1 files changed, 64 insertions, 77 deletions

diff --git a/actions/login.php b/actions/login.php
index f3a60af6d..bd7f91299 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -1,82 +1,69 @@
 <?php
+/**
+ * Elgg login action
+ *
+ * @package Elgg.Core
+ * @subpackage User.Authentication
+ */
 
-    /**
-	 * Elgg login action
-	 * 
-	 * @package Elgg
-	 * @subpackage Core
+// set forward url
+if (!empty($_SESSION['last_forward_from'])) {
+	$forward_url = $_SESSION['last_forward_from'];
+} elseif (get_input('returntoreferer')) {
+	$forward_url = REFERER;
+} else {
+	// forward to main index page
+	$forward_url = '';
+}
 
-	 * @author Curverider Ltd
+$username = get_input('username');
+$password = get_input('password', null, false);
+$persistent = (bool) get_input("persistent");
+$result = false;
 
-	 * @link http://elgg.org/
-	 */
-	 
-	// Safety first
-		action_gatekeeper();
+if (empty($username) || empty($password)) {
+	register_error(elgg_echo('login:empty'));
+	forward();
+}
 
-    // Get username and password
-    
-        $username = get_input('username');
-        $password = get_input("password");
-        $persistent = get_input("persistent", false);
-        
-    // If all is present and correct, try to log in  
-    	$result = false;          
-        if (!empty($username) && !empty($password)) {
-        	if ($user = authenticate($username,$password)) {
-        		$result = login($user, $persistent);
-        	}
-        }
-        
-    // Set the system_message as appropriate
-        
-        if ($result) {
-            system_message(elgg_echo('loginok'));
-            if ($_SESSION['last_forward_from'])
-            {
-            	$forward_url = $_SESSION['last_forward_from'];
-            	$_SESSION['last_forward_from'] = "";
-            	forward($forward_url);
-            }
-            else
-            {
-            	if (
-            		(isadminloggedin()) &&
-            		(!datalist_get('first_admin_login'))
-            	) 
-            	{
-            		system_message(elgg_echo('firstadminlogininstructions'));
-            		
-            		datalist_set('first_admin_login', time());
-            		
-            		forward('pg/admin/plugins');
-            	} else if (get_input('returntoreferer')) {
-            		forward($_SERVER['HTTP_REFERER']);
-            	} else
-            		forward("pg/dashboard/");
-            }
-        } else {
-        	$error_msg = elgg_echo('loginerror');
-        	// figure out why the login failed
-        	if (!empty($username) && !empty($password)) {
-        		// See if it exists and is disabled
-				$access_status = access_get_show_hidden_status();
-				access_show_hidden_entities(true);
-        		if (($user = get_user_by_username($username)) && !$user->validated) {
-        			// give plugins a chance to respond
-        			if (!trigger_plugin_hook('unvalidated_login_attempt','user',array('entity'=>$user))) {
-        				// if plugins have not registered an action, the default action is to
-        				// trigger the validation event again and assume that the validation
-        				// event will display an appropriate message
-						trigger_elgg_event('validate', 'user', $user);
-        			}
-        		} else {
-        			 register_error(elgg_echo('loginerror'));
-        		}
-        		access_show_hidden_entities($access_status);
-        	} else {
-            	register_error(elgg_echo('loginerror'));
-        	}
-        }
-      
-?>
\ No newline at end of file
+// check if logging in with email address
+if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {
+	$username = $users[0]->username;
+}
+
+$result = elgg_authenticate($username, $password);
+if ($result !== true) {
+	register_error($result);
+	forward(REFERER);
+}
+
+$user = get_user_by_username($username);
+if (!$user) {
+	register_error(elgg_echo('login:baduser'));
+	forward(REFERER);
+}
+
+try {
+	login($user, $persistent);
+	// re-register at least the core language file for users with language other than site default
+	register_translations(dirname(dirname(__FILE__)) . "/languages/");
+} catch (LoginException $e) {
+	register_error($e->getMessage());
+	forward(REFERER);
+}
+
+// elgg_echo() caches the language and does not provide a way to change the language.
+// @todo we need to use the config object to store this so that the current language
+// can be changed. Refs #4171
+if ($user->language) {
+	$message = elgg_echo('loginok', array(), $user->language);
+} else {
+	$message = elgg_echo('loginok');
+}
+
+if (isset($_SESSION['last_forward_from'])) {
+	unset($_SESSION['last_forward_from']);
+}
+
+system_message($message);
+forward($forward_url);