Fixes #617, #2271 User validation removed from core to UserValidationByEmail plugin. Without a validation plugin, users can login immediately.

Fixes #2243 Removed "You have validated your email" email. Users are logged in immediately after registration or validating email.
Refs #2409 Added register, user plugin hook that is called only on self registration. Can be used to halt registration.


git-svn-id: http://code.elgg.org/elgg/trunk@6983 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 35 insertions, 39 deletions

diff --git a/actions/login.php b/actions/login.php
index ef6b0b898..0063a1f08 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -2,37 +2,37 @@
 /**
  * Elgg login action
  *
- * @package Elgg
- * @subpackage Core
- * @author Curverider Ltd
- * @link http://elgg.org/
+ * @package Elgg.Core
+ * @subpackage User.Authentication
  */
 
-// Get username and password
 $username = get_input('username');
 $password = get_input("password");
-$persistent = get_input("persistent", false);
+$persistent = get_input("persistent", FALSE);
+$result = FALSE;
 
-// If all is present and correct, try to log in
-$result = false;
-if (!empty($username) && !empty($password)) {
-	// check first if this is an email address and do a login
-	// email addies will be validated
-	if (strpos($username, '@') !== FALSE && ($user=get_user_by_email($username))) {
-		$username = $user[0]->username;
-	}
+if (empty($username) || empty($password)) {
+	register_error(elgg_echo('loginerror'));
+	forward();
+}
 
-	if ($user = authenticate($username, $password)) {
-		$result = login($user, $persistent);
-	}
+// check first if logging in with email address
+if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
+	$username = $users[0]->username;
 }
 
-// Set the system_message as appropriate
+if ($user = authenticate($username, $password)) {
+	$result = login($user, $persistent);
+}
+
+// forward to correct page
 if ($result) {
 	system_message(elgg_echo('loginok'));
+
 	if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) {
 		$forward_url = $_SESSION['last_forward_from'];
 		unset($_SESSION['last_forward_from']);
+
 		forward($forward_url);
 	} else {
 		if (get_input('returntoreferer')) {
@@ -44,25 +44,21 @@ if ($result) {
 		}
 	}
 } else {
-	$error_msg = elgg_echo('loginerror');
-	// figure out why the login failed
-	if (!empty($username) && !empty($password)) {
-		// See if it exists and is disabled
-		$access_status = access_get_show_hidden_status();
-		access_show_hidden_entities(true);
-		if (($user = get_user_by_username($username)) && !$user->validated) {
-			// give plugins a chance to respond
-			if (!trigger_plugin_hook('unvalidated_login_attempt','user',array('entity'=>$user))) {
-				// if plugins have not registered an action, the default action is to
-				// trigger the validation event again and assume that the validation
-				// event will display an appropriate message
-				trigger_elgg_event('validate', 'user', $user);
-			}
-		} else {
-			register_error(elgg_echo('loginerror'));
-		}
-		access_show_hidden_entities($access_status);
-	} else {
-		register_error(elgg_echo('loginerror'));
-	}
+	register_error(elgg_echo('loginerror'));
+//	// let a plugin hook say why login failed or react to it.
+//	$params = array(
+//		'username' => $username,
+//		'password' => $password,
+//		'persistent' => $persistent,
+//		'user' => $user
+//	);
+//
+//	// Returning FALSE to this function will generate a standard
+//	// "Could not log you in" message.
+//	// Plugins should use this hook to provide details, and then return TRUE.
+//	if (!trigger_plugin_hook('failed_login', 'user', $params, FALSE)) {
+//		register_error(elgg_echo('loginerror'));
+//	}
 }
+
+forward(REFERRER);