Elgg  Version 4.x
login.php
Go to the documentation of this file.
1 <?php
6 use Elgg\Exceptions\LoginException;
7 
8 /* @var $request \Elgg\Request */
9 
10 $username = get_input('username');
11 $password = get_input('password', null, false);
12 $persistent = (bool) get_input("persistent");
13 $result = false;
14 
15 if (empty($username) || empty($password)) {
16  return elgg_error_response(elgg_echo('login:empty'), REFERRER, ELGG_HTTP_BAD_REQUEST);
17 }
18 
19 // check if logging in with email address
20 if (elgg_strpos($username, '@') !== false) {
21  $users = elgg_call(ELGG_SHOW_DISABLED_ENTITIES, function() use ($username) {
22  return get_user_by_email($username);
23  });
24 
25  if (!empty($users)) {
26  $username = $users[0]->username;
27  }
28 }
29 
30 // fetch the user (even disabled)
31 $user = elgg_call(ELGG_SHOW_DISABLED_ENTITIES, function () use ($username) {
32  return get_user_by_username($username);
33 });
34 
35 try {
36  // try to authenticate
37  $result = elgg_authenticate($username, $password);
38  if ($result !== true) {
39  // was due to missing hash?
40  if ($user && !$user->password_hash) {
41  // if we did this in pam_auth_userpass(), visitors could sniff account usernames from
42  // email addresses. Instead, this lets us give the visitor only the information
43  // they provided.
44  elgg_get_session()->set('forgotpassword:hash_missing', get_input('username'));
45  $output = [
46  'forward' => elgg_generate_url('account:password:reset'),
47  ];
48  return elgg_ok_response($output, '', elgg_generate_url('account:password:reset'));
49  }
50 
51  throw new LoginException($result);
52  }
53 
54  if (!$user) {
55  throw new LoginException(elgg_echo('login:baduser'));
56  }
57 
58  login($user, $persistent);
59 } catch (LoginException $e) {
60  $forward = $e->getRedirectUrl();
61  // if a forward url is set we need to use a ok response.
62  // The login action is mostly used as an AJAX action and AJAX actions do not support redirects.
63  if (!empty($forward)) {
64  // Registering an error as we use an OK response
65  // It makes no sense for AJAX actions as a OK response with a forward will instantly redirect without time to read the message
66  $error = $e->getMessage();
67  if (!empty($error) && !elgg_is_xhr()) {
68  elgg_register_error_message($error);
69  }
70 
71  return elgg_ok_response('', '', $forward);
72  }
73 
74  return elgg_error_response($e->getMessage(), REFERRER, ELGG_HTTP_UNAUTHORIZED);
75 }
76 
77 if ($request->isXhr()) {
78  // Hold the system messages until the client refreshes the page.
79  $request->setParam('elgg_fetch_messages', 0);
80 }
81 
82 $output = [
83  'user' => $user,
84 ];
85 $message = elgg_echo('loginok', [], $user->getLanguage(get_current_language()));
86 $forward_url = _elgg_get_login_forward_url($request, $user);
87 
88 return elgg_ok_response($output, $message, $forward_url);
elgg_call
elgg_call(int $flags, Closure $closure)
Calls a callable autowiring the arguments using public DI services and applying logic based on flags...
Definition: elgglib.php:731
$user
if(empty($username)||empty($password)) if(elgg_strpos($username, '@')!==false) $user
Definition: login.php:31
_elgg_get_login_forward_url
_elgg_get_login_forward_url(\Elgg\Request $request,\ElggUser $user)
Determine which URL the user should be forwarded to upon successful login.
Definition: sessions.php:332
get_user_by_email
get_user_by_email($email)
Get an array of users from an email address.
Definition: users.php:52
Elgg\Exceptions\LoginException
Generic parent class for login exceptions.
Definition: LoginException.php:12
$users
if(empty($user_guids)) $users
Definition: ban.php:12
get_current_language
get_current_language()
Get the current system/user language or "en".
Definition: languages.php:44
$request
$request
Definition: livesearch.php:11
elgg_get_session
elgg_get_session()
Gets Elgg&#39;s session object.
Definition: sessions.php:17
ELGG_HTTP_UNAUTHORIZED
const ELGG_HTTP_UNAUTHORIZED
Definition: constants.php:80
$output
catch(LoginException $e) if($request->isXhr()) $output
Definition: login.php:82
elgg_echo
elgg_echo($message_key, array $args=[], $language="")
Elgg language module Functions to manage language and translations.
Definition: languages.php:18
get_user_by_username
get_user_by_username($username)
Get user by username.
Definition: users.php:41
$persistent
$persistent
Definition: login.php:12
$error
$error
Bad request error.
Definition: 400.php:6
$forward
if(!$deleted) $forward
Definition: delete.php:33
REFERRER
const REFERRER
Definition: constants.php:42
$username
$username
Definition: login.php:10
ELGG_SHOW_DISABLED_ENTITIES
const ELGG_SHOW_DISABLED_ENTITIES
Definition: constants.php:148
$result
$result
Definition: login.php:13
get_input
get_input($variable, $default=null, $filter_result=true)
Parameter input functions.
Definition: input.php:20
elgg_strpos
elgg_strpos()
Wrapper function for mb_strpos().
Definition: mb_wrapper.php:69
elgg_generate_url
elgg_generate_url($name, array $parameters=[])
Generate a URL for named route.
Definition: pagehandler.php:123
$password
$password
Definition: login.php:11
elgg_register_error_message
elgg_register_error_message($options)
Registers a error system message.
Definition: elgglib.php:62
ELGG_HTTP_BAD_REQUEST
const ELGG_HTTP_BAD_REQUEST
Definition: constants.php:79
elgg_authenticate
elgg_authenticate($username, $password)
Perform user authentication with a given username and password.
Definition: sessions.php:73
$forward_url
$forward_url
Definition: login.php:86
elgg_error_response
elgg_error_response($message= '', $forward_url=REFERRER, int $status_code=ELGG_HTTP_BAD_REQUEST)
Prepare an error response to be returned by a page or an action handler.
Definition: pagehandler.php:242
login
login(\ElggUser $user, $persistent=false)
Logs in a specified .
Definition: sessions.php:249
elgg_ok_response
elgg_ok_response($content= '', $message= '', $forward_url=null, int $status_code=ELGG_HTTP_OK)
Prepares a successful response to be returned by a page or an action handler.
Definition: pagehandler.php:215
elgg_is_xhr
elgg_is_xhr()
Checks whether the request was requested via ajax.
Definition: actions.php:76
LoginException
Login as the specified user.
$message
catch(LoginException $e) if($request->isXhr()) $message
Definition: login.php:85
Elgg\Exceptions\HttpException\getRedirectUrl
getRedirectUrl()
Get preferred redirect URL.
Definition: HttpException.php:65
Generated on Tue May 17 2022 00:00:20 for Elgg by   doxygen 1.8.11