diff options
Diffstat (limited to 'engine/lib/sessions.php')
| -rw-r--r-- | engine/lib/sessions.php | 106 |
1 files changed, 44 insertions, 62 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 4cdc9bcce..e3d5ce9cd 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -18,9 +18,9 @@ global $SESSION; * hook - 'session:get' 'user' to give plugin authors another * way to provide user details to the ACL system without touching the session. * - * @return ElggUser|NULL + * @return ElggUser */ -function get_loggedin_user() { +function elgg_get_logged_in_user_entity() { global $SESSION; if (isset($SESSION)) { @@ -33,11 +33,11 @@ function get_loggedin_user() { /** * Return the current logged in user by id. * - * @see get_loggedin_user() + * @see elgg_get_logged_in_user_entity() * @return int */ -function get_loggedin_userid() { - $user = get_loggedin_user(); +function elgg_get_logged_in_user_guid() { + $user = elgg_get_logged_in_user_entity(); if ($user) { return $user->guid; } @@ -50,9 +50,8 @@ function get_loggedin_userid() { * * @return bool */ -function isloggedin() { - - $user = get_loggedin_user(); +function elgg_is_logged_in() { + $user = elgg_get_logged_in_user_entity(); if ((isset($user)) && ($user instanceof ElggUser) && ($user->guid > 0)) { return true; @@ -64,14 +63,12 @@ function isloggedin() { /** * Returns whether or not the user is currently logged in and that they are an admin user. * - * @uses isloggedin() * @return bool */ -function isadminloggedin() { - - $user = get_loggedin_user(); +function elgg_is_admin_logged_in() { + $user = elgg_get_logged_in_user_entity(); - if ((isloggedin()) && $user->isAdmin()) { + if ((elgg_is_logged_in()) && $user->isAdmin()) { return TRUE; } @@ -90,6 +87,9 @@ function isadminloggedin() { */ function elgg_is_admin_user($user_guid) { global $CONFIG; + + $user_guid = (int)$user_guid; + // cannot use magic metadata here because of recursion // must support the old way of getting admin from metadata @@ -130,12 +130,17 @@ function elgg_is_admin_user($user_guid) { /** * Perform user authentication with a given username and password. * + * @warning This returns an error message on failure. Use the identical operator to check + * for access: if (true === elgg_authenticate()) { ... }. + * + * * @see login * * @param string $username The username * @param string $password The password * * @return true|string True or an error message on failure + * @access private */ function elgg_authenticate($username, $password) { $pam = new ElggPAM('user'); @@ -148,28 +153,6 @@ function elgg_authenticate($username, $password) { } /** - * Perform standard authentication with a given username and password. - * Returns an ElggUser object for use with login. - * - * @see login - * - * @param string $username The username, optionally (for standard logins) - * @param string $password The password, optionally (for standard logins) - * - * @return ElggUser|false The authenticated user object, or false on failure. - */ -function authenticate($username, $password) { - elgg_deprecated_notice('authenticate() has been deprecated for elgg_authenticate()', 1.8); - $pam = new ElggPAM('user'); - $credentials = array('username' => $username, 'password' => $password); - $result = $pam->authenticate($credentials); - if ($result) { - return get_user_by_username($username); - } - return false; -} - -/** * Hook into the PAM system which accepts a username and password and attempts to authenticate * it against a known user. * @@ -179,10 +162,11 @@ function authenticate($username, $password) { * * @return bool * @throws LoginException + * @access private */ -function pam_auth_userpass($credentials = NULL) { +function pam_auth_userpass(array $credentials = array()) { - if (!is_array($credentials) && (!$credentials['username']) && (!$credentials['password'])) { + if (!isset($credentials['username']) || !isset($credentials['password'])) { return false; } @@ -198,7 +182,7 @@ function pam_auth_userpass($credentials = NULL) { if ($user->password !== generate_user_password($user, $credentials['password'])) { log_login_failure($user->guid); throw new LoginException(elgg_echo('LoginException:PasswordFailure')); - } + } return true; } @@ -208,7 +192,7 @@ function pam_auth_userpass($credentials = NULL) { * * @param int $user_guid User GUID * - * @return bool on success + * @return bool */ function log_login_failure($user_guid) { $user_guid = (int)$user_guid; @@ -305,8 +289,6 @@ function check_rate_limit_exceeded($user_guid) { * @throws LoginException */ function login(ElggUser $user, $persistent = false) { - global $CONFIG; - // User is banned, return false. if ($user->isBanned()) { throw new LoginException(elgg_echo('LoginException:BannedUser')); @@ -344,6 +326,12 @@ function login(ElggUser $user, $persistent = false) { set_last_login($_SESSION['guid']); reset_login_failure_count($user->guid); // Reset any previous failed login attempts + // if memcache is enabled, invalidate the user in memcache @see https://github.com/Elgg/Elgg/issues/3143 + if (is_memcache_available()) { + // this needs to happen with a shutdown function because of the timing with set_last_login() + register_shutdown_function("_elgg_invalidate_memcache_for_entity", $_SESSION['guid']); + } + return true; } @@ -353,8 +341,6 @@ function login(ElggUser $user, $persistent = false) { * @return bool */ function logout() { - global $CONFIG; - if (isset($_SESSION['user'])) { if (!elgg_trigger_event('logout', 'user', $_SESSION['user'])) { return false; @@ -369,7 +355,7 @@ function logout() { unset($_SESSION['guid']); unset($_SESSION['id']); unset($_SESSION['user']); - + setcookie("elggperm", "", (time() - (86400 * 30)), "/"); // pass along any messages @@ -378,7 +364,7 @@ function logout() { session_destroy(); // starting a default session to store any post-logout messages. - session_init(NULL, NULL, NULL); + _elgg_session_boot(NULL, NULL, NULL); $_SESSION['msg'] = $old_msg; return TRUE; @@ -395,13 +381,10 @@ function logout() { * * @uses $_SESSION * - * @param string $event Event name - * @param string $object_type Object type - * @param mixed $object Object - * * @return bool + * @access private */ -function session_init($event, $object_type, $object) { +function _elgg_session_boot() { global $DB_PREFIX, $CONFIG; // Use database for sessions @@ -466,8 +449,8 @@ function session_init($event, $object_type, $object) { set_last_action($_SESSION['guid']); } - elgg_register_action("login", '', 'public'); - elgg_register_action("logout"); + elgg_register_action('login', '', 'public'); + elgg_register_action('logout'); // Register a default PAM handler register_pam_handler('pam_auth_userpass'); @@ -482,9 +465,6 @@ function session_init($event, $object_type, $object) { return false; } - // Since we have loaded a new user, this user may have different language preferences - register_translations(dirname(dirname(dirname(__FILE__))) . "/languages/"); - return true; } @@ -494,7 +474,7 @@ function session_init($event, $object_type, $object) { * @return void */ function gatekeeper() { - if (!isloggedin()) { + if (!elgg_is_logged_in()) { $_SESSION['last_forward_from'] = current_page_url(); register_error(elgg_echo('loggedinrequired')); forward('', 'login'); @@ -509,7 +489,7 @@ function gatekeeper() { function admin_gatekeeper() { gatekeeper(); - if (!isadminloggedin()) { + if (!elgg_is_admin_logged_in()) { $_SESSION['last_forward_from'] = current_page_url(); register_error(elgg_echo('adminrequired')); forward('', 'admin'); @@ -524,6 +504,7 @@ function admin_gatekeeper() { * * @return true * @todo Document + * @access private */ function _elgg_session_open($save_path, $session_name) { global $sess_save_path; @@ -539,6 +520,7 @@ function _elgg_session_open($save_path, $session_name) { * @todo document * * @return true + * @access private */ function _elgg_session_close() { return true; @@ -550,6 +532,7 @@ function _elgg_session_close() { * @param string $id The session ID * * @return string + * @access private */ function _elgg_session_read($id) { global $DB_PREFIX; @@ -583,6 +566,7 @@ function _elgg_session_read($id) { * @param mixed $sess_data Session data * * @return bool + * @access private */ function _elgg_session_write($id, $sess_data) { global $DB_PREFIX; @@ -622,6 +606,7 @@ function _elgg_session_write($id, $sess_data) { * @param string $id Session ID * * @return bool + * @access private */ function _elgg_session_destroy($id) { global $DB_PREFIX; @@ -636,10 +621,8 @@ function _elgg_session_destroy($id) { global $sess_save_path; $sess_file = "$sess_save_path/sess_$id"; - return(@unlink($sess_file)); + return @unlink($sess_file); } - - return false; } /** @@ -648,6 +631,7 @@ function _elgg_session_destroy($id) { * @param int $maxlifetime Max age of a session * * @return bool + * @access private */ function _elgg_session_gc($maxlifetime) { global $DB_PREFIX; @@ -670,5 +654,3 @@ function _elgg_session_gc($maxlifetime) { return true; } - -elgg_register_event_handler("boot", "system", "session_init", 20); |