diff options
Diffstat (limited to 'engine/lib/sessions.php')
| -rw-r--r-- | engine/lib/sessions.php | 83 |
1 files changed, 42 insertions, 41 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index fdc6d1806..f4b1fc69b 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -92,17 +92,17 @@ class ElggSession implements ArrayAccess { return true; } } - - + + // Alias functions function get($key) { return $this->offsetGet($key); } - + function set($key, $value) { return $this->offsetSet($key, $value); } - + function del($key) { return $this->offsetUnset($key); } @@ -166,16 +166,16 @@ function isloggedin() { */ function isadminloggedin() { if (!is_installed()) { - return false; + return FALSE; } $user = get_loggedin_user(); - if ((isloggedin()) && (($user->admin || $user->siteadmin))) { - return true; + if ((isloggedin()) && $user->isAdmin()) { + return TRUE; } - return false; + return FALSE; } /** @@ -187,40 +187,41 @@ function isadminloggedin() { */ function elgg_is_admin_user($user_guid) { global $CONFIG; - - // cannot use metadata here because of recursion - - // caching is done at the db level so no need to here. - $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as e, - {$CONFIG->dbprefix}metastrings as ms1, - {$CONFIG->dbprefix}metastrings as ms2, - {$CONFIG->dbprefix}metadata as md - WHERE ( - ( - (ms1.string = 'admin' AND ms2.string = 'yes') - OR (ms1.string = 'admin' AND ms2.string = '1') - ) - AND md.name_id = ms1.id AND md.value_id = ms2.id - AND e.guid = md.entity_guid - AND e.guid = {$user_guid} - AND e.banned = 'no' + // cannot use magic metadata here because of recursion + + // must support the old way of getting admin from metadata + // in order to run the upgrade to move it into the users table. + $version = (int) datalist_get('version'); + + if ($version < 2010040201) { + $admin = get_metastring_id('admin'); + $yes = get_metastring_id('yes'); + $one = get_metastring_id('1'); + + $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as e, + {$CONFIG->dbprefix}metadata as md + WHERE ( + md.name_id = '$admin' + AND md.value_id IN ('$yes', '$one') + AND e.guid = md.entity_guid + AND e.guid = {$user_guid} + AND e.banned = 'no' )"; -// OR ( -// ms1.string = 'admin' AND ms2.string = '1' -// AND md.name_id = ms1.id AND md.value_id = ms2.id -// AND e.guid = md.entity_guid -// AND e.guid = {$user_guid} -// AND e.banned = 'no' -// )"; - + } else { + $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as e + WHERE ( + e.guid = {$user_guid} + AND e.admin = 'yes' + )"; + } // normalizing the results from get_data() // See #1242 $info = get_data($query); - if (!((is_array($info) && count($info) < 1) || $info === false)) { - return true; + if (!((is_array($info) && count($info) < 1) || $info === FALSE)) { + return TRUE; } - return false; + return FALSE; } /** @@ -254,7 +255,7 @@ function pam_auth_userpass($credentials = NULL) { if ($user = get_user_by_username($credentials['username'])) { // Let admins log in without validating their email, but normal users must have validated their email or been admin created - if ((!$user->admin) && (!$user->validated) && (!$user->admin_created)) { + if ((!$user->isAdmin()) && (!$user->validated) && (!$user->admin_created)) { return false; } @@ -335,7 +336,7 @@ function reset_login_failure_count($user_guid) { * @return bool on exceeded limit. */ function check_rate_limit_exceeded($user_guid) { - // 5 failures in 5 minutes causes temporary block on logins + // 5 failures in 5 minutes causes temporary block on logins $limit = 5; $user_guid = (int)$user_guid; $user = get_entity($user_guid); @@ -434,7 +435,7 @@ function login(ElggUser $user, $persistent = false) { function logout() { global $CONFIG; - if (isset($_SESSION['user'])) { + if (isset($_SESSION['user'])) { if (!trigger_elgg_event('logout','user',$_SESSION['user'])) { return false; } @@ -532,7 +533,7 @@ function session_init($event, $object_type, $object) { unset($_SESSION['id']); unset($_SESSION['guid']); unset($_SESSION['code']); - + // is there a remember me cookie if (isset($_COOKIE['elggperm'])) { // we have a cookie, so try to log the user in @@ -545,7 +546,7 @@ function session_init($event, $object_type, $object) { $_SESSION['guid'] = $_SESSION['id']; $_SESSION['code'] = $_COOKIE['elggperm']; } - } + } } else { // we have a session and we have already checked the fingerprint // reload the user object from database in case it has changed during the session |