/** * Logs in a specified ElggUser. For standard registration, use in conjunction * with authenticate. * * @see authenticate * @param ElggUser $user A valid Elgg user object * @param boolean $persistent Should this be a persistent login? * @return true|false Whether login was successful */ function login(ElggUser $user, $persistent = false) { global $CONFIG; if ($user->isBanned()) { return false; } // User is banned, return false. if (check_rate_limit_exceeded($user->guid)) { return false; } // Check rate limit $_SESSION['user'] = $user; $_SESSION['guid'] = $user->getGUID(); $_SESSION['id'] = $_SESSION['guid']; $_SESSION['username'] = $user->username; $_SESSION['name'] = $user->name; $code = md5($user->name . $user->username . time() . rand()); $user->code = md5($code); $_SESSION['code'] = $code; if ($persistent) { setcookie("elggperm", $code, time() + 86400 * 30, "/"); } if (!$user->save() || !trigger_elgg_event('login', 'user', $user)) { unset($_SESSION['username']); unset($_SESSION['name']); unset($_SESSION['code']); unset($_SESSION['guid']); unset($_SESSION['id']); unset($_SESSION['user']); setcookie("elggperm", "", time() - 86400 * 30, "/"); return false; } // Users privilege has been elevated, so change the session id (help prevent session hijacking) session_regenerate_id(); // Update statistics set_last_login($_SESSION['guid']); reset_login_failure_count($user->guid); // Reset any previous failed login attempts // Set admin shortcut flag if this is an admin if (isadminloggedin()) { global $is_admin; $is_admin = true; } return true; }
/** * Logs in a specified ElggUser. For standard registration, use in conjunction * with elgg_authenticate. * * @see elgg_authenticate * * @param ElggUser $user A valid Elgg user object * @param boolean $persistent Should this be a persistent login? * * @return true or throws exception * @throws LoginException */ function login(ElggUser $user, $persistent = false) { if ($user->isBanned()) { throw new LoginException(elgg_echo('LoginException:BannedUser')); } // give plugins a chance to reject the login of this user (no user in session!) if (!elgg_trigger_event('login', 'user', $user)) { throw new LoginException(elgg_echo('LoginException:Unknown')); } $session = _elgg_services()->session; // if remember me checked, set cookie with token and store token on user if ($persistent) { $code = md5($user->name . $user->username . time() . rand()); // @todo oooh, hashing a hash adds magical powers _elgg_add_remember_me_cookie($user, md5($code)); $session->set('code', $code); $cookie = new ElggCookie("elggperm"); $cookie->value = $code; $cookie->setExpiresTime("+30 days"); elgg_set_cookie($cookie); } // User's privilege has been elevated, so change the session id (prevents session fixation) $session->migrate(); $session->setLoggedInUser($user); set_last_login($user->guid); reset_login_failure_count($user->guid); return true; }
/** * Logs in a specified ElggUser. For standard registration, use in conjunction * with elgg_authenticate. * * @see elgg_authenticate * * @param ElggUser $user A valid Elgg user object * @param boolean $persistent Should this be a persistent login? * * @return true or throws exception * @throws LoginException */ function login(ElggUser $user, $persistent = false) { global $CONFIG; // User is banned, return false. if ($user->isBanned()) { throw new LoginException(elgg_echo('LoginException:BannedUser')); } $_SESSION['user'] = $user; $_SESSION['guid'] = $user->getGUID(); $_SESSION['id'] = $_SESSION['guid']; $_SESSION['username'] = $user->username; $_SESSION['name'] = $user->name; // if remember me checked, set cookie with token and store token on user if ($persistent) { $code = md5($user->name . $user->username . time() . rand()); $_SESSION['code'] = $code; $user->code = md5($code); setcookie("elggperm", $code, time() + 86400 * 30, "/"); } if (!$user->save() || !elgg_trigger_event('login', 'user', $user)) { unset($_SESSION['username']); unset($_SESSION['name']); unset($_SESSION['code']); unset($_SESSION['guid']); unset($_SESSION['id']); unset($_SESSION['user']); setcookie("elggperm", "", time() - 86400 * 30, "/"); throw new LoginException(elgg_echo('LoginException:Unknown')); } // Users privilege has been elevated, so change the session id (prevents session fixation) session_regenerate_id(); // Update statistics set_last_login($_SESSION['guid']); reset_login_failure_count($user->guid); // Reset any previous failed login attempts return true; }
/** * Logs in a specified \ElggUser. For standard registration, use in conjunction * with elgg_authenticate. * * @see elgg_authenticate * * @param \ElggUser $user A valid Elgg user object * @param boolean $persistent Should this be a persistent login? * * @return true or throws exception * @throws LoginException */ function login(\ElggUser $user, $persistent = false) { if ($user->isBanned()) { throw new \LoginException(elgg_echo('LoginException:BannedUser')); } $session = _elgg_services()->session; // give plugins a chance to reject the login of this user (no user in session!) if (!elgg_trigger_before_event('login', 'user', $user)) { throw new \LoginException(elgg_echo('LoginException:Unknown')); } // #5933: set logged in user early so code in login event will be able to // use elgg_get_logged_in_user_entity(). $session->setLoggedInUser($user); // deprecate event $message = "The 'login' event was deprecated. Register for 'login:before' or 'login:after'"; $version = "1.9"; if (!elgg_trigger_deprecated_event('login', 'user', $user, $message, $version)) { $session->removeLoggedInUser(); throw new \LoginException(elgg_echo('LoginException:Unknown')); } // if remember me checked, set cookie with token and store hash(token) for user if ($persistent) { _elgg_services()->persistentLogin->makeLoginPersistent($user); } // User's privilege has been elevated, so change the session id (prevents session fixation) $session->migrate(); set_last_login($user->guid); reset_login_failure_count($user->guid); elgg_trigger_after_event('login', 'user', $user); // if memcache is enabled, invalidate the user in memcache @see https://github.com/Elgg/Elgg/issues/3143 if (is_memcache_available()) { $guid = $user->getGUID(); // this needs to happen with a shutdown function because of the timing with set_last_login() register_shutdown_function("_elgg_invalidate_memcache_for_entity", $guid); } return true; }
/** * Logs in a specified ElggUser. For standard registration, use in conjunction * with elgg_authenticate. * * @see elgg_authenticate * * @param ElggUser $user A valid Elgg user object * @param boolean $persistent Should this be a persistent login? * * @return true or throws exception * @throws LoginException */ function login(ElggUser $user, $persistent = false) { // User is banned, return false. if ($user->isBanned()) { throw new LoginException(elgg_echo('LoginException:BannedUser')); } $_SESSION['user'] = $user; $_SESSION['guid'] = $user->getGUID(); $_SESSION['id'] = $_SESSION['guid']; $_SESSION['username'] = $user->username; $_SESSION['name'] = $user->name; // if remember me checked, set cookie with token and store token on user if ($persistent) { $code = md5($user->name . $user->username . time() . rand()); $_SESSION['code'] = $code; $user->code = md5($code); setcookie("elggperm", $code, time() + 86400 * 30, "/"); } if (!$user->save() || !elgg_trigger_event('login', 'user', $user)) { unset($_SESSION['username']); unset($_SESSION['name']); unset($_SESSION['code']); unset($_SESSION['guid']); unset($_SESSION['id']); unset($_SESSION['user']); setcookie("elggperm", "", time() - 86400 * 30, "/"); throw new LoginException(elgg_echo('LoginException:Unknown')); } // Users privilege has been elevated, so change the session id (prevents session fixation) session_regenerate_id(); // Update statistics set_last_login($_SESSION['guid']); reset_login_failure_count($user->guid); // Reset any previous failed login attempts // if memcache is enabled, invalidate the user in memcache @see https://github.com/Elgg/Elgg/issues/3143 if (is_memcache_available()) { // this needs to happen with a shutdown function because of the timing with set_last_login() register_shutdown_function("_elgg_invalidate_memcache_for_entity", $_SESSION['guid']); } return true; }
/** * Logs in a specified \ElggUser. For standard registration, use in conjunction * with elgg_authenticate. * * @see elgg_authenticate * * @param \ElggUser $user A valid Elgg user object * @param boolean $persistent Should this be a persistent login? * * @return true or throws exception * @throws LoginException */ function login(\ElggUser $user, $persistent = false) { if ($user->isBanned()) { throw new \LoginException(elgg_echo('LoginException:BannedUser')); } $session = _elgg_services()->session; // give plugins a chance to reject the login of this user (no user in session!) if (!elgg_trigger_before_event('login', 'user', $user)) { throw new \LoginException(elgg_echo('LoginException:Unknown')); } // #5933: set logged in user early so code in login event will be able to // use elgg_get_logged_in_user_entity(). $session->setLoggedInUser($user); // if remember me checked, set cookie with token and store hash(token) for user if ($persistent) { _elgg_services()->persistentLogin->makeLoginPersistent($user); } // User's privilege has been elevated, so change the session id (prevents session fixation) $session->migrate(); set_last_login($user->guid); reset_login_failure_count($user->guid); elgg_trigger_after_event('login', 'user', $user); return true; }