aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/sessions.php
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib/sessions.php')
-rw-r--r--engine/lib/sessions.php384
1 files changed, 192 insertions, 192 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index fd569a0e1..18fb9e73c 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -1,19 +1,19 @@
-<?php
-
- /**
- * Elgg session management
- * Functions to manage logins
- *
- * @package Elgg
- * @subpackage Core
+<?php
- * @author Curverider Ltd
+ /**
+ * Elgg session management
+ * Functions to manage logins
+ *
+ * @package Elgg
+ * @subpackage Core
+
+ * @author Curverider Ltd
- * @link http://elgg.org/
+ * @link http://elgg.org/
*/
/** Elgg magic session */
- global $SESSION;
+ global $SESSION;
/**
* Magic session class.
@@ -99,9 +99,9 @@
{
global $SESSION;
- if (isset($SESSION))
- return $SESSION['user'];
-
+ if (isset($SESSION))
+ return $SESSION['user'];
+
return false;
}
@@ -119,24 +119,24 @@
return 0;
}
-
- /**
- * Returns whether or not the user is currently logged in
- *
- * @return true|false
- */
- function isloggedin() {
-
+
+ /**
+ * Returns whether or not the user is currently logged in
+ *
+ * @return true|false
+ */
+ function isloggedin() {
+
if (!is_installed()) return false;
$user = get_loggedin_user();
-
- if ((isset($user)) && ($user instanceof ElggUser) && ($user->guid > 0))
+
+ if ((isset($user)) && ($user instanceof ElggUser) && ($user->guid > 0))
return true;
-
- return false;
-
- }
+
+ return false;
+
+ }
/**
* Returns whether or not the user is currently logged in and that they are an admin user.
@@ -155,24 +155,24 @@
return false;
}
-
- /**
- * Perform standard authentication with a given username and password.
- * Returns an ElggUser object for use with login.
- *
- * @see login
- * @param string $username The username, optionally (for standard logins)
- * @param string $password The password, optionally (for standard logins)
- * @return ElggUser|false The authenticated user object, or false on failure.
- */
-
- function authenticate($username, $password) {
+
+ /**
+ * Perform standard authentication with a given username and password.
+ * Returns an ElggUser object for use with login.
+ *
+ * @see login
+ * @param string $username The username, optionally (for standard logins)
+ * @param string $password The password, optionally (for standard logins)
+ * @return ElggUser|false The authenticated user object, or false on failure.
+ */
+
+ function authenticate($username, $password) {
if (pam_authenticate(array('username' => $username, 'password' => $password)))
- return get_user_by_username($username);
-
- return false;
-
+ return get_user_by_username($username);
+
+ return false;
+
}
/**
@@ -198,9 +198,9 @@
// Let admins log in without validating their email, but normal users must have validated their email or been admin created
if ((!$user->admin) && (!$user->validated) && (!$user->admin_created))
return false;
-
- // User has been banned, so bin them.
- if ($user->isBanned()) return false;
+
+ // User has been banned, so bin them.
+ if ($user->isBanned()) return false;
if ($user->password == generate_user_password($user, $credentials['password']))
@@ -274,52 +274,52 @@
}
return false;
- }
-
- /**
- * Logs in a specified ElggUser. For standard registration, use in conjunction
- * with authenticate.
- *
- * @see authenticate
- * @param ElggUser $user A valid Elgg user object
- * @param boolean $persistent Should this be a persistent login?
- * @return true|false Whether login was successful
- */
- function login(ElggUser $user, $persistent = false) {
-
+ }
+
+ /**
+ * Logs in a specified ElggUser. For standard registration, use in conjunction
+ * with authenticate.
+ *
+ * @see authenticate
+ * @param ElggUser $user A valid Elgg user object
+ * @param boolean $persistent Should this be a persistent login?
+ * @return true|false Whether login was successful
+ */
+ function login(ElggUser $user, $persistent = false) {
+
global $CONFIG;
if ($user->isBanned()) return false; // User is banned, return false.
if (check_rate_limit_exceeded($user->guid)) return false; // Check rate limit
-
- $_SESSION['user'] = $user;
- $_SESSION['guid'] = $user->getGUID();
- $_SESSION['id'] = $_SESSION['guid'];
- $_SESSION['username'] = $user->username;
- $_SESSION['name'] = $user->name;
-
- $code = (md5($user->name . $user->username . time() . rand()));
-
- $user->code = md5($code);
-
- $_SESSION['code'] = $code;
-
- if (($persistent))
- setcookie("elggperm", $code, (time()+(86400 * 30)),"/");
-
- if (!$user->save() || !trigger_elgg_event('login','user',$user)) {
- unset($_SESSION['username']);
- unset($_SESSION['name']);
- unset($_SESSION['code']);
- unset($_SESSION['guid']);
- unset($_SESSION['id']);
- unset($_SESSION['user']);
- setcookie("elggperm", "", (time()-(86400 * 30)),"/");
- return false;
+
+ $_SESSION['user'] = $user;
+ $_SESSION['guid'] = $user->getGUID();
+ $_SESSION['id'] = $_SESSION['guid'];
+ $_SESSION['username'] = $user->username;
+ $_SESSION['name'] = $user->name;
+
+ $code = (md5($user->name . $user->username . time() . rand()));
+
+ $user->code = md5($code);
+
+ $_SESSION['code'] = $code;
+
+ if (($persistent))
+ setcookie("elggperm", $code, (time()+(86400 * 30)),"/");
+
+ if (!$user->save() || !trigger_elgg_event('login','user',$user)) {
+ unset($_SESSION['username']);
+ unset($_SESSION['name']);
+ unset($_SESSION['code']);
+ unset($_SESSION['guid']);
+ unset($_SESSION['id']);
+ unset($_SESSION['user']);
+ setcookie("elggperm", "", (time()-(86400 * 30)),"/");
+ return false;
}
// Users privilege has been elevated, so change the session id (help prevent session hijacking)
- session_regenerate_id();
+ session_regenerate_id();
// Update statistics
set_last_login($_SESSION['guid']);
@@ -330,37 +330,37 @@
global $is_admin;
$is_admin = true;
}
-
- return true;
-
- }
-
- /**
- * Log the current user out
- *
- * @return true|false
- */
- function logout() {
- global $CONFIG;
-
- if (isset($_SESSION['user'])) {
- if (!trigger_elgg_event('logout','user',$_SESSION['user'])) return false;
- $_SESSION['user']->code = "";
- $_SESSION['user']->save();
+
+ return true;
+
+ }
+
+ /**
+ * Log the current user out
+ *
+ * @return true|false
+ */
+ function logout() {
+ global $CONFIG;
+
+ if (isset($_SESSION['user'])) {
+ if (!trigger_elgg_event('logout','user',$_SESSION['user'])) return false;
+ $_SESSION['user']->code = "";
+ $_SESSION['user']->save();
}
-
- unset($_SESSION['username']);
- unset($_SESSION['name']);
- unset($_SESSION['code']);
- unset($_SESSION['guid']);
- unset($_SESSION['id']);
- unset($_SESSION['user']);
-
+
+ unset($_SESSION['username']);
+ unset($_SESSION['name']);
+ unset($_SESSION['code']);
+ unset($_SESSION['guid']);
+ unset($_SESSION['id']);
+ unset($_SESSION['user']);
+
setcookie("elggperm", "", (time()-(86400 * 30)),"/");
- session_destroy();
-
- return true;
+ session_destroy();
+
+ return true;
}
function get_session_fingerprint()
@@ -368,33 +368,33 @@
global $CONFIG;
return md5($_SERVER['HTTP_USER_AGENT'] . get_site_secret());
- }
-
- /**
- * Initialises the system session and potentially logs the user in
- *
- * This function looks for:
- *
- * 1. $_SESSION['id'] - if not present, we're logged out, and this is set to 0
- * 2. The cookie 'elggperm' - if present, checks it for an authentication token, validates it, and potentially logs the user in
- *
- * @uses $_SESSION
- * @param unknown_type $event
- * @param unknown_type $object_type
- * @param unknown_type $object
- */
- function session_init($event, $object_type, $object) {
+ }
+
+ /**
+ * Initialises the system session and potentially logs the user in
+ *
+ * This function looks for:
+ *
+ * 1. $_SESSION['id'] - if not present, we're logged out, and this is set to 0
+ * 2. The cookie 'elggperm' - if present, checks it for an authentication token, validates it, and potentially logs the user in
+ *
+ * @uses $_SESSION
+ * @param unknown_type $event
+ * @param unknown_type $object_type
+ * @param unknown_type $object
+ */
+ function session_init($event, $object_type, $object) {
global $DB_PREFIX, $CONFIG;
-
+
if (!is_db_installed()) return false;
// Use database for sessions
$DB_PREFIX = $CONFIG->dbprefix; // HACK to allow access to prefix after object distruction
if ((!isset($CONFIG->use_file_sessions)))
session_set_save_handler("__elgg_session_open", "__elgg_session_close", "__elgg_session_read", "__elgg_session_write", "__elgg_session_destroy", "__elgg_session_gc");
-
- session_name('Elgg');
+
+ session_name('Elgg');
session_start();
// Do some sanity checking by generating a fingerprint (makes some XSS attacks harder)
@@ -413,50 +413,50 @@
// Generate a simple token (private from potentially public session id)
if (!isset($_SESSION['__elgg_session'])) $_SESSION['__elgg_session'] = md5(microtime().rand());
-
- if (empty($_SESSION['guid'])) {
- if (isset($_COOKIE['elggperm'])) {
- $code = $_COOKIE['elggperm'];
- $code = md5($code);
- unset($_SESSION['guid']);//$_SESSION['guid'] = 0;
- unset($_SESSION['id']);//$_SESSION['id'] = 0;
- if ($user = get_user_by_code($code)) {
- $_SESSION['user'] = $user;
- $_SESSION['id'] = $user->getGUID();
- $_SESSION['guid'] = $_SESSION['id'];
- $_SESSION['code'] = $_COOKIE['elggperm'];
- }
+
+ if (empty($_SESSION['guid'])) {
+ if (isset($_COOKIE['elggperm'])) {
+ $code = $_COOKIE['elggperm'];
+ $code = md5($code);
+ unset($_SESSION['guid']);//$_SESSION['guid'] = 0;
+ unset($_SESSION['id']);//$_SESSION['id'] = 0;
+ if ($user = get_user_by_code($code)) {
+ $_SESSION['user'] = $user;
+ $_SESSION['id'] = $user->getGUID();
+ $_SESSION['guid'] = $_SESSION['id'];
+ $_SESSION['code'] = $_COOKIE['elggperm'];
+ }
} else {
- unset($_SESSION['id']); //$_SESSION['id'] = 0;
+ unset($_SESSION['id']); //$_SESSION['id'] = 0;
unset($_SESSION['guid']);//$_SESSION['guid'] = 0;
- unset($_SESSION['code']);//$_SESSION['code'] = "";
- }
- } else {
- if (!empty($_SESSION['code'])) {
- $code = md5($_SESSION['code']);
- if ($user = get_user_by_code($code)) {
+ unset($_SESSION['code']);//$_SESSION['code'] = "";
+ }
+ } else {
+ if (!empty($_SESSION['code'])) {
+ $code = md5($_SESSION['code']);
+ if ($user = get_user_by_code($code)) {
$_SESSION['user'] = $user;
$_SESSION['id'] = $user->getGUID();
- $_SESSION['guid'] = $_SESSION['id'];
- } else {
- unset($_SESSION['user']);
+ $_SESSION['guid'] = $_SESSION['id'];
+ } else {
+ unset($_SESSION['user']);
unset($_SESSION['id']); //$_SESSION['id'] = 0;
unset($_SESSION['guid']);//$_SESSION['guid'] = 0;
- unset($_SESSION['code']);//$_SESSION['code'] = "";
- }
+ unset($_SESSION['code']);//$_SESSION['code'] = "";
+ }
} else {
- //$_SESSION['user'] = new ElggDummy();
+ //$_SESSION['user'] = new ElggDummy();
unset($_SESSION['id']); //$_SESSION['id'] = 0;
unset($_SESSION['guid']);//$_SESSION['guid'] = 0;
- unset($_SESSION['code']);//$_SESSION['code'] = "";
- }
- }
- if ($_SESSION['id'] > 0) {
- set_last_action($_SESSION['id']);
- }
-
- register_action("login",true);
- register_action("logout");
+ unset($_SESSION['code']);//$_SESSION['code'] = "";
+ }
+ }
+ if ($_SESSION['id'] > 0) {
+ set_last_action($_SESSION['id']);
+ }
+
+ register_action("login",true);
+ register_action("logout");
// Register a default PAM handler
register_pam_handler('pam_auth_userpass');
@@ -470,24 +470,24 @@
{
session_destroy();
return false;
- }
-
- // Since we have loaded a new user, this user may have different language preferences
+ }
+
+ // Since we have loaded a new user, this user may have different language preferences
register_translations(dirname(dirname(dirname(__FILE__))) . "/languages/");
-
- return true;
-
+
+ return true;
+
}
-
- /**
- * Used at the top of a page to mark it as logged in users only.
- *
- */
- function gatekeeper() {
- if (!isloggedin()) {
- $_SESSION['last_forward_from'] = current_page_url();
- forward();
- }
+
+ /**
+ * Used at the top of a page to mark it as logged in users only.
+ *
+ */
+ function gatekeeper() {
+ if (!isloggedin()) {
+ $_SESSION['last_forward_from'] = current_page_url();
+ forward();
+ }
}
/**
@@ -497,11 +497,11 @@
function admin_gatekeeper()
{
gatekeeper();
- if (!isadminloggedin()) {
- $_SESSION['last_forward_from'] = current_page_url();
- forward();
+ if (!isadminloggedin()) {
+ $_SESSION['last_forward_from'] = current_page_url();
+ forward();
}
- }
+ }
/**
* DB Based session handling code.
@@ -627,8 +627,8 @@
return true;
}
-
- register_elgg_event_handler("boot","system","session_init",20);
-
-
+
+ register_elgg_event_handler("boot","system","session_init",20);
+
+
?> \ No newline at end of file