function auth_token_check($token, $username, $password) { $user = get_user_by_username($username); if (!$user) { throw new InvalidParameterException('registration:usernamenotvalid'); } if (validate_user_token($token, 1) == $user->guid) { $return['auth_token'] = 'OK'; $return['api_key'] = get_api_key(); $return['gcm_sender_id'] = get_gcm_sender_id(); } else { $return = auth_gettoken($username, $password); } return $return; }
/** * Check the user token * This examines whether an authentication token is present and returns true if * it is present and is valid. The user gets logged in so with the current * session code of Elgg, that user will be logged out of all other sessions. * * @return bool * @access private */ function pam_auth_usertoken() { global $CONFIG; $token = get_input('auth_token'); if (!$token) { return false; } $validated_userid = validate_user_token($token, $CONFIG->site_id); if ($validated_userid) { $u = get_entity($validated_userid); // Could we get the user? if (!$u) { return false; } // Not an elgg user if (!$u instanceof ElggUser) { return false; } // User is banned if ($u->isBanned()) { return false; } // Fail if we couldn't log the user in if (!login($u)) { return false; } return true; } return false; }
/** * Function that examines whether an authentication token is present returning true if it is, OR the requested * method doesn't require one. * * If a token is present and a validated user id is returned, that user is logged in to the current session. * * @param unknown_type $credentials */ function pam_auth_usertoken($credentials = NULL) { global $METHODS, $CONFIG; $method = get_input('method'); $token = get_input('auth_token'); $validated_userid = validate_user_token($CONFIG->site_id, $token); if ($validated_userid) { $u = get_entity($validated_userid); if (!$u) { return false; } // Could we get the user? if (!$u instanceof ElggUser) { return false; } // Not an elgg user if ($u->isBanned()) { return false; } // User is banned if (!login($u)) { return false; } // Fail if we couldn't log the user in } if (!$METHODS[$method]["require_auth_token"] || $validated_userid || isloggedin()) { return true; } else { throw new SecurityException(elgg_echo('SecurityException:AuthTokenExpired'), ErrorResult::$RESULT_FAIL_AUTHTOKEN); } return false; }