aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/sessions.php157
-rw-r--r--engine/lib/users.php37
2 files changed, 194 insertions, 0 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
new file mode 100644
index 000000000..62cf7e398
--- /dev/null
+++ b/engine/lib/sessions.php
@@ -0,0 +1,157 @@
+<?php
+
+ /**
+ * Elgg session management
+ * Functions to manage logins
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Curverider Ltd
+ * @copyright Curverider Ltd 2008
+ * @link http://elgg.org/
+ */
+
+ /**
+ * Returns whether or not the user is currently logged in
+ *
+ * @uses $_SESSION
+ * @return true|false
+ */
+ function isloggedin() {
+
+ if ($_SESSION['guid'] > 0)
+ return true;
+ return false;
+
+ }
+
+ /**
+ * Log in
+ *
+ * @param string $username
+ * @param string $password
+ * @param true|false $persistent
+ * @return true|false
+ */
+ function login($username, $password, $persistent = false) {
+
+ global $CONFIG;
+ $dbpassword = md5($password);
+
+ if ($user = get_user_by_username($username)) {
+ if ($user->password == $dbpassword) {
+
+ $_SESSION['user'] = $user;
+ $_SESSION['guid'] = $user->getGUID();
+ $_SESSION['id'] = $_SESSION['guid'];
+ $_SESSION['username'] = $user->username;
+ $_SESSION['name'] = $user->name;
+
+ $code = (md5($user->name . $user->username . time() . rand()));
+ // update_data("update {$CONFIG->dbprefix}users set code = '".md5($code)."' where id = {$user->id}");
+ $user->code = md5($code);
+ $user->save();
+
+ //$code = md5($code); // This is a deliberate re-MD5-ing
+
+ $_SESSION['code'] = $code;
+ //if (!empty($persistent)) {
+
+ setcookie("elggperm", $code, (time()+(86400 * 30)),"/");
+
+ //}
+ // set_login_fields($user->id);
+
+
+ }
+
+ return true;
+ } else {
+ return false;
+ }
+
+ }
+
+ /**
+ * Log the current user out
+ *
+ * @return true|false
+ */
+ function logout() {
+ global $CONFIG;
+
+ if (isset($_SESSION['user'])) {
+ $_SESSION['user']->code = "";
+ $_SESSION['user']->save();
+ }
+ unset($_SESSION['username']);
+ unset($_SESSION['name']);
+ unset($_SESSION['code']);
+ unset($_SESSION['guid']);
+ unset($_SESSION['id']);
+ unset($_SESSION['user']);
+
+ setcookie("elggperm", "", (time()-(86400 * 30)),"/");
+
+ return true;
+ }
+
+ /**
+ * Initialises the system session and potentially logs the user in
+ *
+ * This function looks for:
+ *
+ * 1. $_SESSION['id'] - if not present, we're logged out, and this is set to -1
+ * 2. The cookie 'elggperm' - if present, checks it for an authentication token, validates it, and potentially logs the user in
+ *
+ * @uses $_SESSION
+ * @param unknown_type $event
+ * @param unknown_type $object_type
+ * @param unknown_type $object
+ */
+ function session_init($event, $object_type, $object) {
+ session_name('Elgg');
+ session_start();
+
+ if (empty($_SESSION['guid'])) {
+ if (isset($_COOKIE['elggperm'])) {
+
+ $code = $_COOKIE['elggperm'];
+ $code = md5($code);
+ if ($user = get_user_by_code($code)) {
+ $_SESSION['user'] = $user;
+ $_SESSION['id'] = $user->getGUID();
+ $_SESSION['guid'] = $_SESSION['id'];
+ $_SESSION['code'] = $_COOKIE['elggperm'];
+ } else {
+ $_SESSION['id'] = -1;
+ }
+ } else {
+ $_SESSION['id'] = -1;
+ }
+ } else {
+ if (!empty($_SESSION['code'])) {
+ $code = md5($_SESSION['code']);
+ if ($user = get_user_by_code($code)) {
+ $_SESSION['user'] = $user;
+ } else {
+ }
+ } else {
+ $_SESSION['id'] = -1;
+ }
+ }
+ if ($_SESSION['id'] > 0) {
+ // set_last_action($_SESSION['id']);
+ }
+ }
+
+ register_event_handler("init","system","session_init");
+
+ //register actions *************************************************************
+
+ register_action("login",true);
+ register_action("logout");
+
+
+?> \ No newline at end of file
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 8af060575..02a7773dd 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -406,5 +406,42 @@
function get_user_objects($user_guid, $subtype = "", $limit = 10, $offset = 0) {
return get_entities('object',$subtype, $user_guid, "time_created desc", $limit, $offset);
}
+
+ /**
+ * Get user by username
+ *
+ * @param string $username The user's username
+ * @return ElggUser|false Depending on success
+ */
+ function get_user_by_username($username)
+ {
+ global $CONFIG;
+ $username = sanitise_string($username);
+ $row = get_data_row("SELECT * from {$CONFIG->dbprefix}users_entity where username='$username'");
+
+ if ($row)
+ return new ElggUser($row);
+
+ return false;
+ }
+
+ /**
+ * Get user by session code
+ *
+ * @param string $code The session code
+ * @return ElggUser|false Depending on success
+ */
+ function get_user_by_code($code)
+ {
+ global $CONFIG;
+
+ $code = sanitise_string($code);
+ $row = get_data_row("SELECT * from {$CONFIG->dbprefix}users_entity where code='$code'");
+
+ if ($row)
+ return new ElggUser($row);
+
+ return false;
+ }
?> \ No newline at end of file