actions_2login_8php_source.html

 <?php
 use Elgg\Exceptions\AuthenticationException;
 use Elgg\Exceptions\LoginException;

 $username = get_input('username');
 $password = get_input('password', null, false);
 $persistent = (bool) get_input('persistent');
 $result = false;

 if (empty($username) || empty($password)) {
     return elgg_error_response(elgg_echo('login:empty'), REFERRER, ELGG_HTTP_BAD_REQUEST);
 }

 // fetch the user (even disabled)
 $user = elgg_call(ELGG_SHOW_DISABLED_ENTITIES, function() use ($username) {
     return elgg_get_user_by_username($username, true);
 });

 if ($user instanceof \ElggUser) {
     // could be fetched based on email address
     $username = $user->username;
 }

 try {
     // try to authenticate
     $result = elgg_pam_authenticate('user', [
         'username' => $username,
         'password' => $password,
     ]);
     if ($result !== true) {
         // was due to missing hash?
         if ($user && !$user->password_hash) {
             // if we did this in user password PAM handler, visitors could sniff account usernames from
             // email addresses. Instead, this lets us give the visitor only the information
             // they provided.
             elgg_get_session()->set('forgotpassword:hash_missing', get_input('username'));
             $output = [
                 'forward' => elgg_generate_url('account:password:reset'),
             ];
             return elgg_ok_response($output, '', elgg_generate_url('account:password:reset'));
         }

         throw new LoginException(elgg_echo('LoginException:Unknown'));
     }

     if (!$user) {
         throw new LoginException(elgg_echo('login:baduser'));
     }

     elgg_login($user, $persistent);
 } catch (AuthenticationException | LoginException $e) {
     $prev = $e->getPrevious();

     $forward = null;
     if ($prev instanceof LoginException) {
         $forward = $prev->getRedirectUrl();
     } elseif ($e instanceof LoginException) {
         $forward = $e->getRedirectUrl();
     }

     // if a forward url is set we need to use a ok response.
     // The login action is mostly used as an AJAX action and AJAX actions do not support redirects.
     if (!empty($forward)) {
         // Registering an error as we use an OK response
         // It makes no sense for AJAX actions as a OK response with a forward will instantly redirect without time to read the message
         $error = $e->getMessage();
         if (!empty($error) && !elgg_is_xhr()) {
             elgg_register_error_message($error);
         }

         return elgg_ok_response('', '', $forward);
     }

     return elgg_error_response($e->getMessage(), REFERRER, ELGG_HTTP_UNAUTHORIZED);
 }

 if (elgg_is_xhr()) {
     // Hold the system messages until the client refreshes the page.
     set_input('elgg_fetch_messages', 0);
 }

 $output = [
     'user' => $user,
 ];
 $message = elgg_echo('loginok', [], $user->getLanguage(elgg_get_current_language()));

 return elgg_ok_response($output, $message, elgg_get_login_forward_url($user));
elgg_get_current_language
elgg_get_current_language()
Get the current system/user language or &#39;en&#39;.
Definition: languages.php:27

elgg_call
elgg_call(int $flags, Closure $closure)
Calls a callable autowiring the arguments using public DI services and applying logic based on flags...
Definition: elgglib.php:299

AuthenticationException
Elgg login action.

$forward
if(!$deleted) $forward
Definition: delete.php:33

Elgg\Exceptions\LoginException
Generic parent class for login exceptions.
Definition: LoginException.php:12

elgg_ok_response
elgg_ok_response($content= '', string|array $message= '', string $forward_url=null, int $status_code=ELGG_HTTP_OK)
Prepares a successful response to be returned by a page or an action handler.
Definition: pagehandler.php:224

elgg_get_user_by_username
elgg_get_user_by_username(string $username, bool $try_email=false)
Get a user by username.
Definition: users.php:39

$message
catch(AuthenticationException|LoginException $e) if(elgg_is_xhr()) $message
Definition: login.php:89

Elgg\Exceptions\AuthenticationException
Thrown by the AuthenticationService.
Definition: AuthenticationException.php:10

elgg_get_session
elgg_get_session()
Gets Elgg&#39;s session object.
Definition: sessions.php:15

elgg_echo
elgg_echo(string $message_key, array $args=[], string $language= '')
Elgg language module Functions to manage language and translations.
Definition: languages.php:17

ELGG_HTTP_UNAUTHORIZED
const ELGG_HTTP_UNAUTHORIZED
Definition: constants.php:65

set_input
set_input(string $variable, $value)
Sets an input value that may later be retrieved by get_input.
Definition: input.php:34

elseif
if($item instanceof\ElggEntity) elseif($item instanceof\ElggRiverItem) elseif($item instanceof\ElggRelationship) elseif(is_callable([$item, 'getType']))
Definition: item.php:48

get_input
get_input(string $variable, $default=null, bool $filter_result=true)
Parameter input functions.
Definition: input.php:20

$persistent
$persistent
Definition: login.php:11

$error
$error
Bad request error.
Definition: 400.php:6

elgg_error_response
elgg_error_response(string|array $message= '', string $forward_url=REFERRER, int $status_code=ELGG_HTTP_BAD_REQUEST)
Prepare an error response to be returned by a page or an action handler.
Definition: pagehandler.php:245

REFERRER
const REFERRER
Used in calls to forward() to specify the browser should be redirected to the referring page...
Definition: constants.php:37

$username
$username
Definition: login.php:9

ELGG_SHOW_DISABLED_ENTITIES
const ELGG_SHOW_DISABLED_ENTITIES
Definition: constants.php:132

$result
$result
Definition: login.php:12

elgg_get_login_forward_url
elgg_get_login_forward_url(\ElggUser $user)
Determine which URL the user should be forwarded to upon successful login.
Definition: sessions.php:141

$password
$password
Definition: login.php:10

elgg_pam_authenticate
elgg_pam_authenticate(string $policy, array $authentication_params=[])
Start an authentication process.
Definition: pam.php:58

elgg_register_error_message
elgg_register_error_message(string|array $options)
Registers a error system message.
Definition: elgglib.php:62

ELGG_HTTP_BAD_REQUEST
const ELGG_HTTP_BAD_REQUEST
Definition: constants.php:64

elgg_login
elgg_login(\ElggUser $user, bool $persistent=false)
Log in a user.
Definition: sessions.php:81

$user
if(empty($username)||empty($password)) $user
Definition: login.php:19

elgg_generate_url
elgg_generate_url(string $name, array $parameters=[])
Generate a URL for named route.
Definition: pagehandler.php:133

elgg_is_xhr
elgg_is_xhr()
Checks whether the request was requested via ajax.
Definition: actions.php:78

LoginException
Login as the specified user.

Elgg\Exceptions\HttpException\getRedirectUrl
getRedirectUrl()
Get preferred redirect URL.
Definition: HttpException.php:65

$output
catch(AuthenticationException|LoginException $e) if(elgg_is_xhr()) $output
Definition: login.php:86

ElggUser
Definition: ElggUser.php:28