aboutsummaryrefslogtreecommitdiff
path: root/actions/login.php
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-09-30 19:56:49 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-09-30 19:56:49 +0000
commitfad92747bec989fd6728eb7349c9ede4674764ff (patch)
tree6f1c6ca613dff0af2a769c6b13aa97d00cb432a9 /actions/login.php
parent9af90ffc9a20033ca9fdd9182122c01600a0867b (diff)
downloadelgg-fad92747bec989fd6728eb7349c9ede4674764ff.tar.gz
elgg-fad92747bec989fd6728eb7349c9ede4674764ff.tar.bz2
Fixes #617, #2271 User validation removed from core to UserValidationByEmail plugin. Without a validation plugin, users can login immediately.
Fixes #2243 Removed "You have validated your email" email. Users are logged in immediately after registration or validating email. Refs #2409 Added register, user plugin hook that is called only on self registration. Can be used to halt registration. git-svn-id: http://code.elgg.org/elgg/trunk@6983 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'actions/login.php')
-rw-r--r--actions/login.php74
1 files changed, 35 insertions, 39 deletions
diff --git a/actions/login.php b/actions/login.php
index ef6b0b898..0063a1f08 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -2,37 +2,37 @@
/**
* Elgg login action
*
- * @package Elgg
- * @subpackage Core
- * @author Curverider Ltd
- * @link http://elgg.org/
+ * @package Elgg.Core
+ * @subpackage User.Authentication
*/
-// Get username and password
$username = get_input('username');
$password = get_input("password");
-$persistent = get_input("persistent", false);
+$persistent = get_input("persistent", FALSE);
+$result = FALSE;
-// If all is present and correct, try to log in
-$result = false;
-if (!empty($username) && !empty($password)) {
- // check first if this is an email address and do a login
- // email addies will be validated
- if (strpos($username, '@') !== FALSE && ($user=get_user_by_email($username))) {
- $username = $user[0]->username;
- }
+if (empty($username) || empty($password)) {
+ register_error(elgg_echo('loginerror'));
+ forward();
+}
- if ($user = authenticate($username, $password)) {
- $result = login($user, $persistent);
- }
+// check first if logging in with email address
+if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
+ $username = $users[0]->username;
}
-// Set the system_message as appropriate
+if ($user = authenticate($username, $password)) {
+ $result = login($user, $persistent);
+}
+
+// forward to correct page
if ($result) {
system_message(elgg_echo('loginok'));
+
if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) {
$forward_url = $_SESSION['last_forward_from'];
unset($_SESSION['last_forward_from']);
+
forward($forward_url);
} else {
if (get_input('returntoreferer')) {
@@ -44,25 +44,21 @@ if ($result) {
}
}
} else {
- $error_msg = elgg_echo('loginerror');
- // figure out why the login failed
- if (!empty($username) && !empty($password)) {
- // See if it exists and is disabled
- $access_status = access_get_show_hidden_status();
- access_show_hidden_entities(true);
- if (($user = get_user_by_username($username)) && !$user->validated) {
- // give plugins a chance to respond
- if (!trigger_plugin_hook('unvalidated_login_attempt','user',array('entity'=>$user))) {
- // if plugins have not registered an action, the default action is to
- // trigger the validation event again and assume that the validation
- // event will display an appropriate message
- trigger_elgg_event('validate', 'user', $user);
- }
- } else {
- register_error(elgg_echo('loginerror'));
- }
- access_show_hidden_entities($access_status);
- } else {
- register_error(elgg_echo('loginerror'));
- }
+ register_error(elgg_echo('loginerror'));
+// // let a plugin hook say why login failed or react to it.
+// $params = array(
+// 'username' => $username,
+// 'password' => $password,
+// 'persistent' => $persistent,
+// 'user' => $user
+// );
+//
+// // Returning FALSE to this function will generate a standard
+// // "Could not log you in" message.
+// // Plugins should use this hook to provide details, and then return TRUE.
+// if (!trigger_plugin_hook('failed_login', 'user', $params, FALSE)) {
+// register_error(elgg_echo('loginerror'));
+// }
}
+
+forward(REFERRER);