1 files changed, 18 insertions, 20 deletions

diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 97a05e2e8..e3d5ce9cd 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -87,6 +87,9 @@ function elgg_is_admin_logged_in() {
  */
 function elgg_is_admin_user($user_guid) {
 	global $CONFIG;
+
+	$user_guid = (int)$user_guid;
+
 	// cannot use magic metadata here because of recursion
 
 	// must support the old way of getting admin from metadata
@@ -127,6 +130,10 @@ function elgg_is_admin_user($user_guid) {
 /**
  * Perform user authentication with a given username and password.
  *
+ * @warning This returns an error message on failure. Use the identical operator to check
+ * for access: if (true === elgg_authenticate()) { ... }.
+ *
+ *
  * @see login
  *
  * @param string $username The username
@@ -282,8 +289,6 @@ function check_rate_limit_exceeded($user_guid) {
  * @throws LoginException
  */
 function login(ElggUser $user, $persistent = false) {
-	global $CONFIG;
-
 	// User is banned, return false.
 	if ($user->isBanned()) {
 		throw new LoginException(elgg_echo('LoginException:BannedUser'));
@@ -321,6 +326,12 @@ function login(ElggUser $user, $persistent = false) {
 	set_last_login($_SESSION['guid']);
 	reset_login_failure_count($user->guid); // Reset any previous failed login attempts
 
+	// if memcache is enabled, invalidate the user in memcache @see https://github.com/Elgg/Elgg/issues/3143
+	if (is_memcache_available()) {
+		// this needs to happen with a shutdown function because of the timing with set_last_login()
+		register_shutdown_function("_elgg_invalidate_memcache_for_entity", $_SESSION['guid']);
+	}
+	
 	return true;
 }
 
@@ -330,8 +341,6 @@ function login(ElggUser $user, $persistent = false) {
  * @return bool
  */
 function logout() {
-	global $CONFIG;
-
 	if (isset($_SESSION['user'])) {
 		if (!elgg_trigger_event('logout', 'user', $_SESSION['user'])) {
 			return false;
@@ -355,7 +364,7 @@ function logout() {
 	session_destroy();
 
 	// starting a default session to store any post-logout messages.
-	session_init(NULL, NULL, NULL);
+	_elgg_session_boot(NULL, NULL, NULL);
 	$_SESSION['msg'] = $old_msg;
 
 	return TRUE;
@@ -372,14 +381,10 @@ function logout() {
  *
  * @uses $_SESSION
  *
- * @param string $event       Event name
- * @param string $object_type Object type
- * @param mixed  $object      Object
- *
  * @return bool
  * @access private
  */
-function session_init($event, $object_type, $object) {
+function _elgg_session_boot() {
 	global $DB_PREFIX, $CONFIG;
 
 	// Use database for sessions
@@ -444,8 +449,8 @@ function session_init($event, $object_type, $object) {
 		set_last_action($_SESSION['guid']);
 	}
 
-	elgg_register_action("login", '', 'public');
-	elgg_register_action("logout");
+	elgg_register_action('login', '', 'public');
+	elgg_register_action('logout');
 
 	// Register a default PAM handler
 	register_pam_handler('pam_auth_userpass');
@@ -460,9 +465,6 @@ function session_init($event, $object_type, $object) {
 		return false;
 	}
 
-	// Since we have loaded a new user, this user may have different language preferences
-	register_translations(dirname(dirname(dirname(__FILE__))) . "/languages/");
-
 	return true;
 }
 
@@ -619,10 +621,8 @@ function _elgg_session_destroy($id) {
 		global $sess_save_path;
 
 		$sess_file = "$sess_save_path/sess_$id";
-		return(@unlink($sess_file));
+		return @unlink($sess_file);
 	}
-
-	return false;
 }
 
 /**
@@ -654,5 +654,3 @@ function _elgg_session_gc($maxlifetime) {
 
 	return true;
 }
-
-elgg_register_event_handler("boot", "system", "session_init", 20);