aboutsummaryrefslogtreecommitdiff
path: root/actions/login.php
blob: 86160bb00fddd25bac799de1b92603f7968eaaeb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
/**
 * Elgg login action
 *
 * @package Elgg
 * @subpackage Core
 * @author Curverider Ltd
 * @link http://elgg.org/
 */

// Safety first
action_gatekeeper();

// Get username and password
$username = get_input('username');
$password = get_input("password");
$persistent = get_input("persistent", false);

// If all is present and correct, try to log in
$result = false;
if (!empty($username) && !empty($password)) {
	if ($user = authenticate($username,$password)) {
		$result = login($user, $persistent);
	}
}

// Set the system_message as appropriate
if ($result) {
	system_message(elgg_echo('loginok'));
	if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) {
		$forward_url = $_SESSION['last_forward_from'];
		unset($_SESSION['last_forward_from']);
		forward($forward_url);
	} else {
		if ( (isadminloggedin()) && (!datalist_get('first_admin_login'))) {
			system_message(elgg_echo('firstadminlogininstructions'));
			datalist_set('first_admin_login', time());

			forward('pg/admin/plugins');
		} else if (get_input('returntoreferer')) {
			forward($_SERVER['HTTP_REFERER']);
		} else {
			forward("pg/dashboard/");
		}
	}
} else {
	$error_msg = elgg_echo('loginerror');
	// figure out why the login failed
	if (!empty($username) && !empty($password)) {
		// See if it exists and is disabled
		$access_status = access_get_show_hidden_status();
		access_show_hidden_entities(true);
		if (($user = get_user_by_username($username)) && !$user->validated) {
			// give plugins a chance to respond
			if (!trigger_plugin_hook('unvalidated_login_attempt','user',array('entity'=>$user))) {
				// if plugins have not registered an action, the default action is to
				// trigger the validation event again and assume that the validation
				// event will display an appropriate message
				trigger_elgg_event('validate', 'user', $user);
			}
		} else {
			register_error(elgg_echo('loginerror'));
		}
		access_show_hidden_entities($access_status);
	} else {
		register_error(elgg_echo('loginerror'));
	}
}