function api_account_logout(&$a, $type)
{
require_once 'include/auth.php';
nuke_session();
return api_apply_template("user", $type, array('$user' => null));
}
$_SESSION['last_login_date'] = datetime_convert('UTC', 'UTC');
}
if (strcmp(datetime_convert('UTC', 'UTC', 'now - 12 hours'), $_SESSION['last_login_date']) > 0) {
$_SESSION['last_login_date'] = datetime_convert();
$login_refresh = true;
}
authenticate_success($r[0], false, false, false, $login_refresh);
} else {
$_SESSION['account_id'] = 0;
nuke_session();
goaway(z_root());
}
}
} else {
if (isset($_SESSION)) {
nuke_session();
}
// handle a fresh login request
if (x($_POST, 'password') && strlen($_POST['password'])) {
$encrypted = hash('whirlpool', trim($_POST['password']));
}
if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') {
$record = null;
$addon_auth = array('username' => trim($_POST['username']), 'password' => trim($_POST['password']), 'authenticated' => 0, 'user_record' => null);
/**
*
* A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record
* Plugins should never set 'authenticated' except to indicate success - as hooks may be chained
* and later plugins should not interfere with an earlier one that succeeded.
*
*/