/**
* Called before each test object.
*/
public function __construct()
{
$this->ia = elgg_set_ignore_access(TRUE);
parent::__construct();
$this->user = new ElggUser();
$this->user->username = '******' . rand();
$this->user->email = '*****@*****.**';
$this->user->name = 'I am a Test User';
$this->user->access_id = ACCESS_PUBLIC;
$this->user->salt = generate_random_cleartext_password();
$this->user->password = generate_user_password($this->user, "pass123");
$this->user->container_guid = 0;
$this->user->owner_guid = 0;
$this->user->save();
// all __construct() code should come after here
$this->user2 = new ElggUser();
// generating API key
$keypair = create_api_user($CONFIG->site_id);
if ($keypair) {
$this->apikey = new ElggObject();
$this->apikey->subtype = 'api_key';
$this->apikey->access_id = ACCESS_PUBLIC;
$this->apikey->title = "User web services";
$this->apikey->public = $keypair->api_key;
$this->apikey->save();
}
}
/**
* insert user into elgg user table
*
* Get user info from db
* Tries to insert, otherwise return error
*
* @return user
*/
function cas_insertUser($username, $casUser, $config)
{
// $name = $attr['cn'];
// $uname = !empty($attr['textuid']) ? $attr['textuid'] : str_replace(".", "",$username);
// $email = $attr['mail'];
$name = $casUser->name;
$uname = !empty($casUser->username) ? $casUser->username : $username;
$email = $casUser->email;
$password = md5($uname . $email);
$user = new ElggUser();
$user->username = $uname;
$user->email = $email;
$user->name = $name;
$user->access_id = 2;
$user->salt = generate_random_cleartext_password();
// Note salt generated before password!
$user->password = generate_user_password($user, $password);
$user->save();
$guid = $user->guid;
$obj = get_entity($guid);
if (isset($config->casadminuser) && $config->casadminuser == $username) {
if ($obj instanceof ElggUser && $obj->canEdit()) {
$obj->admin = 'yes';
if ($obj->admin) {
system_message(elgg_echo('admin:user:makeadmin:yes'));
} else {
register_error(elgg_echo('admin:user:makeadmin:no'));
}
} else {
register_error(elgg_echo('admin:user:makeadmin:no'));
}
}
return $user;
}
public function testUpdateACL()
{
// another fake user to test with
$user = new ElggUser();
$user->username = '******' . rand();
$user->email = '*****@*****.**' . rand();
$user->name = 'fake user';
$user->access_id = ACCESS_PUBLIC;
$user->salt = _elgg_generate_password_salt();
$user->password = generate_user_password($user, rand());
$user->owner_guid = 0;
$user->container_guid = 0;
$user->save();
$acl_id = create_access_collection('test acl');
$member_lists = array(array($this->user->guid, $user->guid), array($user->guid), array($this->user->guid), array());
foreach ($member_lists as $members) {
$result = update_access_collection($acl_id, $members);
$this->assertTrue($result);
if ($result) {
$q = "SELECT * FROM {$this->dbPrefix}access_collection_membership\n\t\t\t\t\tWHERE access_collection_id = {$acl_id}";
$data = get_data($q);
if (count($members) == 0) {
$this->assertFalse($data);
} else {
$this->assertEqual(count($members), count($data));
}
foreach ($data as $row) {
$this->assertTrue(in_array($row->user_guid, $members));
}
}
}
delete_access_collection($acl_id);
$user->delete();
}
/**
* Set a user's password
*
* @return bool
* @since 1.8.0
* @access private
*/
function elgg_set_user_password()
{
$current_password = get_input('current_password', null, false);
$password = get_input('password', null, false);
$password2 = get_input('password2', null, false);
$user_guid = get_input('guid');
if (!$user_guid) {
$user = elgg_get_logged_in_user_entity();
} else {
$user = get_entity($user_guid);
}
if ($user && $password) {
// let admin user change anyone's password without knowing it except his own.
if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) {
$credentials = array('username' => $user->username, 'password' => $current_password);
try {
pam_auth_userpass($credentials);
} catch (LoginException $e) {
register_error(elgg_echo('LoginException:ChangePasswordFailure'));
return false;
}
}
try {
$result = validate_password($password);
} catch (RegistrationException $e) {
register_error($e->getMessage());
return false;
}
if ($result) {
if ($password == $password2) {
$user->salt = _elgg_generate_password_salt();
$user->password = generate_user_password($user, $password);
$user->code = '';
if ($user->guid == elgg_get_logged_in_user_guid() && !empty($_COOKIE['elggperm'])) {
// regenerate remember me code so no other user could
// use it to authenticate later
$code = _elgg_generate_remember_me_token();
$_SESSION['code'] = $code;
$user->code = md5($code);
setcookie("elggperm", $code, time() + 86400 * 30, "/");
}
if ($user->save()) {
system_message(elgg_echo('user:password:success'));
return true;
} else {
register_error(elgg_echo('user:password:fail'));
}
} else {
register_error(elgg_echo('user:password:fail:notsame'));
}
} else {
register_error(elgg_echo('user:password:fail:tooshort'));
}
} else {
// no change
return null;
}
return false;
}
/**
* Set a user's password
*
* @return bool
* @since 1.8.0
* @access private
*/
function elgg_set_user_password()
{
$current_password = get_input('current_password');
$password = get_input('password');
$password2 = get_input('password2');
$user_guid = get_input('guid');
if (!$user_guid) {
$user = elgg_get_logged_in_user_entity();
} else {
$user = get_entity($user_guid);
}
if ($user && $password) {
// let admin user change anyone's password without knowing it except his own.
if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) {
$credentials = array('username' => $user->username, 'password' => $current_password);
try {
pam_auth_userpass($credentials);
} catch (LoginException $e) {
register_error(elgg_echo('LoginException:ChangePasswordFailure'));
return false;
}
}
try {
$result = validate_password($password);
} catch (RegistrationException $e) {
register_error($e->getMessage());
return false;
}
if ($result) {
if ($password == $password2) {
$user->salt = generate_random_cleartext_password();
// Reset the salt
$user->password = generate_user_password($user, $password);
if ($user->save()) {
system_message(elgg_echo('user:password:success'));
return true;
} else {
register_error(elgg_echo('user:password:fail'));
}
} else {
register_error(elgg_echo('user:password:fail:notsame'));
}
} else {
register_error(elgg_echo('user:password:fail:tooshort'));
}
} else {
// no change
return null;
}
return false;
}
/**
* Create a fake user
*
* @return ElggUser
*/
public static function createUser()
{
$user = new ElggUser();
$user->username = '******' . rand();
$user->email = '*****@*****.**' . rand();
$user->name = 'fake user ' . rand();
$user->access_id = ACCESS_PUBLIC;
$user->salt = generate_random_cleartext_password();
$user->password = generate_user_password($user, rand());
$user->owner_guid = 0;
$user->container_guid = 0;
$user->save();
return $user;
}
/**
* Called before each test object.
*/
public function __construct()
{
parent::__construct();
$this->user = new ElggUser();
$this->user->username = '******' . rand();
$this->user->email = '*****@*****.**' . rand();
$this->user->name = 'fake user ' . rand();
$this->user->access_id = ACCESS_PUBLIC;
$this->user->salt = _elgg_generate_password_salt();
$this->user->password = generate_user_password($this->user, rand());
$this->user->owner_guid = 0;
$this->user->container_guid = 0;
$this->user->save();
}
/**
* Set a user's password
*
* @return bool
* @since 1.8.0
*/
function elgg_set_user_password()
{
$current_password = get_input('current_password');
$password = get_input('password');
$password2 = get_input('password2');
$user_id = get_input('guid');
if (!$user_id) {
$user = elgg_get_logged_in_user_entity();
} else {
$user = get_entity($user_id);
}
if ($user && $password != "") {
// let admin user change anyone's password without knowing it except his own.
if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) {
$credentials = array('username' => $user->username, 'password' => $current_password);
if (!pam_auth_userpass($credentials)) {
register_error(elgg_echo('user:password:fail:incorrect_current_password'));
return false;
}
}
if (strlen($password) >= 4) {
if ($password == $password2) {
$user->salt = generate_random_cleartext_password();
// Reset the salt
$user->password = generate_user_password($user, $password);
if ($user->save()) {
system_message(elgg_echo('user:password:success'));
return true;
} else {
register_error(elgg_echo('user:password:fail'));
}
} else {
register_error(elgg_echo('user:password:fail:notsame'));
}
} else {
register_error(elgg_echo('user:password:fail:tooshort'));
}
} else {
// no change
return null;
}
return false;
}
/**
* Hook into the PAM system which accepts a username and password and attempts to authenticate
* it against a known user.
*
* @param array $credentials Associated array of credentials passed to pam_authenticate. This function expects
* 'username' and 'password' (cleartext).
*/
function pam_auth_userpass($credentials = NULL)
{
if (is_array($credentials) && $credentials['username'] && $credentials['password']) {
if ($user = get_user_by_username($credentials['username'])) {
// Let admins log in without validating their email, but normal users must have validated their email or been admin created
if (!$user->admin && !$user->validated && !$user->admin_created) {
return false;
}
// User has been banned, so prevent from logging in
if ($user->isBanned()) {
return false;
}
if ($user->password == generate_user_password($user, $credentials['password'])) {
return true;
} else {
// Password failed, log.
log_login_failure($user->guid);
}
}
}
return false;
}
if ($container_guid == '' || $username == '' || $password == '' || $password2 == '' || $email == '' || $name == '') {
register_error("Todos os campos são obrigatórios.");
forward(REFERER);
}
if (strcmp($password, $password2) != 0) {
register_error(elgg_echo('RegistrationException:PasswordMismatch'));
forward(REFERER);
}
try {
$aluno = new Aluno();
$aluno->username = $username;
$aluno->email = $email;
$aluno->name = $name;
$aluno->access_id = ACCESS_PUBLIC;
$aluno->salt = _elgg_generate_password_salt();
$aluno->password = generate_user_password($aluno, $password);
$aluno->owner_guid = 0;
$aluno->container_guid = $container_guid;
$aluno->language = get_current_language();
$guid = $aluno->save();
if ($guid) {
$new_user = get_entity($guid);
elgg_clear_sticky_form('useradd');
$new_user->created_by_guid = elgg_get_logged_in_user_guid();
$subject = elgg_echo('useradd:subject');
$body = elgg_echo('useradd:body', array($name, elgg_get_site_entity()->name, elgg_get_site_entity()->url, $username, $password));
notify_user($new_user->guid, elgg_get_site_entity()->guid, $subject, $body);
system_message(elgg_echo("adduser:ok", array(elgg_get_site_entity()->name)));
} else {
register_error(elgg_echo("adduser:bad"));
}
/**
* Registers a user, returning false if the username already exists
*
* @param string $username The username of the new user
* @param string $password The password
* @param string $name The user's display name
* @param string $email Their email address
* @param bool $allow_multiple_emails Allow the same email address to be
* registered multiple times?
* @param int $friend_guid GUID of a user to friend once fully registered
* @param string $invitecode An invite code from a friend
*
* @return int|false The new user's GUID; false on failure
*/
function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '')
{
// Load the configuration
global $CONFIG;
// no need to trim password.
$username = trim($username);
$name = trim(strip_tags($name));
$email = trim($email);
// A little sanity checking
if (empty($username) || empty($password) || empty($name) || empty($email)) {
return false;
}
// Make sure a user with conflicting details hasn't registered and been disabled
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
if (!validate_email_address($email)) {
throw new RegistrationException(elgg_echo('registration:emailnotvalid'));
}
if (!validate_password($password)) {
throw new RegistrationException(elgg_echo('registration:passwordnotvalid'));
}
if (!validate_username($username)) {
throw new RegistrationException(elgg_echo('registration:usernamenotvalid'));
}
if ($user = get_user_by_username($username)) {
throw new RegistrationException(elgg_echo('registration:userexists'));
}
if (!$allow_multiple_emails && get_user_by_email($email)) {
throw new RegistrationException(elgg_echo('registration:dupeemail'));
}
access_show_hidden_entities($access_status);
// Create user
$user = new ElggUser();
$user->username = $username;
$user->email = $email;
$user->name = $name;
$user->access_id = ACCESS_PUBLIC;
$user->salt = generate_random_cleartext_password();
// Note salt generated before password!
$user->password = generate_user_password($user, $password);
$user->owner_guid = 0;
// Users aren't owned by anyone, even if they are admin created.
$user->container_guid = 0;
// Users aren't contained by anyone, even if they are admin created.
$user->language = get_current_language();
$user->save();
// If $friend_guid has been set, make mutual friends
if ($friend_guid) {
if ($friend_user = get_user($friend_guid)) {
if ($invitecode == generate_invite_code($friend_user->username)) {
$user->addFriend($friend_guid);
$friend_user->addFriend($user->guid);
// @todo Should this be in addFriend?
add_to_river('river/relationship/friend/create', 'friend', $user->getGUID(), $friend_guid);
add_to_river('river/relationship/friend/create', 'friend', $friend_guid, $user->getGUID());
}
}
}
// Turn on email notifications by default
set_user_notification_setting($user->getGUID(), 'email', true);
return $user->getGUID();
}
function pleio_api_change_setting($name = "", $password = "", $language = "", $email = "")
{
$fail = false;
$dirty = false;
$user = elgg_get_logged_in_user_entity();
if ($language && $language != $user->language && array_key_exists($language, get_installed_translations())) {
$user->language = $language;
$dirty = true;
}
if ($email && $email != $user->email) {
if (!is_email_address($email)) {
$fail = elgg_echo('email:save:fail');
} else {
if (!get_user_by_email($email)) {
$user->email = $email;
$dirty = true;
} else {
$fail = elgg_echo('registration:dupeemail');
}
}
}
if ($name && $name != $user->name) {
$name = strip_tags($name);
if (elgg_strlen($name) > 50) {
$fail = elgg_echo('user:name:fail');
} else {
$user->name = $name;
$dirty = true;
}
}
if ($password) {
try {
$result = validate_password($password);
if ($result) {
$user->salt = generate_random_cleartext_password();
$user->password = generate_user_password($user, $password);
$dirty = true;
} else {
$fail = elgg_echo('user:password:fail');
}
} catch (RegistrationException $e) {
$fail = $e->getMessage();
}
}
if ($fail) {
return new ErrorResult($fail);
} else {
if ($dirty) {
if ($user->canEdit() && $user->save()) {
return new SuccessResult("Instellingen opgeslagen");
} else {
return new ErrorResult("Opslaan mislukt");
}
} else {
return new SuccessResult("Instellingen niet gewijzigd");
}
}
return new ErrorResult("Niets gewijzigd");
}
function import_to_stormpath()
{
$dbprefix = elgg_get_config('dbprefix');
$subject = elgg_get_plugin_setting('import_subject', PLUGIN_ID);
$message = elgg_get_plugin_setting('import_message', PLUGIN_ID);
$site = elgg_get_site_entity();
$site_url = elgg_get_site_url();
if (!$subject || !$message) {
error_log('no subject/message');
return true;
}
if (is_elgg18()) {
$name_id = add_metastring('__stormpath_user');
$value_id = add_metastring(1);
} else {
$name_id = elgg_get_metastring_id('__stormpath_user');
$value_id = elgg_get_metastring_id(1);
}
$options = array('type' => 'user', 'joins' => array("LEFT JOIN {$dbprefix}metadata md ON md.entity_guid = e.guid AND md.name_id = {$name_id}"), 'wheres' => array('md.name_id IS NULL'), 'limit' => false);
$batch = new \ElggBatch('elgg_get_entities', $options);
$batch->setIncrementOffset(false);
foreach ($batch as $user) {
// search stormpath for a matching account
$application = get_application();
$accts = $application->getAccounts(array('email' => $user->email));
$already_exists = false;
foreach ($accts as $a) {
$user->__stormpath_user = $a->href;
error_log('set user ' . $user->username . ': ' . $a->href);
$already_exists = true;
break;
}
if ($already_exists) {
continue;
}
// change it locally
$password = generate_random_cleartext_password();
$user->salt = _elgg_generate_password_salt();
$user->password = generate_user_password($user, $password);
$user->save();
error_log('adding to stormpath ' . $user->email);
$result = add_to_stormpath($user, $password);
if ($result) {
// notify them of the change
// replace tokens in the message
$message_m = str_replace('{{password}}', $password, $message);
$message_m = str_replace('{{name}}', $user->name, $message_m);
$message_m = str_replace('{{username}}', $user->username, $message_m);
$message_m = str_replace('{{email}}', $user->email, $message_m);
$message_m = str_replace('{{forgot_password}}', $site_url . 'forgotpassword', $message_m);
$message_m = str_replace('{{site_email}}', $site->email, $message_m);
$message_m = str_replace('{{site_url}}', $site_url, $message_m);
notify_user($user->guid, $site->guid, $subject, $message_m, null, 'email');
}
}
}
/**
* Log in a user with facebook.
*/
function facebook_connect_login()
{
global $CONFIG;
elgg_load_library('facebook');
// sanity check
if (!facebook_connect_allow_sign_on_with_facebook()) {
forward();
}
$facebook = facebookservice_api();
$access_token = $facebook->getAccessToken();
// Get User ID
$userID = $facebook->getUser();
if ($userID) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$userID = null;
register_error(elgg_echo('facebook_connect:login:error'));
forward();
}
} else {
system_message(elgg_echo('loginerror'));
forward();
}
// attempt to find user and log them in.
// else, create a new user.
$options = array('type' => 'user', 'plugin_user_setting_name_value_pairs' => array('uid' => $userID, 'access_token' => $access_token), 'plugin_user_setting_name_value_pairs_operator' => 'OR', 'limit' => 0);
$users = elgg_get_entities_from_plugin_user_settings($options);
if (!empty($users)) {
if (count($users) == 1 && login($users[0])) {
system_message(elgg_echo('facebook_connect:login:success'));
elgg_set_plugin_user_setting('access_token', $access_token, $users[0]->guid);
if (empty($users[0]->email)) {
$data = $facebook->api('/me');
$email = $data['email'];
$user = get_entity($users[0]->guid);
$user->email = $email;
$user->save();
}
} else {
system_message(elgg_echo('facebook_connect:login:error'));
}
forward();
} else {
// need facebook account credentials
$data = $facebook->api('/me');
// backward compatibility for stalled-development FBConnect plugin
$user = FALSE;
$facebook_users = elgg_get_entities_from_metadata(array('type' => 'user', 'metadata_name_value_pairs' => array('name' => 'facebook_uid', 'value' => $userID)));
if (is_array($facebook_users) && count($facebook_users) == 1) {
// convert existing account
$user = $facebook_users[0];
login($user);
// remove unused metadata
remove_metadata($user->getGUID(), 'facebook_uid');
remove_metadata($user->getGUID(), 'facebook_controlled_profile');
}
// create new user
if (!$user) {
// check new registration allowed
if (!facebook_connect_allow_new_users_with_facebook()) {
register_error(elgg_echo('registerdisabled'));
forward();
}
$userSave = 0;
$email = $data['email'];
$users = get_user_by_email($email);
if (!$users) {
// Elgg-ify facebook credentials
$username = str_replace(' ', '', strtolower($data['name']));
while (get_user_by_username($username)) {
$username = str_replace(' ', '', strtolower($data['name'])) . '_' . rand(1000, 9999);
}
$permissions = $facebook->api("/me/permissions");
if (array_key_exists('publish_stream', $permissions['data'][0])) {
$postWall = true;
} else {
$postWall = false;
}
$password = generate_random_cleartext_password();
$name = $data['name'];
$user = new ElggUser();
$user->username = $username;
$user->name = $name;
$user->email = $email;
$user->location = $data['locate'];
$user->website = $data['link'];
$user->access_id = ACCESS_PUBLIC;
$user->salt = generate_random_cleartext_password();
$user->password = generate_user_password($user, $password);
$user->owner_guid = 0;
$user->container_guid = 0;
if ($postWall) {
$user->post_wall = true;
}
$userSave = 1;
} else {
$user = $users[0];
}
$site = elgg_get_site_entity();
if ($postWall) {
$message = $user->name . ' just synchronized Facebook account with ' . $site->name;
$params = array('link' => elgg_get_site_url(), 'message' => $message, 'picture' => elgg_get_site_url() . '_graphics/elgg_logo.png', 'description' => $site->name . ' is the social network for connecting people.');
$status = $facebook->api('/me/feed', 'POST', $params);
}
if ($userSave) {
$userGuid = $user->save();
if (!$userGuid) {
register_error(elgg_echo('registerbad'));
forward();
}
send_user_password_mail($email, $name, $username, $password);
$forward = "profile/{$user->username}";
} else {
$forward = "";
}
}
// set facebook services tokens
elgg_set_plugin_user_setting('uid', $userID, $user->guid);
elgg_set_plugin_user_setting('access_token', $access_token, $user->guid);
// pull in facebook icon
$url = 'https://graph.facebook.com/' . $userID . '/picture?type=large';
facebook_connect_update_user_avatar($user, $url);
// login new user
if (login($user)) {
system_message(elgg_echo('facebook_connect:login:success'));
} else {
system_message(elgg_echo('facebook_connect:login:error'));
}
forward($forward, 'facebook_connect');
}
// register login error
register_error(elgg_echo('facebook_connect:login:error'));
forward();
}
/**
* Registers a user, returning false if the username already exists
*
* @param string $username The username of the new user
* @param string $password The password
* @param string $name The user's display name
* @param string $email The user's email address
* @param bool $allow_multiple_emails Allow the same email address to be
* registered multiple times?
*
* @return int|false The new user's GUID; false on failure
* @throws RegistrationException
*/
function register_user($username, $password, $name, $email, $allow_multiple_emails = false)
{
// no need to trim password.
$username = trim($username);
$name = trim(strip_tags($name));
$email = trim($email);
// A little sanity checking
if (empty($username) || empty($password) || empty($name) || empty($email)) {
return false;
}
// Make sure a user with conflicting details hasn't registered and been disabled
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
if (!validate_email_address($email)) {
throw new RegistrationException(elgg_echo('registration:emailnotvalid'));
}
if (!validate_password($password)) {
throw new RegistrationException(elgg_echo('registration:passwordnotvalid'));
}
if (!validate_username($username)) {
throw new RegistrationException(elgg_echo('registration:usernamenotvalid'));
}
if ($user = get_user_by_username($username)) {
throw new RegistrationException(elgg_echo('registration:userexists'));
}
if (!$allow_multiple_emails && get_user_by_email($email)) {
throw new RegistrationException(elgg_echo('registration:dupeemail'));
}
access_show_hidden_entities($access_status);
// Create user
$user = new ElggUser();
$user->username = $username;
$user->email = $email;
$user->name = $name;
$user->access_id = ACCESS_PUBLIC;
$user->salt = _elgg_generate_password_salt();
$user->password = generate_user_password($user, $password);
$user->owner_guid = 0;
// Users aren't owned by anyone, even if they are admin created.
$user->container_guid = 0;
// Users aren't contained by anyone, even if they are admin created.
$user->language = get_current_language();
if ($user->save() === false) {
return false;
}
// Turn on email notifications by default
set_user_notification_setting($user->getGUID(), 'email', true);
return $user->getGUID();
}
if (!$userlogin) {
$userlogin = '******' . rand(10000, 99999);
}
while (get_user_by_username($userlogin)) {
$userlogin = str_replace(' ', '-', $user_profile->displayName) . '-' . rand(1000, 9999);
}
$password = generate_random_cleartext_password();
$username = $user_profile->displayName;
$useremail = $user_profile->email;
$user = new ElggUser();
$user->username = $userlogin;
$user->name = $username;
$user->access_id = ACCESS_PUBLIC;
$user->email = $user_profile->email;
$user->salt = generate_random_cleartext_password();
$user->password = generate_user_password($user, $password);
$user->owner_guid = 0;
$user->container_guid = 0;
if (!$user->save()) {
register_error(elgg_echo('registerbad'));
}
// register user && provider
elgg_set_plugin_user_setting('uid', $user_uid, $user->guid, 'elgg_social_login');
elgg_set_plugin_user_setting('provider', $provider, $user->guid, 'elgg_social_login');
// notice && login
if (elgg_get_plugin_setting("social_login_notify", "social_login") == "yes") {
if (strtolower($provider) == "facebook" || strtolower($provider) == "linkedin") {
if (empty($user->last_login)) {
$message = elgg_echo('social:register:joined');
$adapter->setUserStatus($message);
}
* @package Elgg
* @subpackage Core
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
* @author Curverider Ltd
* @copyright Curverider Ltd 2008-2009
* @link http://elgg.org/
*/
require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php";
global $CONFIG;
// block non-admin users
admin_gatekeeper();
action_gatekeeper();
// Get the user
$guid = get_input('guid');
$obj = get_entity($guid);
if ($obj instanceof ElggUser && $obj->canEdit()) {
$password = generate_random_cleartext_password();
$obj->salt = generate_random_cleartext_password();
// Reset the salt
$obj->password = generate_user_password($obj, $password);
if ($obj->save()) {
system_message(elgg_echo('admin:user:resetpassword:yes'));
notify_user($obj->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), sprintf(elgg_echo('email:resetpassword:body'), $obj->username, $password), NULL, 'email');
} else {
register_error(elgg_echo('admin:user:resetpassword:no'));
}
} else {
register_error(elgg_echo('admin:user:resetpassword:no'));
}
forward($_SERVER['HTTP_REFERER']);
exit;
/**
* Registers a user, returning false if the username already exists
*
* @param string $username The username of the new user
* @param string $password The password
* @param string $name The user's display name
* @param string $email Their email address
* @param bool $allow_multiple_emails Allow the same email address to be registered multiple times?
* @param int $friend_guid Optionally, GUID of a user this user will friend once fully registered
* @return int|false The new user's GUID; false on failure
*/
function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '')
{
// Load the configuration
global $CONFIG;
$username = trim($username);
$password = trim($password);
$name = trim($name);
$email = trim($email);
// A little sanity checking
if (empty($username) || empty($password) || empty($name) || empty($email)) {
return false;
}
// See if it exists and is disabled
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
// Validate email address
if (!validate_email_address($email)) {
throw new RegistrationException(elgg_echo('registration:emailnotvalid'));
}
// Validate password
if (!validate_password($password)) {
throw new RegistrationException(elgg_echo('registration:passwordnotvalid'));
}
// Validate the username
if (!validate_username($username)) {
throw new RegistrationException(elgg_echo('registration:usernamenotvalid'));
}
// Check to see if $username exists already
if ($user = get_user_by_username($username)) {
//return false;
throw new RegistrationException(elgg_echo('registration:userexists'));
}
// If we're not allowed multiple emails then see if this address has been used before
if (!$allow_multiple_emails && get_user_by_email($email)) {
throw new RegistrationException(elgg_echo('registration:dupeemail'));
}
access_show_hidden_entities($access_status);
// Check to see if we've registered the first admin yet.
// If not, this is the first admin user!
$admin = datalist_get('admin_registered');
// Otherwise ...
$user = new ElggUser();
$user->username = $username;
$user->email = $email;
$user->name = $name;
$user->access_id = ACCESS_PUBLIC;
$user->salt = generate_random_cleartext_password();
// Note salt generated before password!
$user->password = generate_user_password($user, $password);
$user->owner_guid = 0;
// Users aren't owned by anyone, even if they are admin created.
$user->container_guid = 0;
// Users aren't contained by anyone, even if they are admin created.
$user->save();
// If $friend_guid has been set, make mutual friends
if ($friend_guid) {
if ($friend_user = get_user($friend_guid)) {
if ($invitecode == generate_invite_code($friend_user->username)) {
$user->addFriend($friend_guid);
$friend_user->addFriend($user->guid);
}
}
}
global $registering_admin;
if (!$admin) {
$user->admin = true;
datalist_set('admin_registered', 1);
$registering_admin = true;
} else {
$registering_admin = false;
}
// Turn on email notifications by default
set_user_notification_setting($user->getGUID(), 'email', true);
return $user->getGUID();
}
/**
* Can we allow the user with the credentials to log in?
* Check stormpath, create the user if they can log in and don't exist
* Enable the user if they can log in but were waiting for email verification
*
* @param type $credentials
* @return boolean
*/
function pam_handler($credentials)
{
// try to authenticate first
$application = get_application();
$authResult = $application->authenticate($credentials['username'], $credentials['password']);
$account = $authResult->account;
if (!$account || strtolower($account->status) != 'enabled') {
return false;
}
// we need to search hidden users too
// in case of email confirmation disabling
$show_hidden = access_get_show_hidden_status();
access_show_hidden_entities(true);
// we have an account and it's enabled
// see if we have a matching account here
// check if logging in with email address
if (strpos($credentials['username'], '@') !== false) {
$users = get_user_by_email($credentials['username']);
$user = $users[0];
} else {
$user = get_user_by_username($credentials['username']);
}
// custom context gives us permission to do this
elgg_push_context('stormpath_validate_user');
// if we don't have a user we need to create one
if (!$user) {
$user = new \ElggUser();
$user->username = preg_replace("/[^a-zA-Z0-9]/", "", $account->username);
$user->email = $account->email;
$user->name = $account->fullName;
$user->access_id = ACCESS_PUBLIC;
$user->salt = _elgg_generate_password_salt();
$user->password = generate_user_password($user, $credentials['password']);
$user->owner_guid = 0;
// Users aren't owned by anyone, even if they are admin created.
$user->container_guid = 0;
// Users aren't contained by anyone, even if they are admin created.
$user->language = get_current_language();
$user->save();
$user->__stormpath_user = $account->href;
elgg_set_user_validation_status($user->guid, TRUE, 'stormpath');
// Turn on email notifications by default
set_user_notification_setting($user->getGUID(), 'email', true);
}
// see if we need to enable/verify the user
if (!$user->isEnabled() && in_array($user->disable_reason, array('stormpath_new_user', 'uservalidationbyemail_new_user'))) {
$user->enable();
$user->__stormpath_user = $account->href;
elgg_set_user_validation_status($user->guid, TRUE, 'stormpath');
}
elgg_pop_context();
access_show_hidden_entities($show_hidden);
if ($user && $user->isEnabled()) {
return true;
}
return false;
}
/**
* Log in a user with facebook.
*/
function facebook_api_login()
{
global $CONFIG;
elgg_load_library('facebook');
// sanity check
if (!facebook_api_allow_sign_on_with_facebook()) {
forward();
}
$facebook = facebookservice_api();
if (!($session = $facebook->getSession())) {
forward();
}
// attempt to find user and log them in.
// else, create a new user.
$options = array('type' => 'user', 'plugin_user_setting_name_value_pairs' => array('uid' => $session['uid'], 'access_token' => $session['access_token']), 'plugin_user_setting_name_value_pairs_operator' => 'OR', 'limit' => 0);
$users = elgg_get_entities_from_plugin_user_settings($options);
// need facebook account credentials
$data = $facebook->api('/me');
if ($users) {
if (count($users) == 1 && login($users[0])) {
//If user changed his email address
$users[0]->email = $data['email'];
system_message(elgg_echo('facebook_api:login:success'));
elgg_set_plugin_user_setting('access_token', $session['access_token'], $users[0]->guid);
} else {
system_message(elgg_echo('facebook_api:login:error'));
}
forward();
} else {
// backward compatibility for stalled-development FBConnect plugin
$user = FALSE;
$facebook_users = elgg_get_entities_from_metadata(array('type' => 'user', 'metadata_name_value_pairs' => array('name' => 'facebook_uid', 'value' => $session['uid'])));
if (is_array($facebook_users) && count($facebook_users) == 1) {
// convert existing account
$user = $facebook_users[0];
//If user changed his email address
$user->email = $data['email'];
login($user);
// remove unused metadata
remove_metadata($user->getGUID(), 'facebook_uid');
remove_metadata($user->getGUID(), 'facebook_controlled_profile');
}
// create new user
if (!$user) {
// check new registration allowed
if (!facebook_api_allow_new_users_with_facebook()) {
register_error(elgg_echo('registerdisabled'));
forward();
}
// Elgg-ify facebook credentials
$username = str_replace(' ', '', strtolower($data['name']));
while (get_user_by_username($username)) {
$username = str_replace(' ', '', strtolower($data['name'])) . '_' . rand(1000, 9999);
}
$password = generate_random_cleartext_password();
$name = $data['name'];
$user = new ElggUser();
$user->username = $username;
$user->name = $name;
$user->access_id = ACCESS_PUBLIC;
$user->salt = generate_random_cleartext_password();
$user->password = generate_user_password($user, $password);
$user->owner_guid = 0;
$user->container_guid = 0;
$user->email = $data['email'];
$user->description = $data['bio'];
$user->briefdescription = $data['bio'];
$user->contactemail = $data['email'];
$site = elgg_get_site_entity();
if (!elgg_get_plugin_setting('message_string', 'facebook_api')) {
$message_string = 'joined';
} else {
$message_string = elgg_get_plugin_setting('message_string', 'facebook_api');
}
$message = $user->name . $message_string . $site->name;
$params = array('link' => elgg_get_site_url(), 'message' => $message, 'picture' => elgg_get_site_url() . '_graphics/elgg_logo.png', 'description' => $site->description);
if (!$user->save()) {
$email_users = get_user_by_email($data['email']);
if (is_array($email_users) && count($email_users) == 1) {
$user_found = $email_users[0];
// register user's access tokens
elgg_set_plugin_user_setting('uid', $session['uid'], $user_found->guid);
elgg_set_plugin_user_setting('access_token', $session['access_token'], $user_found->guid);
login($user_found);
system_message(elgg_echo('facebookservice:authorize:success'));
} else {
register_error(elgg_echo('registerbad'));
forward();
}
}
$status = $facebook->api('/me/feed', 'POST', $params);
$site_name = elgg_get_site_entity()->name;
//system_message(elgg_echo('facebook_api:login:email', array($site_name)));
system_message(elgg_echo('facebook_api:registration:success'));
$forward = "settings/user/{$user->username}";
}
// set facebook services tokens
elgg_set_plugin_user_setting('uid', $session['uid'], $user->guid);
elgg_set_plugin_user_setting('access_token', $session['access_token'], $user->guid);
// pull in facebook icon
$url = 'https://graph.facebook.com/' . $session['uid'] . '/picture?type=large';
facebook_api_update_user_avatar($user, $url);
// login new user
if (login($user)) {
system_message(elgg_echo('facebook_api:login:success'));
} else {
system_message(elgg_echo('facebook_api:login:error'));
}
forward($forward, 'facebook_api');
}
// register login error
register_error(elgg_echo('facebook_api:login:error'));
forward();
}
/**
* Create a new user from Twitter information
*
* @param object $twitter Twitter OAuth response
* @return ElggUser
*/
function twitter_api_create_user($twitter)
{
// check new registration allowed
if (!twitter_api_allow_new_users_with_twitter()) {
register_error(elgg_echo('registerdisabled'));
forward();
}
// Elgg-ify Twitter credentials
$username = $twitter->screen_name;
while (get_user_by_username($username)) {
// @todo I guess we just hope this is good enough
$username = $twitter->screen_name . '_' . rand(1000, 9999);
}
$password = generate_random_cleartext_password();
$name = $twitter->name;
$user = new ElggUser();
$user->username = $username;
$user->name = $name;
$user->access_id = ACCESS_PUBLIC;
$user->salt = _elgg_generate_password_salt();
$user->password = generate_user_password($user, $password);
$user->owner_guid = 0;
$user->container_guid = 0;
if (!$user->save()) {
register_error(elgg_echo('registerbad'));
forward();
}
return $user;
}
/**
* Used to create user with facebook data
*
* @access public
* @param array $fbData facebook data of user
* @return void
*/
function facebook_connect_create_update_user($fbData)
{
elgg_load_library('facebook');
// need facebook account credentials
// backward compatibility for stalled-development FBConnect plugin
$user = FALSE;
$facebook_users = elgg_get_entities_from_metadata(array('type' => 'user', 'metadata_name_value_pairs' => array('name' => 'facebook_uid', 'value' => $fbData['user_profile']['id'])));
if (is_array($facebook_users) && count($facebook_users) == 1) {
// convert existing account
$user = $facebook_users[0];
// remove unused metadata
remove_metadata($user->getGUID(), 'facebook_uid');
remove_metadata($user->getGUID(), 'facebook_controlled_profile');
}
// create new user
if (!$user) {
// check new registration allowed
if (!facebook_connect_allow_new_users_with_facebook()) {
register_error(elgg_echo('registerdisabled'));
forward();
}
$email = $fbData['user_profile']['email'];
$users = get_user_by_email($email);
if (!$users) {
// Elgg-ify facebook credentials
if (!empty($fbData['user_profile']['username'])) {
$username = $fbData['user_profile']['username'];
} else {
$username = str_replace(' ', '', strtolower($fbData['user_profile']['name']));
}
$usernameTmp = $username;
while (get_user_by_username($username)) {
$username = $usernameTmp . '_' . rand(1000, 9999);
}
$password = generate_random_cleartext_password();
$name = $fbData['user_profile']['name'];
$user = new ElggUser();
$user->username = $username;
$user->name = $name;
$user->email = $email;
$user->access_id = ACCESS_PUBLIC;
$user->salt = generate_random_cleartext_password();
$user->password = generate_user_password($user, $password);
$user->owner_guid = 0;
$user->container_guid = 0;
$user->last_action = date("Y-m-d");
$user->last_login = date("Y-m-d");
$user->validated = 1;
$user->validated_method = 'facebook';
$user->language = 'en';
if (!$user->save()) {
register_error(elgg_echo('registerbad'));
forward();
} else {
// send mail to user
send_user_password_mail($email, $name, $username, $password);
// post status on facebook
if (facebook_connect_allow_post_on_facebook()) {
facebook_connect_post_status($fbData);
}
// pull in facebook icon
$url = 'https://graph.facebook.com/' . $fbData['user_profile']['id'] . '/picture?type=large';
facebook_connect_update_user_avatar($user, $url);
}
} else {
$user = $users[0];
}
}
// set facebook services tokens
elgg_set_plugin_user_setting('uid', $fbData['user_profile']['id'], $user->guid);
elgg_set_plugin_user_setting('access_token', $fbData['user_profile']['accessToken'], $user->guid);
return $user;
}
/**
* Called on usersettings save action - changes the users password
* locally and on stormpath
*
* @param type $hook
* @param type $type
* @param type $return
* @param type $params
* @return boolean|null
*/
function set_user_password($hook = 'usersettings:save', $type = 'user', $return = true, $params = array())
{
$current_password = get_input('current_password', null, false);
$password = get_input('password', null, false);
$password2 = get_input('password2', null, false);
$user_guid = get_input('guid');
if ($user_guid) {
$user = get_user($user_guid);
} else {
$user = elgg_get_logged_in_user_entity();
}
if ($user && $password) {
// let admin user change anyone's password without knowing it except his own.
if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) {
$credentials = array('username' => $user->email, 'password' => $current_password);
try {
pam_handler($credentials);
} catch (\LoginException $e) {
register_error(elgg_echo('LoginException:ChangePasswordFailure'));
return false;
}
}
try {
$result = validate_password($password);
} catch (\RegistrationException $e) {
register_error($e->getMessage());
return false;
}
if ($result) {
if ($password == $password2) {
// change it on stormpath
if ($user->__stormpath_user) {
try {
$client = get_client();
$account = $client->dataStore->getResource($user->__stormpath_user, \Stormpath\Stormpath::ACCOUNT);
$account->password = $password;
$account->save();
} catch (\Exception $exc) {
register_error($exc->getMessage());
return false;
}
} else {
if ($password) {
add_to_stormpath($user, $password);
}
}
// change it locally
$user->salt = _elgg_generate_password_salt();
$user->password = generate_user_password($user, $password);
if (is_elgg18()) {
$user->code = '';
if ($user->guid == elgg_get_logged_in_user_guid() && !empty($_COOKIE['elggperm'])) {
// regenerate remember me code so no other user could
// use it to authenticate later
$code = _elgg_generate_remember_me_token();
$_SESSION['code'] = $code;
$user->code = md5($code);
setcookie("elggperm", $code, time() + 86400 * 30, "/");
}
} else {
_elgg_services()->persistentLogin->handlePasswordChange($user, elgg_get_logged_in_user_entity());
}
if ($user->save()) {
system_message(elgg_echo('user:password:success'));
return true;
} else {
register_error(elgg_echo('user:password:fail'));
}
} else {
register_error(elgg_echo('user:password:fail:notsame'));
}
} else {
register_error(elgg_echo('user:password:fail:tooshort'));
}
} else {
// no change
return null;
}
return false;
}
function siteaccess_auth_userpass($credentials = NULL)
{
if (is_array($credentials) && $credentials['username'] && $credentials['password']) {
if ($user = get_user_by_username($credentials['username'])) {
if ($user->password == generate_user_password($user, $credentials['password'])) {
return $user;
}
}
}
return false;
}
function social_connect_handle_authentication($user_profile, $provider)
{
global $CONFIG;
global $HA_SOCIAL_CONNECT_PROVIDERS_CONFIG;
$ignore_access = elgg_get_ignore_access();
$provider_name = $HA_SOCIAL_CONNECT_PROVIDERS_CONFIG[$provider]['provider_name'];
$user_uid = $user_profile->identifier;
// establish the value for the proceeding hook
$default_proceed = elgg_get_plugin_setting("ha_settings_{$provider}_hook1_default", 'social_connect');
if (!$default_proceed || $default_proceed == 'global') {
$default_proceed = elgg_get_plugin_setting('ha_settings_hook1_default', 'social_connect');
}
if (!$default_proceed) {
$default_proceed = SOCIAL_CONNECT_DEFAULT_PROCEED;
} else {
if ($default_proceed == 'true') {
$default_proceed = true;
} else {
if ($default_proceed == 'false') {
$default_proceed = false;
}
}
}
// the arguments for social connect events and hooks
$args = array('mode' => null, 'userid' => $user_uid, 'provider' => $HA_SOCIAL_CONNECT_PROVIDERS_CONFIG[$provider], 'user' => null, 'profile' => $user_profile);
// look for users that have already connected via this plugin
$options = array('type' => 'user', 'plugin_id' => 'social_connect', 'plugin_user_setting_name_value_pairs' => array("{$provider}/uid" => $user_uid), 'plugin_user_setting_name_value_pairs_operator' => 'AND', 'limit' => 0);
$users = elgg_get_entities_from_plugin_user_settings($options);
if (!$users) {
// user has not connected with plugin before
$args['mode'] = 'connect';
elgg_set_ignore_access(true);
$proceed = elgg_trigger_plugin_hook('social_connect', 'user', $args, $default_proceed);
elgg_set_ignore_access($ignore_access);
if ($proceed === false) {
// hook prevented social connection
return;
} else {
if ($proceed === 'email' || $proceed === 'emailOnly') {
// hook wants to try and connect via email address
// check whether the user already exists with the email provided
$useremail = $user_profile->email;
if ($useremail && ($users = get_user_by_email($useremail))) {
social_connect_user($user_uid, $users[0], $user_profile, $provider);
system_message(sprintf(elgg_echo('social_connect:connect:ok'), $provider_name));
$args['mode'] = 'email';
$args['user'] = $users[0];
elgg_set_ignore_access(true);
elgg_trigger_event('social_connect', 'user', $args);
elgg_set_ignore_access($ignore_access);
return;
}
if ($proceed === 'emailOnly') {
// hook wants only email address connection or failure
register_error(sprintf(elgg_echo('social_connect:connect:emailnotfound'), $proceed));
return;
}
}
}
// email connection not required or failed, so register a new user
$userlogin = str_replace(' ', '', $user_profile->displayName);
if (!$userlogin) {
$userlogin = $provider . '_user_' . rand(1000, 9999);
}
$org_userlogin = $userlogin;
while (get_user_by_username($userlogin)) {
$userlogin = $org_userlogin . '_' . rand(1000, 9999);
}
unset($org_userlogin);
$password = generate_random_cleartext_password();
$username = $user_profile->displayName;
$user = new ElggUser();
$user->username = $userlogin;
$user->name = $username;
$user->email = $user_profile->email;
$user->access_id = ACCESS_PUBLIC;
$user->salt = generate_random_cleartext_password();
$user->password = generate_user_password($user, $password);
$user->owner_guid = 0;
$user->container_guid = 0;
if ($user->save()) {
if ($user->email && elgg_get_plugin_setting('notify_new_user', 'social_connect')) {
$email = elgg_echo('email:social_connect:body', array($userlogin, $password));
set_user_notification_setting($user->getGUID(), 'email', true);
notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:social_connect:subject', array($provider_name)), $email, NULL, 'email');
}
} else {
register_error(sprintf(elgg_echo('social_connect:register:bad'), $provider_name) . elgg_echo("zhaohu:sorry"));
elgg_log("ZHError social_connect:register:bad , userlogin {$userlogin}", "ERROR");
return;
}
system_message(sprintf(elgg_echo('social_connect:register:ok'), $provider_name));
social_connect_user($user_uid, $user, $user_profile, $provider);
$args['mode'] = 'register';
$args['user'] = $user;
elgg_set_ignore_access(true);
elgg_trigger_event('social_connect', 'user', $args);
elgg_set_ignore_access($ignore_access);
} elseif (count($users) == 1) {
// one user has already been registered on Elgg with this provider
$args['mode'] = 'login';
$args['user'] = $users[0];
elgg_set_ignore_access(true);
if (elgg_trigger_plugin_hook('social_connect', 'user', $args, (bool) $default_proceed)) {
// if not, hook prevented social connection
login($users[0]);
system_message(sprintf(elgg_echo('social_connect:login:ok'), $provider_name));
}
elgg_set_ignore_access($ignore_access);
} else {
throw new Exception(sprintf(elgg_echo('social_connect:login:bad'), $provider_name));
}
}
/**
* Hook into the PAM system which accepts a username and password and attempts to authenticate
* it against a known user.
*
* @param array $credentials Associated array of credentials passed to
* Elgg's PAM system. This function expects
* 'username' and 'password' (cleartext).
*
* @return bool
* @throws LoginException
* @access private
*/
function pam_auth_userpass(array $credentials = array())
{
if (!isset($credentials['username']) || !isset($credentials['password'])) {
return false;
}
$user = get_user_by_username($credentials['username']);
if (!$user) {
throw new LoginException(elgg_echo('LoginException:UsernameFailure'));
}
if (check_rate_limit_exceeded($user->guid)) {
throw new LoginException(elgg_echo('LoginException:AccountLocked'));
}
if ($user->password !== generate_user_password($user, $credentials['password'])) {
log_login_failure($user->guid);
throw new LoginException(elgg_echo('LoginException:PasswordFailure'));
}
return true;
}
/**
* Log in a user with twitter.
*/
function twitter_api_login()
{
// sanity check
if (!twitter_api_allow_sign_on_with_twitter()) {
forward();
}
$token = twitter_api_get_access_token(get_input('oauth_verifier'));
if (!isset($token['oauth_token']) or !isset($token['oauth_token_secret'])) {
register_error(elgg_echo('twitter_api:login:error'));
forward();
}
// attempt to find user and log them in.
// else, create a new user.
$options = array('type' => 'user', 'plugin_user_setting_name_value_pairs' => array('access_key' => $token['oauth_token'], 'access_secret' => $token['oauth_token_secret']), 'limit' => 0);
$users = elgg_get_entities_from_plugin_user_settings($options);
if ($users) {
if (count($users) == 1 && login($users[0])) {
system_message(elgg_echo('twitter_api:login:success'));
// trigger login hook
elgg_trigger_plugin_hook('login', 'twitter_api', array('user' => $users[0]));
} else {
system_message(elgg_echo('twitter_api:login:error'));
}
forward();
} else {
// need Twitter account credentials
elgg_load_library('twitter_oauth');
$consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api');
$consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api');
$api = new TwitterOAuth($consumer_key, $consumer_secret, $token['oauth_token'], $token['oauth_token_secret']);
$twitter = $api->get('account/verify_credentials');
// backward compatibility for stalled-development Twitter Login plugin
$user = FALSE;
if ($twitter_user = get_user_by_username($token['screen_name'])) {
if (($screen_name = $twitter_user->twitter_screen_name) && $screen_name == $token['screen_name']) {
// convert existing account
$user = $twitter_user;
$forward = '';
}
}
// create new user
if (!$user) {
// check new registration allowed
if (!twitter_api_allow_new_users_with_twitter()) {
register_error(elgg_echo('registerdisabled'));
forward();
}
// trigger a hook for plugin authors to intercept
if (!elgg_trigger_plugin_hook('new_twitter_user', 'twitter_service', array('account' => $twitter), TRUE)) {
// halt execution
register_error(elgg_echo('twitter_api:login:error'));
forward();
}
// Elgg-ify Twitter credentials
$username = $twitter->screen_name;
while (get_user_by_username($username)) {
$username = $twitter->screen_name . '_' . rand(1000, 9999);
}
$password = generate_random_cleartext_password();
$name = $twitter->name;
$user = new ElggUser();
$user->username = $username;
$user->name = $name;
$user->access_id = ACCESS_PUBLIC;
$user->salt = generate_random_cleartext_password();
$user->password = generate_user_password($user, $password);
$user->owner_guid = 0;
$user->container_guid = 0;
if (!$user->save()) {
register_error(elgg_echo('registerbad'));
forward();
}
// @todo require email address?
$site_name = elgg_get_site_entity()->name;
system_message(elgg_echo('twitter_api:login:email', array($site_name)));
$forward = "settings/user/{$user->username}";
}
// set twitter services tokens
elgg_set_plugin_user_setting('twitter_name', $token['screen_name'], $user->guid);
elgg_set_plugin_user_setting('access_key', $token['oauth_token'], $user->guid);
elgg_set_plugin_user_setting('access_secret', $token['oauth_token_secret'], $user->guid);
// pull in Twitter icon
twitter_api_update_user_avatar($user, $twitter->profile_image_url);
// login new user
if (login($user)) {
system_message(elgg_echo('twitter_api:login:success'));
// trigger login hook for new user
elgg_trigger_plugin_hook('first_login', 'twitter_api', array('user' => $user));
} else {
system_message(elgg_echo('twitter_api:login:error'));
}
forward($forward, 'twitter_api');
}
// register login error
register_error(elgg_echo('twitter_api:login:error'));
forward();
}
/**
* Hook into the PAM system which accepts a username and password and attempts to authenticate
* it against a known user.
*
* @param array $credentials Associated array of credentials passed to pam_authenticate. This function expects
* 'username' and 'password' (cleartext).
*/
function pam_auth_userpass($credentials = NULL)
{
$max_in_period = 3;
// max 3 login attempts in
$period_length = 5;
// 5 minutes
$periods = array();
if (is_array($credentials) && $credentials['username'] && $credentials['password']) {
//$dbpassword = md5($credentials['password']);
if ($user = get_user_by_username($credentials['username'])) {
// Let admins log in without validating their email, but normal users must have validated their email or been admin created
if (!$user->admin && !$user->validated && !$user->admin_created) {
return false;
}
// User has been banned, so bin them.
if ($user->isBanned()) {
return false;
}
if ($user->password == generate_user_password($user, $credentials['password'])) {
return true;
} else {
// Password failed, log.
log_login_failure($user->guid);
}
}
}
return false;
}
function method_resetPassword($params, $error)
{
if (!$this->is_loggedin()) {
return array("err" => SESSION_ERROR);
}
if (!$this->is_admin()) {
return array("err" => ADMIN_ERROR);
}
$ids = $params[0];
$msg = array();
if (is_array($ids)) {
foreach ($ids as $id) {
$obj = westorElggMan_get_entity($id);
if ($obj instanceof ElggUser) {
$password = generate_random_cleartext_password();
$obj->salt = generate_random_cleartext_password();
// Reset the salt
$obj->password = generate_user_password($obj, $password);
if ($obj->save()) {
system_message(elgg_echo('admin:user:resetpassword:yes'));
$msg["yes"][] = $obj->username;
notify_user($obj->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), sprintf(elgg_echo('email:resetpassword:body'), $obj->username, $password), null, 'email');
} else {
$msg["no"][] = $obj->username;
}
}
}
}
return array("msg" => $this->createAnswerStr($msg));
}