/**
* Logs in a specified ElggUser. For standard registration, use in conjunction
* with authenticate.
*
* @see authenticate
* @param ElggUser $user A valid Elgg user object
* @param boolean $persistent Should this be a persistent login?
* @return true|false Whether login was successful
*/
function login(ElggUser $user, $persistent = false)
{
global $CONFIG;
if ($user->isBanned()) {
return false;
}
// User is banned, return false.
if (check_rate_limit_exceeded($user->guid)) {
return false;
}
// Check rate limit
$_SESSION['user'] = $user;
$_SESSION['guid'] = $user->getGUID();
$_SESSION['id'] = $_SESSION['guid'];
$_SESSION['username'] = $user->username;
$_SESSION['name'] = $user->name;
$code = md5($user->name . $user->username . time() . rand());
$user->code = md5($code);
$_SESSION['code'] = $code;
if ($persistent) {
setcookie("elggperm", $code, time() + 86400 * 30, "/");
}
if (!$user->save() || !trigger_elgg_event('login', 'user', $user)) {
unset($_SESSION['username']);
unset($_SESSION['name']);
unset($_SESSION['code']);
unset($_SESSION['guid']);
unset($_SESSION['id']);
unset($_SESSION['user']);
setcookie("elggperm", "", time() - 86400 * 30, "/");
return false;
}
// Users privilege has been elevated, so change the session id (help prevent session hijacking)
session_regenerate_id();
// Update statistics
set_last_login($_SESSION['guid']);
reset_login_failure_count($user->guid);
// Reset any previous failed login attempts
// Set admin shortcut flag if this is an admin
if (isadminloggedin()) {
global $is_admin;
$is_admin = true;
}
return true;
}
/**
* Logs in a specified ElggUser. For standard registration, use in conjunction
* with elgg_authenticate.
*
* @see elgg_authenticate
*
* @param ElggUser $user A valid Elgg user object
* @param boolean $persistent Should this be a persistent login?
*
* @return true or throws exception
* @throws LoginException
*/
function login(ElggUser $user, $persistent = false)
{
if ($user->isBanned()) {
throw new LoginException(elgg_echo('LoginException:BannedUser'));
}
// give plugins a chance to reject the login of this user (no user in session!)
if (!elgg_trigger_event('login', 'user', $user)) {
throw new LoginException(elgg_echo('LoginException:Unknown'));
}
$session = _elgg_services()->session;
// if remember me checked, set cookie with token and store token on user
if ($persistent) {
$code = md5($user->name . $user->username . time() . rand());
// @todo oooh, hashing a hash adds magical powers
_elgg_add_remember_me_cookie($user, md5($code));
$session->set('code', $code);
$cookie = new ElggCookie("elggperm");
$cookie->value = $code;
$cookie->setExpiresTime("+30 days");
elgg_set_cookie($cookie);
}
// User's privilege has been elevated, so change the session id (prevents session fixation)
$session->migrate();
$session->setLoggedInUser($user);
set_last_login($user->guid);
reset_login_failure_count($user->guid);
return true;
}
/**
* Logs in a specified ElggUser. For standard registration, use in conjunction
* with elgg_authenticate.
*
* @see elgg_authenticate
*
* @param ElggUser $user A valid Elgg user object
* @param boolean $persistent Should this be a persistent login?
*
* @return true or throws exception
* @throws LoginException
*/
function login(ElggUser $user, $persistent = false)
{
global $CONFIG;
// User is banned, return false.
if ($user->isBanned()) {
throw new LoginException(elgg_echo('LoginException:BannedUser'));
}
$_SESSION['user'] = $user;
$_SESSION['guid'] = $user->getGUID();
$_SESSION['id'] = $_SESSION['guid'];
$_SESSION['username'] = $user->username;
$_SESSION['name'] = $user->name;
// if remember me checked, set cookie with token and store token on user
if ($persistent) {
$code = md5($user->name . $user->username . time() . rand());
$_SESSION['code'] = $code;
$user->code = md5($code);
setcookie("elggperm", $code, time() + 86400 * 30, "/");
}
if (!$user->save() || !elgg_trigger_event('login', 'user', $user)) {
unset($_SESSION['username']);
unset($_SESSION['name']);
unset($_SESSION['code']);
unset($_SESSION['guid']);
unset($_SESSION['id']);
unset($_SESSION['user']);
setcookie("elggperm", "", time() - 86400 * 30, "/");
throw new LoginException(elgg_echo('LoginException:Unknown'));
}
// Users privilege has been elevated, so change the session id (prevents session fixation)
session_regenerate_id();
// Update statistics
set_last_login($_SESSION['guid']);
reset_login_failure_count($user->guid);
// Reset any previous failed login attempts
return true;
}
/**
* Logs in a specified \ElggUser. For standard registration, use in conjunction
* with elgg_authenticate.
*
* @see elgg_authenticate
*
* @param \ElggUser $user A valid Elgg user object
* @param boolean $persistent Should this be a persistent login?
*
* @return true or throws exception
* @throws LoginException
*/
function login(\ElggUser $user, $persistent = false)
{
if ($user->isBanned()) {
throw new \LoginException(elgg_echo('LoginException:BannedUser'));
}
$session = _elgg_services()->session;
// give plugins a chance to reject the login of this user (no user in session!)
if (!elgg_trigger_before_event('login', 'user', $user)) {
throw new \LoginException(elgg_echo('LoginException:Unknown'));
}
// #5933: set logged in user early so code in login event will be able to
// use elgg_get_logged_in_user_entity().
$session->setLoggedInUser($user);
// deprecate event
$message = "The 'login' event was deprecated. Register for 'login:before' or 'login:after'";
$version = "1.9";
if (!elgg_trigger_deprecated_event('login', 'user', $user, $message, $version)) {
$session->removeLoggedInUser();
throw new \LoginException(elgg_echo('LoginException:Unknown'));
}
// if remember me checked, set cookie with token and store hash(token) for user
if ($persistent) {
_elgg_services()->persistentLogin->makeLoginPersistent($user);
}
// User's privilege has been elevated, so change the session id (prevents session fixation)
$session->migrate();
set_last_login($user->guid);
reset_login_failure_count($user->guid);
elgg_trigger_after_event('login', 'user', $user);
// if memcache is enabled, invalidate the user in memcache @see https://github.com/Elgg/Elgg/issues/3143
if (is_memcache_available()) {
$guid = $user->getGUID();
// this needs to happen with a shutdown function because of the timing with set_last_login()
register_shutdown_function("_elgg_invalidate_memcache_for_entity", $guid);
}
return true;
}
/**
* Logs in a specified ElggUser. For standard registration, use in conjunction
* with elgg_authenticate.
*
* @see elgg_authenticate
*
* @param ElggUser $user A valid Elgg user object
* @param boolean $persistent Should this be a persistent login?
*
* @return true or throws exception
* @throws LoginException
*/
function login(ElggUser $user, $persistent = false)
{
// User is banned, return false.
if ($user->isBanned()) {
throw new LoginException(elgg_echo('LoginException:BannedUser'));
}
$_SESSION['user'] = $user;
$_SESSION['guid'] = $user->getGUID();
$_SESSION['id'] = $_SESSION['guid'];
$_SESSION['username'] = $user->username;
$_SESSION['name'] = $user->name;
// if remember me checked, set cookie with token and store token on user
if ($persistent) {
$code = md5($user->name . $user->username . time() . rand());
$_SESSION['code'] = $code;
$user->code = md5($code);
setcookie("elggperm", $code, time() + 86400 * 30, "/");
}
if (!$user->save() || !elgg_trigger_event('login', 'user', $user)) {
unset($_SESSION['username']);
unset($_SESSION['name']);
unset($_SESSION['code']);
unset($_SESSION['guid']);
unset($_SESSION['id']);
unset($_SESSION['user']);
setcookie("elggperm", "", time() - 86400 * 30, "/");
throw new LoginException(elgg_echo('LoginException:Unknown'));
}
// Users privilege has been elevated, so change the session id (prevents session fixation)
session_regenerate_id();
// Update statistics
set_last_login($_SESSION['guid']);
reset_login_failure_count($user->guid);
// Reset any previous failed login attempts
// if memcache is enabled, invalidate the user in memcache @see https://github.com/Elgg/Elgg/issues/3143
if (is_memcache_available()) {
// this needs to happen with a shutdown function because of the timing with set_last_login()
register_shutdown_function("_elgg_invalidate_memcache_for_entity", $_SESSION['guid']);
}
return true;
}
/**
* Logs in a specified \ElggUser. For standard registration, use in conjunction
* with elgg_authenticate.
*
* @see elgg_authenticate
*
* @param \ElggUser $user A valid Elgg user object
* @param boolean $persistent Should this be a persistent login?
*
* @return true or throws exception
* @throws LoginException
*/
function login(\ElggUser $user, $persistent = false)
{
if ($user->isBanned()) {
throw new \LoginException(elgg_echo('LoginException:BannedUser'));
}
$session = _elgg_services()->session;
// give plugins a chance to reject the login of this user (no user in session!)
if (!elgg_trigger_before_event('login', 'user', $user)) {
throw new \LoginException(elgg_echo('LoginException:Unknown'));
}
// #5933: set logged in user early so code in login event will be able to
// use elgg_get_logged_in_user_entity().
$session->setLoggedInUser($user);
// if remember me checked, set cookie with token and store hash(token) for user
if ($persistent) {
_elgg_services()->persistentLogin->makeLoginPersistent($user);
}
// User's privilege has been elevated, so change the session id (prevents session fixation)
$session->migrate();
set_last_login($user->guid);
reset_login_failure_count($user->guid);
elgg_trigger_after_event('login', 'user', $user);
return true;
}
