aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/sessions.php
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib/sessions.php')
-rw-r--r--engine/lib/sessions.php49
1 files changed, 28 insertions, 21 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index ae42956a9..e3d5ce9cd 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -87,6 +87,9 @@ function elgg_is_admin_logged_in() {
*/
function elgg_is_admin_user($user_guid) {
global $CONFIG;
+
+ $user_guid = (int)$user_guid;
+
// cannot use magic metadata here because of recursion
// must support the old way of getting admin from metadata
@@ -127,12 +130,17 @@ function elgg_is_admin_user($user_guid) {
/**
* Perform user authentication with a given username and password.
*
+ * @warning This returns an error message on failure. Use the identical operator to check
+ * for access: if (true === elgg_authenticate()) { ... }.
+ *
+ *
* @see login
*
* @param string $username The username
* @param string $password The password
*
* @return true|string True or an error message on failure
+ * @access private
*/
function elgg_authenticate($username, $password) {
$pam = new ElggPAM('user');
@@ -154,6 +162,7 @@ function elgg_authenticate($username, $password) {
*
* @return bool
* @throws LoginException
+ * @access private
*/
function pam_auth_userpass(array $credentials = array()) {
@@ -183,7 +192,7 @@ function pam_auth_userpass(array $credentials = array()) {
*
* @param int $user_guid User GUID
*
- * @return bool on success
+ * @return bool
*/
function log_login_failure($user_guid) {
$user_guid = (int)$user_guid;
@@ -280,8 +289,6 @@ function check_rate_limit_exceeded($user_guid) {
* @throws LoginException
*/
function login(ElggUser $user, $persistent = false) {
- global $CONFIG;
-
// User is banned, return false.
if ($user->isBanned()) {
throw new LoginException(elgg_echo('LoginException:BannedUser'));
@@ -319,6 +326,12 @@ function login(ElggUser $user, $persistent = false) {
set_last_login($_SESSION['guid']);
reset_login_failure_count($user->guid); // Reset any previous failed login attempts
+ // if memcache is enabled, invalidate the user in memcache @see https://github.com/Elgg/Elgg/issues/3143
+ if (is_memcache_available()) {
+ // this needs to happen with a shutdown function because of the timing with set_last_login()
+ register_shutdown_function("_elgg_invalidate_memcache_for_entity", $_SESSION['guid']);
+ }
+
return true;
}
@@ -328,8 +341,6 @@ function login(ElggUser $user, $persistent = false) {
* @return bool
*/
function logout() {
- global $CONFIG;
-
if (isset($_SESSION['user'])) {
if (!elgg_trigger_event('logout', 'user', $_SESSION['user'])) {
return false;
@@ -353,7 +364,7 @@ function logout() {
session_destroy();
// starting a default session to store any post-logout messages.
- session_init(NULL, NULL, NULL);
+ _elgg_session_boot(NULL, NULL, NULL);
$_SESSION['msg'] = $old_msg;
return TRUE;
@@ -370,13 +381,10 @@ function logout() {
*
* @uses $_SESSION
*
- * @param string $event Event name
- * @param string $object_type Object type
- * @param mixed $object Object
- *
* @return bool
+ * @access private
*/
-function session_init($event, $object_type, $object) {
+function _elgg_session_boot() {
global $DB_PREFIX, $CONFIG;
// Use database for sessions
@@ -441,8 +449,8 @@ function session_init($event, $object_type, $object) {
set_last_action($_SESSION['guid']);
}
- elgg_register_action("login", '', 'public');
- elgg_register_action("logout");
+ elgg_register_action('login', '', 'public');
+ elgg_register_action('logout');
// Register a default PAM handler
register_pam_handler('pam_auth_userpass');
@@ -457,9 +465,6 @@ function session_init($event, $object_type, $object) {
return false;
}
- // Since we have loaded a new user, this user may have different language preferences
- register_translations(dirname(dirname(dirname(__FILE__))) . "/languages/");
-
return true;
}
@@ -499,6 +504,7 @@ function admin_gatekeeper() {
*
* @return true
* @todo Document
+ * @access private
*/
function _elgg_session_open($save_path, $session_name) {
global $sess_save_path;
@@ -514,6 +520,7 @@ function _elgg_session_open($save_path, $session_name) {
* @todo document
*
* @return true
+ * @access private
*/
function _elgg_session_close() {
return true;
@@ -525,6 +532,7 @@ function _elgg_session_close() {
* @param string $id The session ID
*
* @return string
+ * @access private
*/
function _elgg_session_read($id) {
global $DB_PREFIX;
@@ -558,6 +566,7 @@ function _elgg_session_read($id) {
* @param mixed $sess_data Session data
*
* @return bool
+ * @access private
*/
function _elgg_session_write($id, $sess_data) {
global $DB_PREFIX;
@@ -597,6 +606,7 @@ function _elgg_session_write($id, $sess_data) {
* @param string $id Session ID
*
* @return bool
+ * @access private
*/
function _elgg_session_destroy($id) {
global $DB_PREFIX;
@@ -611,10 +621,8 @@ function _elgg_session_destroy($id) {
global $sess_save_path;
$sess_file = "$sess_save_path/sess_$id";
- return(@unlink($sess_file));
+ return @unlink($sess_file);
}
-
- return false;
}
/**
@@ -623,6 +631,7 @@ function _elgg_session_destroy($id) {
* @param int $maxlifetime Max age of a session
*
* @return bool
+ * @access private
*/
function _elgg_session_gc($maxlifetime) {
global $DB_PREFIX;
@@ -645,5 +654,3 @@ function _elgg_session_gc($maxlifetime) {
return true;
}
-
-elgg_register_event_handler("boot", "system", "session_init", 20);
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-13 10:20:31 +0000