Representation of a "user" in the system.
/**
* Is $blocked_user blocked by $blocking_user?
*
* @param ElggUser $blocked_user
* @param ElggUser $blocking_user
* @return type bool
*/
function is_blocked(\ElggUser $blocked_user, \ElggUser $blocking_user)
{
if (!$blocked_user instanceof \ElggUser || !$blocking_user instanceof \ElggUser) {
return false;
}
return (bool) check_entity_relationship($blocking_user->getGUID(), 'blocked', $blocked_user->getGUID());
}
/**
* Enable personal and friend notifications for new users
*
* We do this using 'create, user' event instead of 'register, user' plugin
* hook so that it affects also users created by an admin.
*
* @param string $event 'create'
* @param string $type 'user'
* @param ElggUser $user
* @return boolean
*/
function notification_tools_enable_for_new_user($event, $type, $user)
{
$personal = elgg_get_plugin_setting('default_personal_methods', 'notification_tools');
// Set methods for personal notifications
if ($personal) {
$personal_methods = explode(',', $personal);
foreach ($personal_methods as $method) {
$prefix = "notification:method:{$method}";
$user->{$prefix} = true;
}
}
$collection = elgg_get_plugin_setting('default_collection_methods', 'notification_tools');
// Set methods for notifications about friends' activity
if ($collection) {
$collection_methods = explode(',', $collection);
// Here we just mark the default methods. The core notification plugin
// will take care of creating the actual 'notify<method>' relationships
// between user and each friends.
foreach ($collection_methods as $method) {
$setting_name = "collections_notifications_preferences_{$method}";
// The -1 seems like a weird value but that's what the core
// is using for whatever reason.
$user->{$setting_name} = '-1';
}
}
$user->save();
return true;
}
protected function createTestUser($username = '******')
{
$user = new ElggUser();
$user->username = $username;
$guid = $user->save();
// load user to have access to creation time
return get_entity($guid);
}
public function testGroupSubscriptionRemovedWhenMemberRelationshipRemoved()
{
$this->group->join($this->user1);
$this->assertTrue($this->group->isMember($this->user1));
elgg_add_subscription($this->user1->guid, 'test', $this->group->guid);
$this->assertIsA(check_entity_relationship($this->user1->guid, 'notifytest', $this->group->guid), ElggRelationship::class);
$this->group->leave($this->user1);
$this->assertFalse($this->group->isMember($this->user1));
$this->assertFalse(check_entity_relationship($this->user1->guid, 'notifytest', $this->user2->guid));
}
/**
* Send validation reminder to a specified user with
* some parameters.
*
* @param ElggUser $user User to send the reminder to
* @param int $enddate The end date in a unix timestamp
* @param int $pastdays The days we've passed since the validation
*/
function send_validation_reminder_mail($user, $enddate, $pastdays)
{
$daysleft = $enddate - $pastdays;
$site = elgg_get_site_entity();
$code = uservalidationbyemail_generate_code($user->getGUID(), $user->email);
$link = $site->url . 'uservalidationbyemail/confirm?u=' . $user->getGUID() . '&c=' . $code;
$subject = elgg_echo('validation_reminder:validate:token:subject', array($user->name, $site->name), $user->language);
$body = elgg_echo('validation_reminder:validate:token:body', array($user->name, $pastdays, $site->name, $user->token, $link, $daysleft, $site->name, $site->url), $user->language);
// Send validation email
notify_user($user->guid, $site->guid, $subject, $body, array(), 'email');
}
/**
* Get a list of all the exportable values for the given type/subtype
*
* @param string $type the entity type
* @param string $subtype the entity subtype
* @param bool $readable readable values or just for processing (default: false)
*
* @return array
*/
function csv_exporter_get_exportable_values($type, $subtype = '', $readable = false)
{
$result = [];
if (empty($type)) {
return $result;
}
if ($type == 'object' && empty($subtype)) {
return $result;
}
$class = get_subtype_class($type, $subtype);
if (!empty($class)) {
$dummy = new $class();
} else {
switch ($type) {
case 'object':
$dummy = new ElggObject();
break;
case 'group':
$dummy = new ElggGroup();
break;
case 'site':
$dummy = new ElggSite();
break;
case 'user':
$dummy = new ElggUser();
break;
}
}
$exports = (array) $dummy->toObject();
$defaults = array_keys($exports);
if ($readable) {
$new_defaults = [];
foreach ($defaults as $name) {
if (elgg_language_key_exists($name)) {
$lan = elgg_echo($name);
} elseif (elgg_language_key_exists("csv_exporter:exportable_value:{$name}")) {
$lan = elgg_echo("csv_exporter:exportable_value:{$name}");
} else {
$lan = $name;
}
$new_defaults[$lan] = $name;
}
$defaults = $new_defaults;
}
$params = ['type' => $type, 'subtype' => $subtype, 'readable' => $readable, 'defaults' => $defaults];
$result = elgg_trigger_plugin_hook('get_exportable_values', 'csv_exporter', $params, $defaults);
if (is_array($result)) {
// prevent duplications
$result = array_unique($result);
}
return $result;
}
protected function createTestUser($username = '******')
{
// in case a test failure left the user
$user = get_user_by_username($username);
if ($user) {
return $user;
}
$user = new \ElggUser();
$user->username = $username;
$guid = $user->save();
// load user to have access to creation time
return get_entity($guid);
}
/**
* Delete messages from a user who is being deleted
*
* @param string $event
* @param string $type
* @param ElggUser $user
*/
function customizations_purge_messages($event, $type, $user)
{
// make sure we delete them all
$entity_disable_override = access_get_show_hidden_status();
access_show_hidden_entities(true);
$messages = elgg_get_entities_from_metadata(array('type' => 'object', 'subtype' => 'messages', 'metadata_name' => 'fromId', 'metadata_value' => $user->getGUID(), 'limit' => 0));
if ($messages) {
foreach ($messages as $e) {
$e->delete();
}
}
access_show_hidden_entities($entity_disable_override);
}
public function testCanEdit()
{
$user = new \ElggUser();
$user->save();
$id = $this->entity->annotate('test', 'foo', ACCESS_LOGGED_IN, elgg_get_logged_in_user_guid());
$a = elgg_get_annotation_from_id($id);
$this->assertTrue($a->canEdit());
$this->assertFalse($a->canEdit($user->guid));
$id = $this->entity->annotate('test', 'foo2', ACCESS_LOGGED_IN, $user->guid);
$a = elgg_get_annotation_from_id($id);
$this->assertTrue($a->canEdit());
$this->assertTrue($a->canEdit($user->guid));
$user->delete();
}
/**
* Get a list of all the exportable values for the given type/subtype
*
* @param string $type the entity type
* @param string $subtype the entity subtype
* @param bool $readable readable values or just for processing (default: false)
*
* @return array
*/
function csv_exporter_get_exportable_values($type, $subtype = "", $readable = false)
{
$result = array();
if (empty($type)) {
return $result;
}
if ($type == "object" && empty($subtype)) {
return $result;
}
$class = get_subtype_class($type, $subtype);
if (!empty($class)) {
$dummy = new $class();
} else {
switch ($type) {
case "object":
$dummy = new ElggObject();
break;
case "group":
$dummy = new ElggGroup();
break;
case "site":
$dummy = new ElggSite();
break;
case "user":
$dummy = new ElggUser();
break;
}
}
$defaults = $dummy->getExportableValues();
if ($readable) {
$new_defaults = array();
foreach ($defaults as $name) {
if ($name != elgg_echo($name)) {
$lan = elgg_echo($name);
} else {
$lan = elgg_echo("csv_exporter:exportable_value:" . $name);
}
$new_defaults[$lan] = $name;
}
$defaults = $new_defaults;
}
$params = array("type" => $type, "subtype" => $subtype, "readable" => $readable, "defaults" => $defaults);
$result = elgg_trigger_plugin_hook("get_exportable_values", "csv_exporter", $params, $defaults);
if (is_array($result)) {
// prevent duplications
$result = array_unique($result);
}
return $result;
}
/**
* Add messageboard post
*
* @param ElggUser $poster User posting the message
* @param ElggUser $owner User who owns the message board
* @param string $message The posted message
* @param int $access_id Access level (see defines in elgglib.php)
* @return bool
*/
function messageboard_add($poster, $owner, $message, $access_id = ACCESS_PUBLIC)
{
$result_id = $owner->annotate('messageboard', $message, $access_id, $poster->guid);
if (!$result_id) {
return false;
}
elgg_create_river_item(array('view' => 'river/object/messageboard/create', 'action_type' => 'messageboard', 'subject_guid' => $poster->guid, 'object_guid' => $owner->guid, 'access_id' => $access_id, 'annotation_id' => $result_id));
// Send notification only if poster isn't the owner
if ($poster->guid != $owner->guid) {
$subject = elgg_echo('messageboard:email:subject', array(), $owner->language);
$body = elgg_echo('messageboard:email:body', array($poster->name, $message, elgg_get_site_url() . "messageboard/owner/" . $owner->username, $poster->name, $poster->getURL()), $owner->language);
notify_user($owner->guid, $poster->guid, $subject, $body);
}
return $result_id;
}
/**
* Check if the email of the user has already been associated with a Stripe customer
* If so, map them
*
* @param string $event
* @param string $type
* @param ElggUser $user
* @param true
*/
function stripe_register_user($event, $type, $user)
{
$customer_ref = elgg_get_plugin_setting($user->email, 'stripe');
if (!$customer_ref) {
return;
}
$customer_ref = unserialize($customer_ref);
if (is_array($customer_ref) && sizeof($customer_ref)) {
$user->setPrivateSetting('stripe_customer_id', $customer_ref[0]);
$customer_ref = array_reverse($customer_ref);
foreach ($customer_ref as $c_ref) {
create_metadata($user->guid, 'stripe_customer_id', $c_ref, '', $user->guid, ACCESS_PUBLIC, true);
}
}
elgg_unset_plugin_setting($user->email, 'stripe');
return true;
}
/**
* Create a new customer
* @param ElggUser $user
* @param array $data
* @return Stripe_Customer|false
*/
public function createCustomer($user = null, $data = array())
{
$fields = array('account_balance', 'card', 'coupon', 'plan', 'quantity', 'trial_end', 'metadata', 'description', 'email');
try {
foreach ($data as $key => $value) {
if (!in_array($key, $fields)) {
$data[$key] = '';
}
}
$data = array_filter($data);
if ($user) {
if (!$data['email']) {
$data['email'] = $user->email;
}
if (!$data['description']) {
$data['description'] = $user->name;
}
if (!is_array($data['metadata'])) {
$data['metadata'] = array();
}
$data['metadata']['guid'] = $user->guid;
$data['metadata']['username'] = $user->username;
}
$customer = Stripe_Customer::create($data);
if ($user && $user->guid) {
// Store any customer IDs this user might have for reference
$stripe_ids = $user->stripe_customer_id;
if (!$stripe_ids) {
$stripe_ids = array();
} else {
if (!is_array($stripe_ids)) {
$stripe_ids = array($stripe_ids);
}
}
if (!in_array($customer->id, $stripe_ids)) {
create_metadata($user->guid, 'stripe_customer_id', $customer->id, '', $user->guid, ACCESS_PUBLIC, true);
}
// Store current Customer ID
$user->setPrivateSetting('stripe_customer_id', $customer->id);
} else {
// Store customer IDs with their email reference locally
// so that users can be assigned their existing customer ID upon registration
$customer_ref = elgg_get_plugin_setting($customer->email, 'stripe');
if ($customer_ref) {
$customer_ref = unserialize($customer_ref);
} else {
$customer_ref = array();
}
array_unshift($customer_ref, $customer->id);
elgg_set_plugin_setting($customer->email, serialize($customer_ref), 'stripe');
}
return $customer;
} catch (Exception $ex) {
$this->log($ex);
return false;
}
}
/**
* Create a notification event
*
* @param \ElggData $object The object of the event (\ElggEntity)
* @param string $action The name of the action (default: create)
* @param \ElggUser $actor The user that caused the event (default: logged in user)
*
* @throws \InvalidArgumentException
*/
public function __construct(\ElggData $object, $action, \ElggUser $actor = null)
{
if (elgg_instanceof($object)) {
$this->object_type = $object->getType();
$this->object_subtype = $object->getSubtype();
$this->object_id = $object->getGUID();
} else {
$this->object_type = $object->getType();
$this->object_subtype = $object->getSubtype();
$this->object_id = $object->id;
}
if ($actor == null) {
$this->actor_guid = _elgg_services()->session->getLoggedInUserGuid();
} else {
$this->actor_guid = $actor->getGUID();
}
$this->action = $action;
}
/**
* Create a notification event
*
* @param \ElggData $object The object of the event (\ElggEntity)
* @param string $action The name of the action (default: create)
* @param \ElggUser $actor The user that caused the event (default: logged in user)
*
* @throws \InvalidArgumentException
*/
public function __construct(\ElggData $object, $action, \ElggUser $actor = null)
{
if (elgg_instanceof($object)) {
$this->object_type = $object->getType();
$this->object_subtype = $object->getSubtype();
$this->object_id = $object->getGUID();
} else {
$this->object_type = $object->getType();
$this->object_subtype = $object->getSubtype();
$this->object_id = $object->id;
}
if ($actor == null) {
$this->actor_guid = elgg_get_logged_in_user_guid();
} else {
$this->actor_guid = $actor->getGUID();
}
$this->action = $action;
}
function group_tools_invite_user(ElggGroup $group, ElggUser $user, $text = "", $resend = false)
{
$result = false;
if (!empty($user) && $user instanceof ElggUser && !empty($group) && $group instanceof ElggGroup && ($loggedin_user = elgg_get_logged_in_user_entity())) {
// Create relationship
$relationship = add_entity_relationship($group->getGUID(), "invited", $user->getGUID());
if ($relationship || $resend) {
// Send email
$url = elgg_get_site_url() . "groups/invitations/" . $user->username;
$subject = elgg_echo("groups:invite:subject", array($user->name, $group->name));
$msg = elgg_echo("group_tools:groups:invite:body", array($user->name, $loggedin_user->name, $group->name, $text, $url));
if ($res = notify_user($user->getGUID(), $group->getOwnerGUID(), $subject, $msg)) {
$result = true;
}
}
}
return $result;
}
/**
* Notify $user that $sharer shared his $entity.
*
* @param type $user
* @param type $sharer
* @param type $entity
*/
function share_notify_user(ElggUser $user, ElggUser $sharer, ElggEntity $entity)
{
if (!$user instanceof ElggUser) {
return false;
}
if (!$sharer instanceof ElggUser) {
return false;
}
if (!$entity instanceof ElggEntity) {
return false;
}
$title_str = $entity->title;
if (!$title_str) {
$title_str = elgg_get_excerpt($entity->description);
}
$site = get_config('site');
$subject = elgg_echo('share:notifications:subject', array($sharer->name, $title_str));
$body = elgg_echo('share:notifications:body', array($user->name, $sharer->name, $title_str, $site->name, $entity->getURL(), $sharer->getURL()));
notify_user($user->guid, $sharer->guid, $subject, $body);
}
/**
* Create a notification event
*
* @param ElggData $object The object of the event (ElggEntity, ElggAnnotation, ElggRelationship)
* @param string $action The name of the action (default: create)
* @param ElggUser $actor The user that caused the event (default: logged in user)
* @throws InvalidArgumentException
*/
public function __construct($object, $action, $actor = null)
{
if (!$object instanceof ElggData) {
throw new InvalidArgumentException('$object is not an instance of ElggData');
}
if (elgg_instanceof($object)) {
$this->object_type = $object->getType();
$this->object_subtype = $object->getSubtype();
$this->object_id = $object->getGUID();
} else {
$this->object_type = $object->getType();
$this->object_subtype = $object->getSubtype();
$this->object_id = $object->id;
}
if ($actor == null) {
$this->actor_guid = elgg_get_logged_in_user_guid();
} else {
$this->actor_guid = $actor->getGUID();
}
$this->action = $action;
}
/**
* Called before each test object.
*/
public function __construct()
{
elgg_set_ignore_access(true);
$this->entities = array();
$this->subtypes = array('object' => array(), 'user' => array(), 'group' => array());
// sites are a bit wonky. Don't use them just now.
$this->types = array('object', 'user', 'group');
// create some fun objects to play with.
// 5 with random subtypes
for ($i = 0; $i < 5; $i++) {
$subtype = 'test_object_subtype_' . rand();
$e = new ElggObject();
$e->subtype = $subtype;
$e->save();
$this->entities[] = $e;
$this->subtypes['object'][] = $subtype;
}
// and users
for ($i = 0; $i < 5; $i++) {
$subtype = "test_user_subtype_" . rand();
$e = new ElggUser();
$e->username = "******" . rand();
$e->subtype = $subtype;
$e->save();
$this->entities[] = $e;
$this->subtypes['user'][] = $subtype;
}
// and groups
for ($i = 0; $i < 5; $i++) {
$subtype = "test_group_subtype_" . rand();
$e = new ElggGroup();
$e->subtype = $subtype;
$e->save();
$this->entities[] = $e;
$this->subtypes['group'][] = $subtype;
}
parent::__construct();
}
/**
* Updates author's list when an invited author registers
*
* @param string $event
* @param string $object_type
* @param ElggUser $object
*/
function publication_login_check($event, $object_type, $object)
{
if (empty($object->firstpublication) || empty($object->exauthor_name)) {
return;
}
$exauthor_name = $object->exauthor_name;
$pub = get_entity($object->firstpublication);
if (empty($pub) || !$pub instanceof Publication) {
return;
}
add_entity_relationship($pub->getGUID(), 'author', $object->getGUID());
unset($object->firstpubication);
unset($object->exauthor_name);
$authors = $pub->authors;
$authors = explode(',', $authors);
foreach ($authors as $key => $value) {
if ($value == $exauthor_name) {
$authors[$key] = $object->getGUID();
}
}
$authors = implode(',', $authors);
$pub->authors = $authors;
}
public function testElggRiverDisableEnable()
{
$user = new \ElggUser();
$user->save();
$entity = new \ElggObject();
$entity->save();
$params = array('view' => 'river/relationship/friend/create', 'action_type' => 'create', 'subject_guid' => $user->guid, 'object_guid' => $entity->guid);
$id = elgg_create_river_item($params);
$river = elgg_get_river(array('ids' => array($id)));
$this->assertIdentical($river[0]->enabled, 'yes');
$user->disable();
// should no longer be able to get the river
$river = elgg_get_river(array('ids' => array($id)));
$this->assertIdentical($river, array());
// renabling the user should re-enable the river
access_show_hidden_entities(true);
$user->enable();
access_show_hidden_entities(false);
$river = elgg_get_river(array('ids' => array($id)));
$this->assertIdentical($river[0]->enabled, 'yes');
$user->delete();
$entity->delete();
}
/**
* Get an access token for signing API requests
*/
public function getAccessToken()
{
if (!elgg_instanceof($this->entity)) {
return false;
}
switch ($this->entity->getType()) {
case 'site':
return StripeClientFactory::getSecretKey();
break;
default:
return $this->entity->getPrivateSetting('stripe_access_token');
break;
}
}
function test_can_write_to_container()
{
$user = new \ElggUser();
$user->username = '******' . rand();
$user->name = 'test_user_name_' . rand();
$user->email = '*****@*****.**';
$user->container_guid = 0;
$user->owner_guid = 0;
$user->save();
$object = new \ElggObject();
$object->save();
$group = new \ElggGroup();
$group->save();
// disable access overrides because we're admin.
$ia = elgg_set_ignore_access(false);
$this->assertFalse(can_write_to_container($user->guid, $object->guid));
global $elgg_test_user;
$elgg_test_user = $user;
// register hook to allow access
function can_write_to_container_test_hook($hook, $type, $value, $params)
{
global $elgg_test_user;
if ($params['user']->getGUID() == $elgg_test_user->getGUID()) {
return true;
}
}
elgg_register_plugin_hook_handler('container_permissions_check', 'all', 'can_write_to_container_test_hook');
$this->assertTrue(can_write_to_container($user->guid, $object->guid));
elgg_unregister_plugin_hook_handler('container_permissions_check', 'all', 'can_write_to_container_test_hook');
$this->assertFalse(can_write_to_container($user->guid, $group->guid));
$group->join($user);
$this->assertTrue(can_write_to_container($user->guid, $group->guid));
elgg_set_ignore_access($ia);
$user->delete();
$object->delete();
$group->delete();
}
/**
* Add messageboard post
*
* @param ElggUser $poster User posting the message
* @param ElggUser $owner User who owns the message board
* @param string $message The posted message
* @param int $access_id Access level (see defines in elgglib.php)
* @return bool
*/
function messageboard_add($poster, $owner, $message, $access_id = ACCESS_PUBLIC)
{
$result = $owner->annotate('messageboard', $message, $access_id, $poster->guid);
if (!$result) {
return false;
}
add_to_river('river/object/messageboard/create', 'messageboard', $poster->guid, $owner->guid, $access_id, 0, $result);
// only send notification if not self
if ($poster->guid != $owner->guid) {
$subject = elgg_echo('messageboard:email:subject');
$body = elgg_echo('messageboard:email:body', array($poster->name, $message, elgg_get_site_url() . "messageboard/" . $owner->username, $poster->name, $poster->getURL()));
notify_user($owner->guid, $poster->guid, $subject, $body);
}
return $result;
}
/**
* Retrieve a Stripe customer account
* @return Stripe_Customer|boolean
* @throws Stripe_Error
*/
public function getCustomerAccount()
{
if ($this->account->id) {
return $this->account;
}
try {
$customer_id = $this->getCustomerId();
if (!$customer_id) {
throw new Stripe_Error('No customer id');
}
$stripe = new StripeClient();
$account = $stripe->getCustomer($customer_id);
if (!$account->id || isset($account->deleted)) {
throw new Stripe_Error('Customer does not exist or has been deleted');
}
return $account;
} catch (Stripe_Error $e) {
$this->user->removePrivateSetting('stripe_customer_id');
error_log($e->getMessage());
return $this->getCustomerAccount();
}
}
/**
* Logs in a specified ElggUser. For standard registration, use in conjunction
* with authenticate.
*
* @see authenticate
* @param ElggUser $user A valid Elgg user object
* @param boolean $persistent Should this be a persistent login?
* @return true|false Whether login was successful
*/
function login(ElggUser $user, $persistent = false)
{
global $CONFIG;
if ($user->isBanned()) {
return false;
}
// User is banned, return false.
if (check_rate_limit_exceeded($user->guid)) {
return false;
}
// Check rate limit
$_SESSION['user'] = $user;
$_SESSION['guid'] = $user->getGUID();
$_SESSION['id'] = $_SESSION['guid'];
$_SESSION['username'] = $user->username;
$_SESSION['name'] = $user->name;
$code = md5($user->name . $user->username . time() . rand());
$user->code = md5($code);
$_SESSION['code'] = $code;
if ($persistent) {
setcookie("elggperm", $code, time() + 86400 * 30, "/");
}
if (!$user->save() || !trigger_elgg_event('login', 'user', $user)) {
unset($_SESSION['username']);
unset($_SESSION['name']);
unset($_SESSION['code']);
unset($_SESSION['guid']);
unset($_SESSION['id']);
unset($_SESSION['user']);
setcookie("elggperm", "", time() - 86400 * 30, "/");
return false;
}
// Users privilege has been elevated, so change the session id (help prevent session hijacking)
session_regenerate_id();
// Update statistics
set_last_login($_SESSION['guid']);
reset_login_failure_count($user->guid);
// Reset any previous failed login attempts
// Set admin shortcut flag if this is an admin
if (isadminloggedin()) {
global $is_admin;
$is_admin = true;
}
return true;
}
/**
* Get the time_created from the group membership relation
*
* @param ElggUser $user the user to check
* @param ElggGroup $group the group to check
*
* @return int
*/
function group_tools_get_membership_information(ElggUser $user, ElggGroup $group)
{
$result = 0;
if (!empty($user) && !empty($group)) {
$query = "SELECT *";
$query .= " FROM " . elgg_get_config("dbprefix") . "entity_relationships";
$query .= " WHERE guid_one = " . $user->getGUID();
$query .= " AND guid_two = " . $group->getGUID();
$query .= " AND relationship = 'member'";
$row = get_data_row($query);
if (!empty($row)) {
$result = $row->time_created;
}
}
return $result;
}
/**
* Called after each test object.
*/
public function __destruct()
{
$this->user->delete();
// all __destruct() code should go above here
parent::__destruct();
}
/**
* Logs in a specified ElggUser. For standard registration, use in conjunction
* with elgg_authenticate.
*
* @see elgg_authenticate
*
* @param ElggUser $user A valid Elgg user object
* @param boolean $persistent Should this be a persistent login?
*
* @return true or throws exception
* @throws LoginException
*/
function login(ElggUser $user, $persistent = false)
{
if ($user->isBanned()) {
throw new LoginException(elgg_echo('LoginException:BannedUser'));
}
// give plugins a chance to reject the login of this user (no user in session!)
if (!elgg_trigger_event('login', 'user', $user)) {
throw new LoginException(elgg_echo('LoginException:Unknown'));
}
$session = _elgg_services()->session;
// if remember me checked, set cookie with token and store token on user
if ($persistent) {
$code = md5($user->name . $user->username . time() . rand());
// @todo oooh, hashing a hash adds magical powers
_elgg_add_remember_me_cookie($user, md5($code));
$session->set('code', $code);
$cookie = new ElggCookie("elggperm");
$cookie->value = $code;
$cookie->setExpiresTime("+30 days");
elgg_set_cookie($cookie);
}
// User's privilege has been elevated, so change the session id (prevents session fixation)
$session->migrate();
$session->setLoggedInUser($user);
set_last_login($user->guid);
reset_login_failure_count($user->guid);
return true;
}
/**
* Checks if the user is a moderator of any item in the given container
*
* @param ElggEntity $container_entity container entity to check in
* @param ElggUser $user user to check
*
* @return boolean
*/
function static_is_moderator_in_container(ElggEntity $container_entity, ElggUser $user)
{
if (empty($container_entity) || empty($user)) {
return false;
}
$dbprefix = elgg_get_config('dbprefix');
$ia = elgg_set_ignore_access(true);
$md = elgg_get_metadata(['selects' => ['msv.string as value'], 'metadata_names' => ['moderators'], 'limit' => false, 'joins' => ["JOIN {$dbprefix}metastrings msv ON n_table.value_id = msv.id", "JOIN {$dbprefix}entities e ON n_table.entity_guid = e.guid"], 'wheres' => ['msv.string <> ""', 'e.type = "object" AND e.subtype = ' . get_subtype_id('object', 'static'), 'e.container_guid = ' . $container_entity->getGUID()], 'callback' => function ($row) {
$value = $row->value;
if (!empty($value)) {
return $value;
}
}]);
elgg_set_ignore_access($ia);
return in_array($user->getGUID(), $md);
}