From 0a017d37174296abd5a1a34284eaf9313b32ecf4 Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Mon, 22 Sep 2008 20:42:20 +0000
Subject: API improvement. Authentication via token now logs user in for that
 session.

git-svn-id: https://code.elgg.org/elgg/trunk@2103 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/api.php | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'engine/lib/api.php')

diff --git a/engine/lib/api.php b/engine/lib/api.php
index f32faf9d5..b60f90572 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -737,6 +737,8 @@
 	/**
 	 * Function that examines whether an authentication token is present returning true if it is, OR the requested 
 	 * method doesn't require one.
+	 * 
+	 * If a token is present and a validated user id is returned, that user is logged in to the current session.
 	 *
 	 * @param unknown_type $credentials
 	 */
@@ -749,6 +751,9 @@
 		
 		$validated_userid = validate_user_token($CONFIG->site_id, $token); 
 		
+		if ($validated_userid)
+			login(get_entity($validated_userid));
+		
 		if ((!$METHODS[$method]["require_auth_token"]) || ($validated_userid) || (isloggedin()))
 			return true;
 		else
-- 
cgit v1.2.3