Revamped the login functions to separate login from authentication.

git-svn-id: https://code.elgg.org/elgg/trunk@728 36083f99-b078-4883-b0ff-0f9b5a30f544

2 files changed, 51 insertions, 48 deletions

diff --git a/actions/login.php b/actions/login.php
index e79799a30..1a47dcb51 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -17,9 +17,12 @@
         $password = get_input("password");

         $persistent = get_input("persistent");

         

-    // If all is present and correct, try to log in            

+    // If all is present and correct, try to log in  

+    	$result = false;          

         if (!empty($username) && !empty($password)) {

-            $result = login($username, $password, $persistent);

+        	if ($user = authenticate($username,$password)) {

+        		$result = login($user, $persistent);

+        	}

         }

         

     // Set the system_message as appropriate

diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index cb3afc00a..ee6bb5c38 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -27,64 +27,64 @@
 		}

 		

 	/**

-	 * Allows the user to log in.

+	 * Perform standard authentication with a given username and password.

+	 * Returns an ElggUser object for use with login.

 	 *

-	 * This function can be extended with the 'user''login' plugin hook;

-	 * any extension functions must return a user object. The extension function

-	 * will be given any parameters to login() as an array.

-	 * 

+	 * @see login

 	 * @param string $username The username, optionally (for standard logins)

 	 * @param string $password The password, optionally (for standard logins)

-	 * @param true|false $persistent Should the login be persistent?

-	 * @return true|false Whether login was successful

+	 * @return ElggUser|false The authenticated user object, or false on failure.

 	 */

-		function login($username = "", $password = "", $persistent = false) {

-            

-            global $CONFIG;

-            

-            if ($user = trigger_plugin_hook('login','user',func_get_args(),false)) {

-            	trigger_event('login','user',$user);

-				return true;

-            }

+		

+		function authenticate($username, $password) {

             

             $dbpassword = md5($password);

             

             if ($user = get_user_by_username($username)) {

                  if ($user->password == $dbpassword) {

-

-                 	 if (!trigger_event('login','user',$user)) return false;

-                 	

-                 	 $_SESSION['user'] = $user;

-                     $_SESSION['guid'] = $user->getGUID();

-                     $_SESSION['id'] = $_SESSION['guid'];

-                     $_SESSION['username'] = $user->username;

-                     $_SESSION['name'] = $user->name;

-                     

-                     $code = (md5($user->name . $user->username . time() . rand()));

-                     // update_data("update {$CONFIG->dbprefix}users set code = '".md5($code)."' where id = {$user->id}");

-                     $user->code = md5($code);

-                     $user->save();

-                     

-                     //$code = md5($code);    // This is a deliberate re-MD5-ing

+                 	// return login($user,$persisten);

+                 	return $user;

+                 }

+            }

+            

+            return false;

+			

+		}

+		

+	/**

+	 * Logs in a specified ElggUser. For standard registration, use in conjunction

+	 * with authenticate.

+	 * 

+	 * @see authenticate

+	 * @param ElggUser $user A valid Elgg user object

+	 * @param boolean $persistent Should this be a persistent login?

+	 * @return true|false Whether login was successful

+	 */

+		function login(ElggUser $user, $persistent = false) {

+            

+            global $CONFIG;

+            

+            if (!trigger_event('login','user',$user)) return false;

+                 

+            $_SESSION['user'] = $user;

+            $_SESSION['guid'] = $user->getGUID();

+            $_SESSION['id'] = $_SESSION['guid'];

+            $_SESSION['username'] = $user->username;

+            $_SESSION['name'] = $user->name;

                      

-                     $_SESSION['code'] = $code;

-                     //if (!empty($persistent)) {

-                         

-                         setcookie("elggperm", $code, (time()+(86400 * 30)),"/");

-                         

-

-                     //}

-                     // set_login_fields($user->id);

+            $code = (md5($user->name . $user->username . time() . rand()));

 

+            $user->code = md5($code);

+            if (!$user->save())

+            	return false;

                      

-                 }

-                 

-                 return true;

-             } else {

-                 return false;

-             }

-            

-        }

+            $_SESSION['code'] = $code;

+            if (($persistent))

+				setcookie("elggperm", $code, (time()+(86400 * 30)),"/");

+

+			return true;

+				

+		}

         

 	/**

 	 * Log the current user out