/** * Replace the current user session * * @param ElggUser $user New user to login as (null to log out) * @return ElggUser|null Removed session user (or null) */ public function replaceSession(ElggUser $user = null) { $session = elgg_get_session(); $old = $session->getLoggedInUser(); if ($user) { $session->setLoggedInUser($user); } else { $session->removeLoggedInUser(); } return $old; }
/** * Add a menu item to the topbar menu for logging out of an account */ function login_as_add_topbar_link() { $session = elgg_get_session(); $original_user_guid = $session->get('login_as_original_user_guid'); // short circuit view if not logged in as someone else. if (!$original_user_guid) { return; } $title = elgg_echo('login_as:return_to_user', array(elgg_get_logged_in_user_entity()->username, get_entity($original_user_guid)->username)); $html = elgg_view('login_as/topbar_return', array('user_guid' => $original_user_guid)); elgg_register_menu_item('topbar', array('name' => 'login_as_return', 'text' => $html, 'href' => 'action/logout_as', 'is_action' => true, 'title' => $title, 'link_class' => 'login-as-topbar', 'priority' => 700)); }
/** * Messages page handler * * @param array $page Array of URL components for routing * @return bool */ function messages_page_handler($page) { $current_user = elgg_get_logged_in_user_entity(); if (!$current_user) { register_error(elgg_echo('noaccess')); elgg_get_session()->set('last_forward_from', current_page_url()); forward(''); } elgg_load_library('elgg:messages'); elgg_push_breadcrumb(elgg_echo('messages'), 'messages/inbox/' . $current_user->username); if (!isset($page[0])) { $page[0] = 'inbox'; } // Support the old inbox url /messages/<username>, but only if it matches the logged in user. // Otherwise having a username like "read" on the system could confuse this function. if ($current_user->username === $page[0]) { $page[1] = $page[0]; $page[0] = 'inbox'; } if (!isset($page[1])) { $page[1] = $current_user->username; } $base_dir = elgg_get_plugins_path() . 'messages/pages/messages'; switch ($page[0]) { case 'inbox': set_input('username', $page[1]); include "{$base_dir}/inbox.php"; break; case 'sent': set_input('username', $page[1]); include "{$base_dir}/sent.php"; break; case 'read': set_input('guid', $page[1]); include "{$base_dir}/read.php"; break; case 'compose': case 'add': include "{$base_dir}/send.php"; break; default: return false; } return true; }
/** * Request user validation email. * Send email out to the address and request a confirmation. * * @param int $user_guid The user's GUID * @return mixed */ function uservalidationbyemail_request_validation($user_guid) { $site = elgg_get_site_entity(); $user_guid = (int) $user_guid; $user = get_entity($user_guid); if ($user && $user instanceof ElggUser) { // Work out validate link $link = "{$site->url}uservalidationbyemail/confirm?u={$user_guid}"; $link = elgg_http_get_signed_url($link); // Get email to show in the next page elgg_get_session()->set('emailsent', $user->email); $subject = elgg_echo('email:validate:subject', array($user->name, $site->name), $user->language); $body = elgg_echo('email:validate:body', array($user->name, $site->name, $link, $site->name, $site->url), $user->language); $params = ['action' => 'uservalidationbyemail', 'object' => $user, 'link' => $link]; // Send validation email $result = notify_user($user->guid, $site->guid, $subject, $body, $params, 'email'); return $result; } return FALSE; }
function setUp() { $this->pages = dirname(dirname(__FILE__)) . '/test_files/pages'; $this->fooHandlerCalls = 0; $session = ElggSession::getMock(); _elgg_services()->setValue('session', $session); _elgg_services()->session->start(); $config = $this->config(); _elgg_services()->setValue('config', $config); $this->input = new Input(); _elgg_services()->setValue('input', $this->input); $this->request = $this->prepareHttpRequest('', 'GET'); _elgg_services()->setValue('request', $this->request); $this->translator = new Translator(); $this->translator->addTranslation('en', ['__test__' => 'Test']); $this->hooks = new PluginHooksService(); $this->router = new Router($this->hooks); $this->system_messages = new SystemMessagesService(elgg_get_session()); $this->viewsDir = dirname(dirname(__FILE__)) . "/test_files/views"; $this->createService(); _elgg_services()->logger->disable(); }
/** * Request user validation email. * Send email out to the address and request a confirmation. * * @param int $user_guid The user's GUID * @param bool $admin_requested Was it requested by admin * @return mixed */ function uservalidationbyemail_request_validation($user_guid, $admin_requested = 'deprecated') { if ($admin_requested != 'deprecated') { elgg_deprecatednotice('Second param $admin_requested no more used in uservalidationbyemail_request_validation function', 1.9); } $site = elgg_get_site_entity(); $user_guid = (int) $user_guid; $user = get_entity($user_guid); if ($user && $user instanceof ElggUser) { // Work out validate link $code = uservalidationbyemail_generate_code($user_guid, $user->email); $link = "{$site->url}uservalidationbyemail/confirm?u={$user_guid}&c={$code}"; // Get email to show in the next page elgg_get_session()->set('emailsent', $user->email); $subject = elgg_echo('email:validate:subject', array($user->name, $site->name), $user->language); $body = elgg_echo('email:validate:body', array($user->name, $site->name, $link, $site->name, $site->url), $user->language); // Send validation email $result = notify_user($user->guid, $site->guid, $subject, $body, array(), 'email'); return $result; } return FALSE; }
<?php /** * Assembles and outputs the forgotten password page. */ if (elgg_is_logged_in()) { forward(); } $title = elgg_echo('user:password:lost'); $hash_missing_username = elgg_get_session()->get('forgotpassword:hash_missing'); if ($hash_missing_username) { elgg_get_session()->remove('forgotpassword:hash_missing'); register_error(elgg_echo('user:password:hash_missing')); } $form_vars = ['class' => 'elgg-form-account']; $body_vars = ['username' => $hash_missing_username]; $content = elgg_view_form('user/requestnewpassword', $form_vars, $body_vars); $shell = elgg_get_config('walled_garden') ? 'walled_garden' : 'default'; $body = elgg_view_layout('default', ['content' => $content, 'title' => $title, 'sidebar' => false]); echo elgg_view_page($title, $body, $shell);
<?php elgg_get_session()->set('event_manager_files_migration_offset', 0); // Upgrade also possible hidden entities. This feature get run // by an administrator so there's no need to ignore access. $access_status = access_get_show_hidden_status(); access_show_hidden_entities(true); $count = elgg_get_entities_from_metadata(['type' => 'object', 'subtype' => \Event::SUBTYPE, 'metadata_names' => ['icontime', 'files'], 'count' => true]); echo elgg_view('output/longtext', ['value' => elgg_echo('admin:upgrades:migrate_files_to_event:description')]); echo elgg_view('admin/upgrades/view', ['count' => $count, 'action' => 'action/event_manager/upgrades/files_migration']); access_show_hidden_entities($access_status);
/** * Override the URL to be forwarded after registration * * @param string $hook * @param string $type * @param bool $value * @param array $params * @return string */ function uservalidationbyemail_after_registration_url($hook, $type, $value, $params) { $url = elgg_extract('current_url', $params); if ($url == elgg_get_site_url() . 'action/register') { $session = elgg_get_session(); $email = $session->get('emailsent', ''); if ($email) { return elgg_get_site_url() . 'uservalidationbyemail/emailsent'; } } }
/** * Returns the access token to use in twitter calls. * * @param bool $oauth_verifier * @return array */ function twitter_api_get_access_token($oauth_verifier = FALSE) { $session = elgg_get_session(); // retrieve stored tokens $api_settings = $session->get('twitter_api'); $oauth_token = $api_settings['oauth_token']; $oauth_token_secret = $api_settings['oauth_token_secret']; $session->remove('twitter_api'); // fetch an access token $api = twitter_api_get_api_object($oauth_token, $oauth_token_secret); return $api->getAccessToken($oauth_verifier); }
/** * Helper function to remove information from $_SESSION * * @param string $name the name to remove * * @access private * * @return mixed */ function simplesaml_remove_from_session($name) { $session = elgg_get_session(); return $session->remove($name); }
// save profile field if (!is_array($value)) { create_metadata($user->getGUID(), $metadata_name, $value, '', $user->getGUID(), ACCESS_LOGGED_IN); } else { // correctly save tag/array values foreach ($value as $v) { create_metadata($user->getGUID(), $metadata_name, $v, '', $user->getGUID(), ACCESS_LOGGED_IN, true); } } } } elgg_clear_sticky_form('wizard'); // user did this wizard $entity->addRelationship($user->getGUID(), 'done'); // cleanup session elgg_get_session()->remove('wizards'); // if (empty($_SESSION['wizards'])) { // $_SESSION['wizards'] = true; // } elseif ($_SESSION['wizards'] !== true) { // $wizards = $_SESSION['wizards']; // foreach ($wizards as $index => $guid) { // if ($guid == $entity->getGUID()) { // unset($wizards[$index]); // } // } // if (empty($wizards)) { // // no more wizards to follow // $_SESSION['wizards'] = true; // } else { // // you need to do more wizards // $_SESSION['wizards'] = $wizards;
<?php /** * Logout as the current user, back to the original user. */ $session = elgg_get_session(); $user_guid = $session->get('login_as_original_user_guid'); $user = get_entity($user_guid); $persistent = $session->get('login_as_original_persistent'); if (!$user instanceof ElggUser || !$user->isadmin()) { register_error(elgg_echo('login_as:unknown_user')); } else { if (login($user, $persistent)) { $session->remove('login_as_original_user_guid'); $session->remove('login_as_original_persistent'); system_message(elgg_echo('login_as:logged_in_as_user', array($user->username))); } else { register_error(elgg_echo('login_as:could_not_login_as_user', array($user->username))); } } forward(REFERER);
/** * Make sure users follow the wizard * * @return void|Wizard */ function wizard_check_wizards() { $user = elgg_get_logged_in_user_entity(); if (empty($user)) { // only logged in users return; } if (elgg_is_xhr()) { // only check on regular pages return; } if (elgg_in_context('wizard') || elgg_in_context('admin')) { // deadloop prevention and /admin is allowed return; } $SESSION = elgg_get_session(); if ($SESSION->has('wizards')) { if ($SESSION->get('wizards') === true) { return; } else { foreach ($SESSION->get('wizards', []) as $index => $guid) { $wizard = get_entity($guid); if (!$wizard instanceof Wizard) { unset($SESSION['wizards'][$index]); continue; } return $wizard; } if ($SESSION->get('wizards')) { $SESSION->set('wizards', true); } } } $dbprefix = elgg_get_config('dbprefix'); $endtime_id = elgg_get_metastring_id('endtime'); $entities = elgg_get_entities_from_metadata(['type' => 'object', 'subtype' => \Wizard::SUBTYPE, 'limit' => false, 'metadata_name_value_pairs' => [['name' => 'starttime', 'value' => time(), 'operand' => '<=']], 'joins' => ["JOIN {$dbprefix}metadata mde ON e.guid = mde.entity_guid", "JOIN {$dbprefix}metastrings mse ON mde.value_id = mse.id"], 'wheres' => ["(e.guid NOT IN (SELECT guid_one\n\t\t\t\tFROM {$dbprefix}entity_relationships\n\t\t\t\tWHERE relationship = 'done'\n\t\t\t\tAND guid_two = {$user->getGUID()}\n\t\t\t))", "(mde.name_id = {$endtime_id} AND mse.string = 0 OR mse.string > " . time() . ")"]]); if (empty($entities)) { $SESSION->set('wizards', true); return; } $guids = []; $new_users_guids = []; $user_need_new_user_wizards = $user->getPrivateSetting('wizard_check_first_login_wizards'); foreach ($entities as $e) { if ($e->show_users == 'new_users') { if ($user_need_new_user_wizards) { $new_users_guids[] = $e->getGUID(); } } else { $guids[] = $e->getGUID(); } } if (($user_need_new_user_wizards || $user_need_new_user_wizards === null) && empty($new_users_guids)) { // there are no more new user wizards to show, so report the user as done $user->setPrivateSetting('wizard_check_first_login_wizards', false); } if (empty($new_users_guids) && empty($guids)) { $SESSION->set('wizards', true); return; } if (!empty($new_users_guids)) { $SESSION->set('wizards', $new_users_guids); } else { $SESSION->set('wizards', $guids); } $wizards = $SESSION->get('wizards'); return get_entity($wizards[0]); }
if (empty($username) || empty($password)) { return elgg_error_response(elgg_echo('login:empty')); } // check if logging in with email address if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { $username = $users[0]->username; } $user = get_user_by_username($username); $result = elgg_authenticate($username, $password); if ($result !== true) { // was due to missing hash? if ($user && !$user->password_hash) { // if we did this in pam_auth_userpass(), visitors could sniff account usernames from // email addresses. Instead, this lets us give the visitor only the information // they provided. elgg_get_session()->set('forgotpassword:hash_missing', get_input('username')); $output = ['forward' => 'forgotpassword']; return elgg_ok_response($output, '', 'forgotpassword'); } return elgg_error_response($result); } if (!$user) { return elgg_error_response(elgg_echo('login:baduser')); } try { login($user, $persistent); // re-register at least the core language file for users with language other than site default register_translations(dirname(dirname(__FILE__)) . "/languages/"); } catch (LoginException $e) { return elgg_error_response($e->getMessage()); }
/** * Generate a token from a session token (specifying the user), the timestamp, and the site key. * * @see generate_action_token * * @param int $timestamp Unix timestamp * @param string $session_token Session-specific token * * @return string * @access private */ public function generateActionToken($timestamp, $session_token = '') { if (!$session_token) { $session_token = elgg_get_session()->get('__elgg_session'); if (!$session_token) { return false; } } return _elgg_services()->crypto->getHmac([(int) $timestamp, $session_token], 'md5')->getToken(); }
<?php if (elgg_is_logged_in()) { forward(); } $email = elgg_get_session()->get('emailsent', ''); if (!$email) { forward(); } $shell = elgg_get_config('walled_garden') ? 'walled_garden' : 'default'; $title = elgg_echo('uservalidationbyemail:emailsent', [$email]); $body = elgg_view_layout('default', ['title' => $title, 'content' => elgg_echo('uservalidationbyemail:registerok'), 'sidebar' => false]); echo elgg_view_page(strip_tags($title), $body, $shell);
/** * @group AjaxService */ public function testCanRefreshTokens() { elgg_register_page_handler('refresh_token', [$this->actions, 'handleTokenRefreshRequest']); $dt = new \DateTime(); $this->actions->setCurrentTime($dt); $ts = $dt->getTimestamp(); $token = $this->actions->generateActionToken($ts); $session_token = elgg_get_session()->get('__elgg_session'); $this->request = $this->prepareHttpRequest('refresh_token', 'POST', [], 1); $this->createService(); set_input('pairs', ["{$ts},{$token}", "{$ts},fake"]); set_input('session_token', $session_token); $this->route(); $response = _elgg_services()->responseFactory->getSentResponse(); $this->assertInstanceOf(Response::class, $response); $this->assertEquals(ELGG_HTTP_OK, $response->getStatusCode()); $this->assertContains('application/json', $response->headers->get('Content-Type')); $expected = json_encode(['token' => ['__elgg_ts' => $ts, '__elgg_token' => $token, 'logged_in' => false], 'valid_tokens' => [$token => true], 'session_token' => $session_token, 'user_guid' => 0]); $this->assertEquals($expected, $response->getContent()); }
public function testHasAccessToEntity() { $session = elgg_get_session(); $test_user = $session->getLoggedInUser(); $object = new ElggObject(); $object->access_id = ACCESS_PRIVATE; $object->save(); $session->removeLoggedInUser(); $this->assertFalse(has_access_to_entity($object)); $this->assertFalse(has_access_to_entity($object, $this->user)); $session->setLoggedInUser($test_user); $object->access_id = ACCESS_PUBLIC; $object->save(); $session->removeLoggedInUser(); $this->assertTrue(has_access_to_entity($object)); $this->assertTrue(has_access_to_entity($object, $this->user)); $session->setLoggedInUser($test_user); $object->access_id = ACCESS_LOGGED_IN; $object->save(); $session->removeLoggedInUser(); $this->assertFalse(has_access_to_entity($object)); $this->assertTrue(has_access_to_entity($object, $this->user)); $session->setLoggedInUser($test_user); $test_user->addFriend($this->user->guid); $object->access_id = ACCESS_FRIENDS; $object->save(); $session->removeLoggedInUser(); $this->assertFalse(has_access_to_entity($object)); $this->assertTrue(has_access_to_entity($object, $this->user)); $session->setLoggedInUser($test_user); $test_user->removeFriend($this->user->guid); $object->delete(); }
public function testCanAnnotateDefault() { $object = new \ElggObject(); $object->subtype = 'test_1389988642'; $object->save(); $this->assertTrue($object->canAnnotate()); $user = elgg_get_logged_in_user_entity(); elgg_get_session()->removeLoggedInUser(); $this->assertFalse($object->canAnnotate()); elgg_get_session()->setLoggedInUser($user); $object->delete(); }
if (empty($wizard)) { return; } if (!$wizard instanceof Wizard) { return; } $can_close = 'false'; if ($wizard->user_can_close) { // remove check from session... if user aborts the wizard will not trigger again during session $wizards = elgg_get_session()->get('wizards'); $index = array_search($wizard->guid, $wizards); unset($wizards[$index]); if (empty($wizards)) { elgg_get_session()->set('wizards', true); } else { elgg_get_session()->set('wizards', $wizards); } $can_close = 'true'; } if ($wizard->display_mode !== 'overlay') { forward($wizard->getURL()); } elgg_load_js('lightbox'); elgg_load_css('lightbox'); ?> <script> require(['jquery', 'elgg'], function($, elgg){ $.colorbox({ href: '<?php echo $wizard->getURL(); ?>