $text = "", $resend = false)
{
$result = false;
if (!empty($user) && $user instanceof ElggUser && !empty($group) && $group instanceof ElggGroup && ($loggedin_user = elgg_get_logged_in_user_entity())) {
// Create relationship
$relationship = add_entity_relationship($group->getGUID(), "invited", $user->getGUID());
if ($relationship || $resend) {
// Send email
$url = elgg_get_site_url() . "groups/invitations/" . $user->username;
$subject = elgg_echo("groups:invite:subject", array($user->name, $group->name));
$msg = elgg_echo("group_tools:groups:invite:body", array($user->name, $loggedin_user->name, $group->name, $text, $url));
if ($res = notify_user($user->getGUID(), $group->getOwnerGUID(), $subject, $msg)) {
$result = true;
}
}
}
return $result;
}
/**
* Delete messages from a user who is being deleted
*
* @param string $event
* @param string $type
* @param ElggUser $user
*/
function customizations_purge_messages($event, $type, $user)
{
// make sure we delete them all
$entity_disable_override = access_get_show_hidden_status();
access_show_hidden_entities(true);
$messages = elgg_get_entities_from_metadata(array('type' => 'object', 'subtype' => 'messages', 'metadata_name' => 'fromId', 'metadata_value' => $user->getGUID(), 'limit' => 0));
if ($messages) {
foreach ($messages as $e) {
$e->delete();
}
}
access_show_hidden_entities($entity_disable_override);
}
/**
* Updates author's list when an invited author registers
*
* @param string $event
* @param string $object_type
* @param ElggUser $object
*/
function publication_login_check($event, $object_type, $object)
{
if (empty($object->firstpublication) || empty($object->exauthor_name)) {
return;
}
$exauthor_name = $object->exauthor_name;
$pub = get_entity($object->firstpublication);
if (empty($pub) || !$pub instanceof Publication) {
return;
}
add_entity_relationship($pub->getGUID(), 'author', $object->getGUID());
unset($object->firstpubication);
unset($object->exauthor_name);
$authors = $pub->authors;
$authors = explode(',', $authors);
foreach ($authors as $key => $value) {
if ($value == $exauthor_name) {
$authors[$key] = $object->getGUID();
}
}
$authors = implode(',', $authors);
$pub->authors = $authors;
}
/**
* Create a notification event
*
* @param \ElggData $object The object of the event (\ElggEntity)
* @param string $action The name of the action (default: create)
* @param \ElggUser $actor The user that caused the event (default: logged in user)
*
* @throws \InvalidArgumentException
*/
public function __construct(\ElggData $object, $action, \ElggUser $actor = null)
{
if (elgg_instanceof($object)) {
$this->object_type = $object->getType();
$this->object_subtype = $object->getSubtype();
$this->object_id = $object->getGUID();
} else {
$this->object_type = $object->getType();
$this->object_subtype = $object->getSubtype();
$this->object_id = $object->id;
}
if ($actor == null) {
$this->actor_guid = _elgg_services()->session->getLoggedInUserGuid();
} else {
$this->actor_guid = $actor->getGUID();
}
$this->action = $action;
}
/**
* Create a notification event
*
* @param \ElggData $object The object of the event (\ElggEntity)
* @param string $action The name of the action (default: create)
* @param \ElggUser $actor The user that caused the event (default: logged in user)
*
* @throws \InvalidArgumentException
*/
public function __construct(\ElggData $object, $action, \ElggUser $actor = null)
{
if (elgg_instanceof($object)) {
$this->object_type = $object->getType();
$this->object_subtype = $object->getSubtype();
$this->object_id = $object->getGUID();
} else {
$this->object_type = $object->getType();
$this->object_subtype = $object->getSubtype();
$this->object_id = $object->id;
}
if ($actor == null) {
$this->actor_guid = elgg_get_logged_in_user_guid();
} else {
$this->actor_guid = $actor->getGUID();
}
$this->action = $action;
}
/**
* Create a notification event
*
* @param ElggData $object The object of the event (ElggEntity, ElggAnnotation, ElggRelationship)
* @param string $action The name of the action (default: create)
* @param ElggUser $actor The user that caused the event (default: logged in user)
* @throws InvalidArgumentException
*/
public function __construct($object, $action, $actor = null)
{
if (!$object instanceof ElggData) {
throw new InvalidArgumentException('$object is not an instance of ElggData');
}
if (elgg_instanceof($object)) {
$this->object_type = $object->getType();
$this->object_subtype = $object->getSubtype();
$this->object_id = $object->getGUID();
} else {
$this->object_type = $object->getType();
$this->object_subtype = $object->getSubtype();
$this->object_id = $object->id;
}
if ($actor == null) {
$this->actor_guid = elgg_get_logged_in_user_guid();
} else {
$this->actor_guid = $actor->getGUID();
}
$this->action = $action;
}
/**
* Check if the user is receiving notifications from the group
*
* @param \ElggUser $user the user to check
* @param \ElggGroup $group the group to check for
*
* @return bool
*/
public static function notificationsEnabledForGroup(\ElggUser $user, \ElggGroup $group)
{
if (!$user instanceof \ElggUser || !$group instanceof \ElggGroup) {
return false;
}
$subscriptions = elgg_get_subscriptions_for_container($group->getGUID());
if (!is_array($subscriptions)) {
return false;
}
if (!empty($subscriptions[$user->getGUID()])) {
return true;
}
return false;
}
/**
* Can a user access an entity.
*
* @warning If a logged in user doesn't have access to an entity, the
* core engine will not load that entity.
*
* @tip This is mostly useful for checking if a user other than the logged in
* user has access to an entity that is currently loaded.
*
* @todo This function would be much more useful if we could pass the guid of the
* entity to test access for. We need to be able to tell whether the entity exists
* and whether the user has access to the entity.
*
* @param ElggEntity $entity The entity to check access for.
* @param ElggUser $user Optionally user to check access for. Defaults to
* logged in user (which is a useless default).
*
* @return bool
* @link http://docs.elgg.org/Access
*/
function has_access_to_entity($entity, $user = null)
{
global $CONFIG;
if (!isset($user)) {
$access_bit = get_access_sql_suffix("e");
} else {
$access_bit = get_access_sql_suffix("e", $user->getGUID());
}
$query = "SELECT guid from {$CONFIG->dbprefix}entities e WHERE e.guid = " . $entity->getGUID();
// Add access controls
$query .= " AND " . $access_bit;
if (get_data($query)) {
return true;
} else {
return false;
}
}
/**
* Pull in the latest avatar from twitter.
*
* @param ElggUser $user
* @param string $file_location
*/
function twitter_api_update_user_avatar($user, $file_location)
{
// twitter's images have a few suffixes:
// _normal
// _reasonably_small
// _mini
// the twitter app here returns _normal. We want standard, so remove the suffix.
// @todo Should probably check that it's an image file.
$file_location = str_replace('_normal.jpg', '.jpg', $file_location);
$icon_sizes = elgg_get_config('icon_sizes');
$filehandler = new ElggFile();
$filehandler->owner_guid = $user->getGUID();
foreach ($icon_sizes as $size => $dimensions) {
$image = get_resized_image_from_existing_file($file_location, $dimensions['w'], $dimensions['h'], $dimensions['square']);
$filehandler->setFilename("profile/{$user->guid}{$size}.jpg");
$filehandler->open('write');
$filehandler->write($image);
$filehandler->close();
}
// update user's icontime
$user->icontime = time();
}
/**
* Check if page owner and user are a member of the same group
*
* @param ElggUser $page_owner the current page owner
* @param ElggUser $user the user to check with
*
* @return bool
*/
function owner_gatekeeper_match_group(ElggUser $page_owner, ElggUser $user)
{
if (!$page_owner instanceof ElggUser || !$user instanceof ElggUser) {
return false;
}
$options = ['type' => 'group', 'limit' => false, 'callback' => function ($row) {
return (int) $row->guid;
}, 'relationship' => 'member', 'relationship_guid' => $page_owner->getGUID()];
// page owners groups
$page_owner_group_guids = elgg_get_entities_from_relationship($options);
// users groups
$options['relationship_guid'] = $user->getGUID();
$user_group_guids = elgg_get_entities_from_relationship($options);
// same groups
$matching_guids = array_intersect($page_owner_group_guids, $user_group_guids);
return !empty($matching_guids);
}
/**
* Get the time_created from the group membership relation
*
* @param ElggUser $user the user to check
* @param ElggGroup $group the group to check
*
* @return int
*/
function group_tools_get_membership_information(ElggUser $user, ElggGroup $group)
{
$result = 0;
if (!empty($user) && !empty($group)) {
$query = "SELECT *";
$query .= " FROM " . elgg_get_config("dbprefix") . "entity_relationships";
$query .= " WHERE guid_one = " . $user->getGUID();
$query .= " AND guid_two = " . $group->getGUID();
$query .= " AND relationship = 'member'";
$row = get_data_row($query);
if (!empty($row)) {
$result = $row->time_created;
}
}
return $result;
}
/**
* Prevent a manual code login with login().
*
* @param string $event
* @param string $type
* @param ElggUser $user
* @return bool
*
* @throws LoginException
*/
function uservalidationbyemail_check_manual_login($event, $type, $user)
{
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(TRUE);
if ($user instanceof ElggUser && !$user->isEnabled() && !$user->validated) {
// send new validation email
uservalidationbyemail_request_validation($user->getGUID());
// restore hidden entities settings
access_show_hidden_entities($access_status);
// throw error so we get a nice error message
throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
}
access_show_hidden_entities($access_status);
}
function subsite_manager_get_invited_subsites(ElggUser $user)
{
$result = false;
if (!empty($user) && $user instanceof Elgguser) {
// based on email adres
$options = array("type" => "site", "subtype" => Subsite::SUBTYPE, "limit" => false, "site_guids" => false, "joins" => array("JOIN " . elgg_get_config("dbprefix") . "private_settings s ON e.guid = s.entity_guid"), "wheres" => array("(s.name = 'membership_invitation' AND s.value LIKE '%" . sanitise_string($user->email) . "%')"));
$subsites_email = elgg_get_entities($options);
// based on relationship
$options = array("type" => "site", "subtype" => Subsite::SUBTYPE, "limit" => false, "site_guids" => false, "relationship" => "membership_invitation", "relationship_guid" => $user->getGUID());
$subsites_relations = elgg_get_entities_from_relationship($options);
// make result
if (!empty($subsites_email) && !empty($subsites_relations)) {
$result = array_merge($subsites_email, $subsites_relations);
} elseif (!empty($subsites_email)) {
$result = $subsites_email;
} elseif (!empty($subsites_relations)) {
$result = $subsites_relations;
}
}
return $result;
}
/**
* Adds uploaded files to your profile
*
* @param string $event Event name
* @param string $object_type Event type
* @param ElggUser $user User being updated
*
* @return void
*/
function profile_manager_profileupdate_user_event($event, $object_type, $user)
{
if (!empty($user) && $user instanceof ElggUser) {
// upload a file to your profile
$accesslevel = get_input('accesslevel');
if (!is_array($accesslevel)) {
$accesslevel = array();
}
$options = array("type" => "object", "subtype" => CUSTOM_PROFILE_FIELDS_PROFILE_SUBTYPE, "limit" => false, "metadata_name_value_pairs" => array("name" => "metadata_type", "value" => "pm_file"));
$configured_fields = elgg_get_entities_from_metadata($options);
if ($configured_fields) {
foreach ($configured_fields as $field) {
// check for uploaded files
$metadata_name = $field->metadata_name;
$current_file_guid = $user->{$metadata_name};
if (isset($accesslevel[$metadata_name])) {
$access_id = (int) $accesslevel[$metadata_name];
} else {
// this should never be executed since the access level should always be set
$access_id = ACCESS_PRIVATE;
}
if (isset($_FILES[$metadata_name]) && $_FILES[$metadata_name]['error'] == 0) {
// uploaded file exists so, save it to an ElggFile object
// use current_file_guid to overwrite previously uploaded files
$filehandler = new ElggFile($current_file_guid);
$filehandler->owner_guid = $user->getGUID();
$filehandler->container_guid = $user->getGUID();
$filehandler->subtype = "file";
$filehandler->access_id = $access_id;
$filehandler->title = $field->getTitle();
$filehandler->setFilename("profile_manager/" . $_FILES[$metadata_name]["name"]);
$filehandler->setMimeType($_FILES[$metadata_name]["type"]);
$filehandler->open("write");
$filehandler->write(get_uploaded_file($metadata_name));
$filehandler->close();
if ($filehandler->save()) {
$filehandler->profile_manager_metadata_name = $metadata_name;
// used to retrieve user file when deleting
$filehandler->originalfilename = $_FILES[$metadata_name]["name"];
create_metadata($user->guid, $metadata_name, $filehandler->getGUID(), 'text', $user->guid, $access_id);
}
} else {
// if file not uploaded should it be deleted???
if (empty($current_file_guid)) {
// find the previously uploaded file and if exists... delete it
$options = array("type" => "object", "subtype" => "file", "owner_guid" => $user->getGUID(), "limit" => 1, "metadata_name_value_pairs" => array("name" => "profile_manager_metadata_name", "value" => $metadata_name));
$files = elgg_get_entities_from_metadata($options);
if ($files) {
$file = $files[0];
$file->delete();
}
} else {
if ($file = get_entity($current_file_guid)) {
// maybe we need to update the access id
$file->access_id = $access_id;
$file->save();
}
}
}
}
}
// update profile completeness
profile_manager_profile_completeness($user);
}
}
/**
* Creates a relationship between this site and the user.
*
* @param string $event create
* @param string $object_type user
* @param ElggUser $object User object
*
* @return bool
* @access private
*/
function user_create_hook_add_site_relationship($event, $object_type, $object)
{
global $CONFIG;
add_entity_relationship($object->getGUID(), 'member_of_site', $CONFIG->site->getGUID());
}
/**
* Adds default admin widgets to the admin dashboard.
*
* @param string $event
* @param string $type
* @param ElggUser $user
*
* @return null|true
* @access private
*/
function elgg_add_admin_widgets($event, $type, $user)
{
elgg_set_ignore_access(true);
// check if the user already has widgets
if (elgg_get_widgets($user->getGUID(), 'admin')) {
return true;
}
// In the form column => array of handlers in order, top to bottom
$adminWidgets = array(1 => array('control_panel', 'admin_welcome'), 2 => array('online_users', 'new_users', 'content_stats'));
foreach ($adminWidgets as $column => $handlers) {
foreach ($handlers as $position => $handler) {
$guid = elgg_create_widget($user->getGUID(), $handler, 'admin');
if ($guid) {
$widget = get_entity($guid);
/* @var ElggWidget $widget */
$widget->move($column, $position);
}
}
}
elgg_set_ignore_access(false);
}
/**
* Creates a relationship between this site and the user.
*
* @param string $event create
* @param string $object_type user
* @param \ElggUser $object User object
*
* @return void
* @access private
*/
function user_create_hook_add_site_relationship($event, $object_type, $object)
{
add_entity_relationship($object->getGUID(), 'member_of_site', elgg_get_site_entity()->guid);
}
/**
* Pull in the latest avatar from twitter.
*
* @param ElggUser $user
* @param string $file_location
*/
function twitter_api_update_user_avatar($user, $file_location)
{
// twitter's images have a few suffixes:
// _normal
// _resonably_small
// _mini
// the twitter app here returns _normal. We want standard, so remove the suffix.
// @todo Should probably check that it's an image file.
$file_location = str_replace('_normal.jpg', '.jpg', $file_location);
$sizes = array('topbar' => array(16, 16, TRUE), 'tiny' => array(25, 25, TRUE), 'small' => array(40, 40, TRUE), 'medium' => array(100, 100, TRUE), 'large' => array(200, 200, FALSE), 'master' => array(550, 550, FALSE));
$filehandler = new ElggFile();
$filehandler->owner_guid = $user->getGUID();
foreach ($sizes as $size => $dimensions) {
$image = get_resized_image_from_existing_file($file_location, $dimensions[0], $dimensions[1], $dimensions[2]);
$filehandler->setFilename("profile/{$user->guid}{$size}.jpg");
$filehandler->open('write');
$filehandler->write($image);
$filehandler->close();
}
// update user's icontime
$user->icontime = time();
}
/**
* Logs in a specified ElggUser. For standard registration, use in conjunction
* with elgg_authenticate.
*
* @see elgg_authenticate
*
* @param ElggUser $user A valid Elgg user object
* @param boolean $persistent Should this be a persistent login?
*
* @return true or throws exception
* @throws LoginException
*/
function login(ElggUser $user, $persistent = false)
{
// User is banned, return false.
if ($user->isBanned()) {
throw new LoginException(elgg_echo('LoginException:BannedUser'));
}
$_SESSION['user'] = $user;
$_SESSION['guid'] = $user->getGUID();
$_SESSION['id'] = $_SESSION['guid'];
$_SESSION['username'] = $user->username;
$_SESSION['name'] = $user->name;
// if remember me checked, set cookie with token and store token on user
if ($persistent) {
$code = md5($user->name . $user->username . time() . rand());
$_SESSION['code'] = $code;
$user->code = md5($code);
setcookie("elggperm", $code, time() + 86400 * 30, "/");
}
if (!$user->save() || !elgg_trigger_event('login', 'user', $user)) {
unset($_SESSION['username']);
unset($_SESSION['name']);
unset($_SESSION['code']);
unset($_SESSION['guid']);
unset($_SESSION['id']);
unset($_SESSION['user']);
setcookie("elggperm", "", time() - 86400 * 30, "/");
throw new LoginException(elgg_echo('LoginException:Unknown'));
}
// Users privilege has been elevated, so change the session id (prevents session fixation)
session_regenerate_id();
// Update statistics
set_last_login($_SESSION['guid']);
reset_login_failure_count($user->guid);
// Reset any previous failed login attempts
// if memcache is enabled, invalidate the user in memcache @see https://github.com/Elgg/Elgg/issues/3143
if (is_memcache_available()) {
// this needs to happen with a shutdown function because of the timing with set_last_login()
register_shutdown_function("_elgg_invalidate_memcache_for_entity", $_SESSION['guid']);
}
return true;
}
public function testAccessCaching()
{
// create a new user to check against
$user = new ElggUser();
$user->username = '******';
$user->save();
foreach (array('get_access_list', 'get_access_array') as $func) {
$cache = _elgg_get_access_cache();
$cache->clear();
// admin users run tests, so disable access
elgg_set_ignore_access(true);
$access = $func($user->getGUID());
elgg_set_ignore_access(false);
$access2 = $func($user->getGUID());
$this->assertNotEqual($access, $access2, "Access test for {$func}");
}
$user->delete();
}
/**
* Logs in a specified ElggUser. For standard registration, use in conjunction
* with elgg_authenticate.
*
* @see elgg_authenticate
*
* @param ElggUser $user A valid Elgg user object
* @param boolean $persistent Should this be a persistent login?
*
* @return true or throws exception
* @throws LoginException
*/
function login(ElggUser $user, $persistent = false)
{
global $CONFIG;
// User is banned, return false.
if ($user->isBanned()) {
throw new LoginException(elgg_echo('LoginException:BannedUser'));
}
$_SESSION['user'] = $user;
$_SESSION['guid'] = $user->getGUID();
$_SESSION['id'] = $_SESSION['guid'];
$_SESSION['username'] = $user->username;
$_SESSION['name'] = $user->name;
// if remember me checked, set cookie with token and store token on user
if ($persistent) {
$code = md5($user->name . $user->username . time() . rand());
$_SESSION['code'] = $code;
$user->code = md5($code);
setcookie("elggperm", $code, time() + 86400 * 30, "/");
}
if (!$user->save() || !elgg_trigger_event('login', 'user', $user)) {
unset($_SESSION['username']);
unset($_SESSION['name']);
unset($_SESSION['code']);
unset($_SESSION['guid']);
unset($_SESSION['id']);
unset($_SESSION['user']);
setcookie("elggperm", "", time() - 86400 * 30, "/");
throw new LoginException(elgg_echo('LoginException:Unknown'));
}
// Users privilege has been elevated, so change the session id (prevents session fixation)
session_regenerate_id();
// Update statistics
set_last_login($_SESSION['guid']);
reset_login_failure_count($user->guid);
// Reset any previous failed login attempts
return true;
}
/**
* Delete messages from a user who is being deleted
*
* @param string $event Event name
* @param string $type Event type
* @param ElggUser $user User being deleted
*/
function messages_purge($event, $type, $user)
{
if (!$user->getGUID()) {
return;
}
// make sure we delete them all
$entity_disable_override = access_get_show_hidden_status();
access_show_hidden_entities(true);
$ia = elgg_set_ignore_access(true);
$options = array('type' => 'object', 'subtype' => 'messages', 'metadata_name' => 'fromId', 'metadata_value' => $user->getGUID(), 'limit' => 0);
$batch = new ElggBatch('elgg_get_entities_from_metadata', $options);
foreach ($batch as $e) {
$e->delete();
}
elgg_set_ignore_access($ia);
access_show_hidden_entities($entity_disable_override);
}
function profile_manager_get_user_profile_data(ElggUser $user)
{
$profile_fields = elgg_get_config('profile_fields');
$result = false;
if (!empty($user) && !empty($profile_fields)) {
$fields = array_keys($profile_fields);
$fields[] = "custom_profile_type";
$options = array("metadata_names" => $fields, "guid" => $user->getGUID(), "limit" => false);
$rows = elgg_get_metadata($options);
if ($rows) {
$result = array();
foreach ($rows as $row) {
if (!array_key_exists($row->name, $result)) {
// create object
$object = new stdClass();
$object->name = $row->name;
$object->value = $row->value;
$object->access_id = $row->access_id;
$result[$row->name] = $object;
} else {
$result[$row->name]->value = $row->value . ", " . $result[$row->name]->value;
}
}
}
}
return $result;
}
/**
* Can a user access an entity.
*
* @warning If a logged in user doesn't have access to an entity, the
* core engine will not load that entity.
*
* @tip This is mostly useful for checking if a user other than the logged in
* user has access to an entity that is currently loaded.
*
* @todo This function would be much more useful if we could pass the guid of the
* entity to test access for. We need to be able to tell whether the entity exists
* and whether the user has access to the entity.
*
* @param \ElggEntity $entity The entity to check access for.
* @param \ElggUser $user Optionally user to check access for. Defaults to
* logged in user (which is a useless default).
*
* @return bool
*/
function hasAccessToEntity($entity, $user = null)
{
// See #7159. Must not allow ignore access to affect query
$ia = elgg_set_ignore_access(false);
if (!isset($user)) {
$access_bit = _elgg_get_access_where_sql();
} else {
$access_bit = _elgg_get_access_where_sql(array('user_guid' => $user->getGUID()));
}
elgg_set_ignore_access($ia);
$db = _elgg_services()->db;
$prefix = $db->getTablePrefix();
$query = "SELECT guid from {$prefix}entities e WHERE e.guid = {$entity->guid}";
// Add access controls
$query .= " AND " . $access_bit;
if ($db->getData($query)) {
return true;
} else {
return false;
}
}
/**
* Checks if the user is a moderator of any item in the given container
*
* @param ElggEntity $container_entity container entity to check in
* @param ElggUser $user user to check
*
* @return boolean
*/
function static_is_moderator_in_container(ElggEntity $container_entity, ElggUser $user)
{
if (empty($container_entity) || empty($user)) {
return false;
}
$dbprefix = elgg_get_config('dbprefix');
$ia = elgg_set_ignore_access(true);
$md = elgg_get_metadata(['selects' => ['msv.string as value'], 'metadata_names' => ['moderators'], 'limit' => false, 'joins' => ["JOIN {$dbprefix}metastrings msv ON n_table.value_id = msv.id", "JOIN {$dbprefix}entities e ON n_table.entity_guid = e.guid"], 'wheres' => ['msv.string <> ""', 'e.type = "object" AND e.subtype = ' . get_subtype_id('object', 'static'), 'e.container_guid = ' . $container_entity->getGUID()], 'callback' => function ($row) {
$value = $row->value;
if (!empty($value)) {
return $value;
}
}]);
elgg_set_ignore_access($ia);
return in_array($user->getGUID(), $md);
}
/**
* Returns the redirect url after login
*
* @param ElggUser $user
* @return false | string forward url
*/
function login_redirector_general_login(ElggUser $user)
{
$result = false;
$plugin = elgg_get_plugin_from_id("login_redirector");
if ($plugin->useroverride == 'yes') {
$pref = $plugin->getUserSetting("redirectpage", $user->getGUID());
}
if (empty($pref)) {
$pref = $plugin->redirectpage;
}
switch ($pref) {
case "homepage":
$url = elgg_get_site_url();
break;
case "profile":
if (elgg_is_active_plugin("profile")) {
$url = elgg_get_site_url() . "profile/" . $user->username;
}
break;
case "dashboard":
if (elgg_is_active_plugin("dashboard")) {
$url = elgg_get_site_url() . "dashboard";
}
break;
case "custom":
if ($custom = $plugin->first_login_custom_redirect) {
$url = str_ireplace("[wwwroot]", elgg_get_site_url(), $custom);
$url = str_ireplace("[username]", $user->username, $url);
}
break;
default:
if (!empty($pref)) {
$url = str_ireplace("[wwwroot]", elgg_get_site_url(), $pref);
$url = str_ireplace("[username]", $user->username, $url);
}
break;
}
if ($url) {
// set the redirect url correctly
$result = elgg_normalize_url($url);
}
return $result;
}
/**
* Logs in a specified ElggUser. For standard registration, use in conjunction
* with authenticate.
*
* @see authenticate
* @param ElggUser $user A valid Elgg user object
* @param boolean $persistent Should this be a persistent login?
* @return true|false Whether login was successful
*/
function login(ElggUser $user, $persistent = false)
{
global $CONFIG;
if ($user->isBanned()) {
return false;
}
// User is banned, return false.
if (check_rate_limit_exceeded($user->guid)) {
return false;
}
// Check rate limit
$_SESSION['user'] = $user;
$_SESSION['guid'] = $user->getGUID();
$_SESSION['id'] = $_SESSION['guid'];
$_SESSION['username'] = $user->username;
$_SESSION['name'] = $user->name;
$code = md5($user->name . $user->username . time() . rand());
$user->code = md5($code);
$_SESSION['code'] = $code;
if ($persistent) {
setcookie("elggperm", $code, time() + 86400 * 30, "/");
}
if (!$user->save() || !trigger_elgg_event('login', 'user', $user)) {
unset($_SESSION['username']);
unset($_SESSION['name']);
unset($_SESSION['code']);
unset($_SESSION['guid']);
unset($_SESSION['id']);
unset($_SESSION['user']);
setcookie("elggperm", "", time() - 86400 * 30, "/");
return false;
}
// Users privilege has been elevated, so change the session id (help prevent session hijacking)
session_regenerate_id();
// Update statistics
set_last_login($_SESSION['guid']);
reset_login_failure_count($user->guid);
// Reset any previous failed login attempts
// Set admin shortcut flag if this is an admin
if (isadminloggedin()) {
global $is_admin;
$is_admin = true;
}
return true;
}
/**
* Remove a user from the group.
*
* @param ElggUser $user User
*
* @return bool
*/
public function leave(ElggUser $user)
{
return leave_group($this->getGUID(), $user->getGUID());
}
