80 if ($current_user && $current_user->guid ==
$user_guid) {
81 return $current_user->isAdmin();
95 $query =
"SELECT 1 FROM {$CONFIG->dbprefix}users_entity as e, 96 {$CONFIG->dbprefix}metadata as md 99 AND md.value_id IN ('$yes', '$one') 100 AND e.guid = md.entity_guid 101 AND e.guid = {$user_guid} 105 $query =
"SELECT 1 FROM {$CONFIG->dbprefix}users_entity as e 107 e.guid = {$user_guid} 115 if (!((is_array($info) && count($info) < 1) || $info ===
false)) {
137 $pam = new \ElggPAM(
'user');
139 $result = $pam->authenticate($credentials);
141 return $pam->getFailureMessage();
160 if (!isset($credentials[
'username']) || !isset($credentials[
'password'])) {
166 throw new \LoginException(
_elgg_services()->translator->translate(
'LoginException:UsernameFailure'));
170 throw new \LoginException(
_elgg_services()->translator->translate(
'LoginException:AccountLocked'));
175 $hash =
$user->password_hash;
179 $legacy_hash = $password_svc->generateLegacyHash(
$user,
$password);
180 if (
$user->password !== $legacy_hash) {
182 throw new \LoginException(
_elgg_services()->translator->translate(
'LoginException:PasswordFailure'));
190 if (!$password_svc->verify(
$password, $hash)) {
192 throw new \LoginException(
_elgg_services()->translator->translate(
'LoginException:PasswordFailure'));
195 if ($password_svc->needsRehash($hash)) {
214 $fails = (int)
$user->getPrivateSetting(
"login_failures");
217 $user->setPrivateSetting(
"login_failures", $fails);
218 $user->setPrivateSetting(
"login_failure_$fails", time());
237 $fails = (int)
$user->getPrivateSetting(
"login_failures");
240 for (
$n = 1;
$n <= $fails;
$n++) {
241 $user->removePrivateSetting(
"login_failure_$n");
244 $user->removePrivateSetting(
"login_failures");
270 $fails = (int)
$user->getPrivateSetting(
"login_failures");
274 for (
$n = $fails;
$n > 0;
$n--) {
275 $f =
$user->getPrivateSetting(
"login_failure_$n");
276 if ($f > $time - (60 * 5)) {
302 return setcookie($cookie->name, $cookie->value, $cookie->expire, $cookie->path,
303 $cookie->domain, $cookie->secure, $cookie->httpOnly);
322 throw new \LoginException(
elgg_echo(
'LoginException:BannedUser'));
329 throw new \LoginException(
elgg_echo(
'LoginException:Unknown'));
337 $message =
"The 'login' event was deprecated. Register for 'login:before' or 'login:after'";
341 throw new \LoginException(
elgg_echo(
'LoginException:Unknown'));
361 register_shutdown_function(
"_elgg_invalidate_memcache_for_entity",
$guid);
384 $message =
"The 'logout' event was deprecated. Register for 'logout:before' or 'logout:after'";
442 $SESSION = new \Elgg\DeprecationWrapper(
$session,
"\$SESSION is deprecated", 1.9);
elgg_is_logged_in()
Returns whether or not the user is currently logged in.
elgg_is_admin_logged_in()
Returns whether or not the viewer is currently logged in and an admin user.
register_pam_handler($handler, $importance="sufficient", $policy="user")
Register a PAM handler.
elgg_get_session()
Gets Elgg's session object.
getGUID()
Returns the guid.
$guid
Removes an admin notice.
reset_login_failure_count($user_guid)
Resets the fail login count for $user_guid.
set_last_login($user_guid)
Sets the last logon time of the given user to right now.
elgg forward
Meant to mimic the php forward() function by simply redirecting the user to another page...
elgg_trigger_before_event($event, $object_type, $object=null)
Trigger a "Before event" indicating a process is about to begin.
pam_auth_userpass(array $credentials=array())
Hook into the PAM system which accepts a username and password and attempts to authenticate it agains...
get_user_by_username($username)
Get user by username.
check_rate_limit_exceeded($user_guid)
Checks if the rate limit of failed logins has been exceeded for $user_guid.
elgg_echo($message_key, $args=array(), $language="")
Given a message key, returns an appropriately translated full-text string.
elgg_trigger_deprecated_event($event, $object_type, $object=null, $message, $version)
Trigger an event normally, but send a notice about deprecated use if any handlers are registered...
datalist_get($name)
Get the value of a datalist element.
elgg_is_admin_user($user_guid)
Check if the given user has full access.
set_last_action($user_guid)
Sets the last action time of the given user to right now.
elgg global
Pointer to the global context.
elgg_set_cookie(\ElggCookie $cookie)
Set a cookie, but allow plugins to customize it first.
logout()
Log the current user out.
get_data($query, $callback="")
Retrieve rows from the database.
elgg_authenticate($username, $password)
Perform user authentication with a given username and password.
login(\ElggUser $user, $persistent=false)
Logs in a specified .
elgg_trigger_after_event($event, $object_type, $object=null)
Trigger an "After event" indicating a process has finished.
elgg_get_logged_in_user_entity()
Return the current logged in user, or null if no user is logged in.
isBanned()
Is this user banned or not?
is_memcache_available()
Return true if memcache is available and configured.
elgg_register_action($action, $filename="", $access= 'logged_in')
Registers an action.
global $SESSION
Elgg magic session.
_elgg_session_boot()
Initializes the session and checks for the remember me cookie.
$user_guid
Avatar remove action.
elgg_trigger_event($event, $object_type, $object=null)
log_login_failure($user_guid)
Log a failed login for $user_guid.
elgg_get_logged_in_user_guid()
Return the current logged in user by guid.
get_entity($guid)
Loads and returns an entity object from a guid.