From e7dab1a754c85b8f1e7beeac49496ed9e7435b45 Mon Sep 17 00:00:00 2001 From: ben Date: Wed, 28 May 2008 09:52:51 +0000 Subject: Revamped the login functions to separate login from authentication. git-svn-id: https://code.elgg.org/elgg/trunk@728 36083f99-b078-4883-b0ff-0f9b5a30f544 --- actions/login.php | 7 ++-- engine/lib/sessions.php | 92 ++++++++++++++++++++++++------------------------- 2 files changed, 51 insertions(+), 48 deletions(-) diff --git a/actions/login.php b/actions/login.php index e79799a30..1a47dcb51 100644 --- a/actions/login.php +++ b/actions/login.php @@ -17,9 +17,12 @@ $password = get_input("password"); $persistent = get_input("persistent"); - // If all is present and correct, try to log in + // If all is present and correct, try to log in + $result = false; if (!empty($username) && !empty($password)) { - $result = login($username, $password, $persistent); + if ($user = authenticate($username,$password)) { + $result = login($user, $persistent); + } } // Set the system_message as appropriate diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index cb3afc00a..ee6bb5c38 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -27,64 +27,64 @@ } /** - * Allows the user to log in. + * Perform standard authentication with a given username and password. + * Returns an ElggUser object for use with login. * - * This function can be extended with the 'user''login' plugin hook; - * any extension functions must return a user object. The extension function - * will be given any parameters to login() as an array. - * + * @see login * @param string $username The username, optionally (for standard logins) * @param string $password The password, optionally (for standard logins) - * @param true|false $persistent Should the login be persistent? - * @return true|false Whether login was successful + * @return ElggUser|false The authenticated user object, or false on failure. */ - function login($username = "", $password = "", $persistent = false) { - - global $CONFIG; - - if ($user = trigger_plugin_hook('login','user',func_get_args(),false)) { - trigger_event('login','user',$user); - return true; - } + + function authenticate($username, $password) { $dbpassword = md5($password); if ($user = get_user_by_username($username)) { if ($user->password == $dbpassword) { - - if (!trigger_event('login','user',$user)) return false; - - $_SESSION['user'] = $user; - $_SESSION['guid'] = $user->getGUID(); - $_SESSION['id'] = $_SESSION['guid']; - $_SESSION['username'] = $user->username; - $_SESSION['name'] = $user->name; - - $code = (md5($user->name . $user->username . time() . rand())); - // update_data("update {$CONFIG->dbprefix}users set code = '".md5($code)."' where id = {$user->id}"); - $user->code = md5($code); - $user->save(); - - //$code = md5($code); // This is a deliberate re-MD5-ing + // return login($user,$persisten); + return $user; + } + } + + return false; + + } + + /** + * Logs in a specified ElggUser. For standard registration, use in conjunction + * with authenticate. + * + * @see authenticate + * @param ElggUser $user A valid Elgg user object + * @param boolean $persistent Should this be a persistent login? + * @return true|false Whether login was successful + */ + function login(ElggUser $user, $persistent = false) { + + global $CONFIG; + + if (!trigger_event('login','user',$user)) return false; + + $_SESSION['user'] = $user; + $_SESSION['guid'] = $user->getGUID(); + $_SESSION['id'] = $_SESSION['guid']; + $_SESSION['username'] = $user->username; + $_SESSION['name'] = $user->name; - $_SESSION['code'] = $code; - //if (!empty($persistent)) { - - setcookie("elggperm", $code, (time()+(86400 * 30)),"/"); - - - //} - // set_login_fields($user->id); + $code = (md5($user->name . $user->username . time() . rand())); + $user->code = md5($code); + if (!$user->save()) + return false; - } - - return true; - } else { - return false; - } - - } + $_SESSION['code'] = $code; + if (($persistent)) + setcookie("elggperm", $code, (time()+(86400 * 30)),"/"); + + return true; + + } /** * Log the current user out -- cgit v1.2.3