From fad92747bec989fd6728eb7349c9ede4674764ff Mon Sep 17 00:00:00 2001 From: brettp Date: Thu, 30 Sep 2010 19:56:49 +0000 Subject: Fixes #617, #2271 User validation removed from core to UserValidationByEmail plugin. Without a validation plugin, users can login immediately. Fixes #2243 Removed "You have validated your email" email. Users are logged in immediately after registration or validating email. Refs #2409 Added register, user plugin hook that is called only on self registration. Can be used to halt registration. git-svn-id: http://code.elgg.org/elgg/trunk@6983 36083f99-b078-4883-b0ff-0f9b5a30f544 --- actions/login.php | 74 ++++++++++++++++++++++++++----------------------------- 1 file changed, 35 insertions(+), 39 deletions(-) (limited to 'actions/login.php') diff --git a/actions/login.php b/actions/login.php index ef6b0b898..0063a1f08 100644 --- a/actions/login.php +++ b/actions/login.php @@ -2,37 +2,37 @@ /** * Elgg login action * - * @package Elgg - * @subpackage Core - * @author Curverider Ltd - * @link http://elgg.org/ + * @package Elgg.Core + * @subpackage User.Authentication */ -// Get username and password $username = get_input('username'); $password = get_input("password"); -$persistent = get_input("persistent", false); +$persistent = get_input("persistent", FALSE); +$result = FALSE; -// If all is present and correct, try to log in -$result = false; -if (!empty($username) && !empty($password)) { - // check first if this is an email address and do a login - // email addies will be validated - if (strpos($username, '@') !== FALSE && ($user=get_user_by_email($username))) { - $username = $user[0]->username; - } +if (empty($username) || empty($password)) { + register_error(elgg_echo('loginerror')); + forward(); +} - if ($user = authenticate($username, $password)) { - $result = login($user, $persistent); - } +// check first if logging in with email address +if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) { + $username = $users[0]->username; } -// Set the system_message as appropriate +if ($user = authenticate($username, $password)) { + $result = login($user, $persistent); +} + +// forward to correct page if ($result) { system_message(elgg_echo('loginok')); + if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) { $forward_url = $_SESSION['last_forward_from']; unset($_SESSION['last_forward_from']); + forward($forward_url); } else { if (get_input('returntoreferer')) { @@ -44,25 +44,21 @@ if ($result) { } } } else { - $error_msg = elgg_echo('loginerror'); - // figure out why the login failed - if (!empty($username) && !empty($password)) { - // See if it exists and is disabled - $access_status = access_get_show_hidden_status(); - access_show_hidden_entities(true); - if (($user = get_user_by_username($username)) && !$user->validated) { - // give plugins a chance to respond - if (!trigger_plugin_hook('unvalidated_login_attempt','user',array('entity'=>$user))) { - // if plugins have not registered an action, the default action is to - // trigger the validation event again and assume that the validation - // event will display an appropriate message - trigger_elgg_event('validate', 'user', $user); - } - } else { - register_error(elgg_echo('loginerror')); - } - access_show_hidden_entities($access_status); - } else { - register_error(elgg_echo('loginerror')); - } + register_error(elgg_echo('loginerror')); +// // let a plugin hook say why login failed or react to it. +// $params = array( +// 'username' => $username, +// 'password' => $password, +// 'persistent' => $persistent, +// 'user' => $user +// ); +// +// // Returning FALSE to this function will generate a standard +// // "Could not log you in" message. +// // Plugins should use this hook to provide details, and then return TRUE. +// if (!trigger_plugin_hook('failed_login', 'user', $params, FALSE)) { +// register_error(elgg_echo('loginerror')); +// } } + +forward(REFERRER); -- cgit v1.2.3