aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/sessions.php
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib/sessions.php')
-rw-r--r--engine/lib/sessions.php83
1 files changed, 42 insertions, 41 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index fdc6d1806..f4b1fc69b 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -92,17 +92,17 @@ class ElggSession implements ArrayAccess {
return true;
}
}
-
-
+
+
// Alias functions
function get($key) {
return $this->offsetGet($key);
}
-
+
function set($key, $value) {
return $this->offsetSet($key, $value);
}
-
+
function del($key) {
return $this->offsetUnset($key);
}
@@ -166,16 +166,16 @@ function isloggedin() {
*/
function isadminloggedin() {
if (!is_installed()) {
- return false;
+ return FALSE;
}
$user = get_loggedin_user();
- if ((isloggedin()) && (($user->admin || $user->siteadmin))) {
- return true;
+ if ((isloggedin()) && $user->isAdmin()) {
+ return TRUE;
}
- return false;
+ return FALSE;
}
/**
@@ -187,40 +187,41 @@ function isadminloggedin() {
*/
function elgg_is_admin_user($user_guid) {
global $CONFIG;
-
- // cannot use metadata here because of recursion
-
- // caching is done at the db level so no need to here.
- $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as e,
- {$CONFIG->dbprefix}metastrings as ms1,
- {$CONFIG->dbprefix}metastrings as ms2,
- {$CONFIG->dbprefix}metadata as md
- WHERE (
- (
- (ms1.string = 'admin' AND ms2.string = 'yes')
- OR (ms1.string = 'admin' AND ms2.string = '1')
- )
- AND md.name_id = ms1.id AND md.value_id = ms2.id
- AND e.guid = md.entity_guid
- AND e.guid = {$user_guid}
- AND e.banned = 'no'
+ // cannot use magic metadata here because of recursion
+
+ // must support the old way of getting admin from metadata
+ // in order to run the upgrade to move it into the users table.
+ $version = (int) datalist_get('version');
+
+ if ($version < 2010040201) {
+ $admin = get_metastring_id('admin');
+ $yes = get_metastring_id('yes');
+ $one = get_metastring_id('1');
+
+ $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as e,
+ {$CONFIG->dbprefix}metadata as md
+ WHERE (
+ md.name_id = '$admin'
+ AND md.value_id IN ('$yes', '$one')
+ AND e.guid = md.entity_guid
+ AND e.guid = {$user_guid}
+ AND e.banned = 'no'
)";
-// OR (
-// ms1.string = 'admin' AND ms2.string = '1'
-// AND md.name_id = ms1.id AND md.value_id = ms2.id
-// AND e.guid = md.entity_guid
-// AND e.guid = {$user_guid}
-// AND e.banned = 'no'
-// )";
-
+ } else {
+ $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as e
+ WHERE (
+ e.guid = {$user_guid}
+ AND e.admin = 'yes'
+ )";
+ }
// normalizing the results from get_data()
// See #1242
$info = get_data($query);
- if (!((is_array($info) && count($info) < 1) || $info === false)) {
- return true;
+ if (!((is_array($info) && count($info) < 1) || $info === FALSE)) {
+ return TRUE;
}
- return false;
+ return FALSE;
}
/**
@@ -254,7 +255,7 @@ function pam_auth_userpass($credentials = NULL) {
if ($user = get_user_by_username($credentials['username'])) {
// Let admins log in without validating their email, but normal users must have validated their email or been admin created
- if ((!$user->admin) && (!$user->validated) && (!$user->admin_created)) {
+ if ((!$user->isAdmin()) && (!$user->validated) && (!$user->admin_created)) {
return false;
}
@@ -335,7 +336,7 @@ function reset_login_failure_count($user_guid) {
* @return bool on exceeded limit.
*/
function check_rate_limit_exceeded($user_guid) {
- // 5 failures in 5 minutes causes temporary block on logins
+ // 5 failures in 5 minutes causes temporary block on logins
$limit = 5;
$user_guid = (int)$user_guid;
$user = get_entity($user_guid);
@@ -434,7 +435,7 @@ function login(ElggUser $user, $persistent = false) {
function logout() {
global $CONFIG;
- if (isset($_SESSION['user'])) {
+ if (isset($_SESSION['user'])) {
if (!trigger_elgg_event('logout','user',$_SESSION['user'])) {
return false;
}
@@ -532,7 +533,7 @@ function session_init($event, $object_type, $object) {
unset($_SESSION['id']);
unset($_SESSION['guid']);
unset($_SESSION['code']);
-
+
// is there a remember me cookie
if (isset($_COOKIE['elggperm'])) {
// we have a cookie, so try to log the user in
@@ -545,7 +546,7 @@ function session_init($event, $object_type, $object) {
$_SESSION['guid'] = $_SESSION['id'];
$_SESSION['code'] = $_COOKIE['elggperm'];
}
- }
+ }
} else {
// we have a session and we have already checked the fingerprint
// reload the user object from database in case it has changed during the session