From dfc57f305c8c0de9933d6501668617fc1a195b82 Mon Sep 17 00:00:00 2001
From: ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Wed, 28 May 2008 10:28:00 +0000
Subject: Solidifying the login() function so that the session data is always
 consistent.

git-svn-id: https://code.elgg.org/elgg/trunk@729 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/sessions.php | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'engine')

diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index ee6bb5c38..790f11b1a 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -42,7 +42,6 @@
             
             if ($user = get_user_by_username($username)) {
                  if ($user->password == $dbpassword) {
-                 	// return login($user,$persisten);
                  	return $user;
                  }
             }
@@ -63,8 +62,6 @@
 		function login(ElggUser $user, $persistent = false) {
             
             global $CONFIG;
-            
-            if (!trigger_event('login','user',$user)) return false;
                  
             $_SESSION['user'] = $user;
             $_SESSION['guid'] = $user->getGUID();
@@ -75,10 +72,19 @@
             $code = (md5($user->name . $user->username . time() . rand()));
 
             $user->code = md5($code);
-            if (!$user->save())
-            	return false;
-                     
+            
             $_SESSION['code'] = $code;
+            
+            if (!$user->save() || !trigger_event('login','user',$user)) {
+            	unset($_SESSION['username']);
+	            unset($_SESSION['name']);
+	            unset($_SESSION['code']);
+	            unset($_SESSION['guid']);
+	            unset($_SESSION['id']);
+	            unset($_SESSION['user']);
+            	return false;
+            }
+            	
             if (($persistent))
 				setcookie("elggperm", $code, (time()+(86400 * 30)),"/");
 
-- 
cgit v1.2.3