Elgg  Version 4.3
login.php
Go to the documentation of this file.
1 <?php
8 
9 $username = get_input('username');
10 $password = get_input('password', null, false);
11 $persistent = (bool) get_input("persistent");
12 $result = false;
13 
14 if (empty($username) || empty($password)) {
16 }
17 
18 // check if logging in with email address
19 if (elgg_strpos($username, '@') !== false) {
22  });
23 
24  if (!empty($users)) {
25  $username = $users[0]->username;
26  }
27 }
28 
29 // fetch the user (even disabled)
32 });
33 
34 try {
35  // try to authenticate
36  $result = elgg_pam_authenticate('user', [
37  'username' => $username,
38  'password' => $password,
39  ]);
40  if ($result !== true) {
41  // was due to missing hash?
42  if ($user && !$user->password_hash) {
43  // if we did this in user password PAM handler, visitors could sniff account usernames from
44  // email addresses. Instead, this lets us give the visitor only the information
45  // they provided.
46  elgg_get_session()->set('forgotpassword:hash_missing', get_input('username'));
47  $output = [
48  'forward' => elgg_generate_url('account:password:reset'),
49  ];
50  return elgg_ok_response($output, '', elgg_generate_url('account:password:reset'));
51  }
52 
53  throw new LoginException(elgg_echo('LoginException:Unknown'));
54  }
55 
56  if (!$user) {
57  throw new LoginException(elgg_echo('login:baduser'));
58  }
59 
62  $prev = $e->getPrevious();
63 
64  $forward = null;
65  if ($prev instanceof LoginException) {
66  $forward = $prev->getRedirectUrl();
67  } elseif ($e instanceof LoginException) {
68  $forward = $e->getRedirectUrl();
69  }
70 
71  // if a forward url is set we need to use a ok response.
72  // The login action is mostly used as an AJAX action and AJAX actions do not support redirects.
73  if (!empty($forward)) {
74  // Registering an error as we use an OK response
75  // It makes no sense for AJAX actions as a OK response with a forward will instantly redirect without time to read the message
76  $error = $e->getMessage();
77  if (!empty($error) && !elgg_is_xhr()) {
79  }
80 
81  return elgg_ok_response('', '', $forward);
82  }
83 
84  return elgg_error_response($e->getMessage(), REFERRER, ELGG_HTTP_UNAUTHORIZED);
85 }
86 
87 if (elgg_is_xhr()) {
88  // Hold the system messages until the client refreshes the page.
89  set_input('elgg_fetch_messages', 0);
90 }
91 
93  'user' => $user,
94 ];
95 $message = elgg_echo('loginok', [], $user->getLanguage(elgg_get_current_language()));
96 
elgg_get_current_language()
Get the current system/user language or "en".
Definition: languages.php:29
elgg_call(int $flags, Closure $closure)
Calls a callable autowiring the arguments using public DI services and applying logic based on flags...
Definition: elgglib.php:592
if(empty($username)||empty($password)) if(elgg_strpos($username, '@')!==false) $user
Definition: login.php:30
Elgg login action.
if(!$deleted) $forward
Definition: delete.php:33
get_user_by_email($email)
Get an array of users from an email address.
Definition: users.php:52
Generic parent class for login exceptions.
if(empty($user_guids)) $users
Definition: ban.php:12
catch(AuthenticationException|LoginException $e) if(elgg_is_xhr()) $message
Definition: login.php:95
Thrown by the AuthenticationService.
elgg_get_session()
Gets Elgg&#39;s session object.
Definition: sessions.php:15
const ELGG_HTTP_UNAUTHORIZED
Definition: constants.php:80
elgg_echo($message_key, array $args=[], $language="")
Elgg language module Functions to manage language and translations.
Definition: languages.php:18
get_user_by_username($username)
Get user by username.
Definition: users.php:41
set_input($variable, $value)
Sets an input value that may later be retrieved by get_input.
Definition: input.php:34
$persistent
Definition: login.php:11
$error
Bad request error.
Definition: 400.php:6
const REFERRER
Definition: constants.php:42
$username
Definition: login.php:9
const ELGG_SHOW_DISABLED_ENTITIES
Definition: constants.php:148
$result
Definition: login.php:12
get_input($variable, $default=null, $filter_result=true)
Parameter input functions.
Definition: input.php:20
elgg_strpos()
Wrapper function for mb_strpos().
Definition: mb_wrapper.php:69
elgg_generate_url($name, array $parameters=[])
Generate a URL for named route.
elgg_get_login_forward_url(\ElggUser $user)
Determine which URL the user should be forwarded to upon successful login.
Definition: sessions.php:141
$password
Definition: login.php:10
elgg_pam_authenticate(string $policy, array $authentication_params=[])
Start an authentication process.
Definition: pam.php:58
elgg_register_error_message($options)
Registers a error system message.
Definition: elgglib.php:62
const ELGG_HTTP_BAD_REQUEST
Definition: constants.php:79
if($item instanceof\ElggEntity) elseif($item instanceof\ElggRiverItem) elseif($item instanceof ElggRelationship) elseif(is_callable([$item, 'getType']))
Definition: item.php:48
elgg_login(\ElggUser $user, bool $persistent=false)
Log in a user.
Definition: sessions.php:81
elgg_error_response($message= '', $forward_url=REFERRER, int $status_code=ELGG_HTTP_BAD_REQUEST)
Prepare an error response to be returned by a page or an action handler.
elgg_ok_response($content= '', $message= '', $forward_url=null, int $status_code=ELGG_HTTP_OK)
Prepares a successful response to be returned by a page or an action handler.
elgg_is_xhr()
Checks whether the request was requested via ajax.
Definition: actions.php:76
Login as the specified user.
getRedirectUrl()
Get preferred redirect URL.
catch(AuthenticationException|LoginException $e) if(elgg_is_xhr()) $output
Definition: login.php:92