Elgg  Version 4.x
sessions.php
Go to the documentation of this file.
1 <?php
10 
17 function elgg_get_session() {
18  return _elgg_services()->session;
19 }
20 
27  return _elgg_services()->session->getLoggedInUser();
28 }
29 
37  return _elgg_services()->session->getLoggedInUserGuid();
38 }
39 
45 function elgg_is_logged_in() {
46  return _elgg_services()->session->isLoggedIn();
47 }
48 
55  return _elgg_services()->session->isAdminLoggedIn();
56 }
57 
74  $pam = new \ElggPAM('user');
75  $credentials = ['username' => $username, 'password' => $password];
76  $result = $pam->authenticate($credentials);
77  if (!$result) {
78  return $pam->getFailureMessage();
79  }
80  return true;
81 }
82 
95 function pam_auth_userpass(array $credentials = []) {
96 
97  if (!isset($credentials['username']) || !isset($credentials['password'])) {
98  return false;
99  }
100 
101  return elgg_call(ELGG_SHOW_DISABLED_ENTITIES, function() use ($credentials) {
102  $user = get_user_by_username($credentials['username']);
103  if (!$user) {
104  throw new LoginException(_elgg_services()->translator->translate('LoginException:UsernameFailure'));
105  }
106 
107  $password_svc = _elgg_services()->passwords;
108  $password = $credentials['password'];
109  $hash = $user->password_hash;
110 
111  if (check_rate_limit_exceeded($user->guid)) {
112  throw new LoginException(_elgg_services()->translator->translate('LoginException:AccountLocked'));
113  }
114  if (!$password_svc->verify($password, $hash)) {
115  log_login_failure($user->guid);
116  throw new LoginException(_elgg_services()->translator->translate('LoginException:PasswordFailure'));
117  }
118 
119  if ($password_svc->needsRehash($hash)) {
120  $password_svc->forcePasswordReset($user, $password);
121  }
122 
123  return true;
124  });
125 }
126 
136  $user_guid = (int) $user_guid;
138 
139  if (($user_guid) && ($user) && ($user instanceof \ElggUser)) {
140  $fails = (int) $user->getPrivateSetting("login_failures");
141  $fails++;
142 
143  $user->setPrivateSetting("login_failures", $fails);
144  $user->setPrivateSetting("login_failure_$fails", time());
145 
146  return true;
147  }
148 
149  return false;
150  });
151 }
152 
162  $user_guid = (int) $user_guid;
163 
165 
166  if (($user_guid) && ($user) && ($user instanceof \ElggUser)) {
167  $fails = (int) $user->getPrivateSetting("login_failures");
168 
169  if ($fails) {
170  for ($n = 1; $n <= $fails; $n++) {
171  $user->removePrivateSetting("login_failure_$n");
172  }
173 
174  $user->removePrivateSetting("login_failures");
175 
176  return true;
177  }
178 
179  // nothing to reset
180  return true;
181  }
182 
183  return false;
184  });
185 }
186 
196  // 5 failures in 5 minutes causes temporary block on logins
197  $limit = 5;
198  $user_guid = (int) $user_guid;
200 
201  if (($user_guid) && ($user) && ($user instanceof \ElggUser)) {
202  $fails = (int) $user->getPrivateSetting("login_failures");
203  if ($fails >= $limit) {
204  $cnt = 0;
205  $time = time();
206  for ($n = $fails; $n > 0; $n--) {
207  $f = $user->getPrivateSetting("login_failure_$n");
208  if ($f > $time - (60 * 5)) {
209  $cnt++;
210  }
211 
212  if ($cnt == $limit) {
213  // Limit reached
214  return true;
215  }
216  }
217  }
218  }
219 
220  return false;
221  });
222 }
223 
233 function elgg_set_cookie(\ElggCookie $cookie) {
234  return _elgg_services()->responseFactory->setCookie($cookie);
235 }
236 
249 function login(\ElggUser $user, $persistent = false) {
250  if ($user->isBanned()) {
251  throw new LoginException(elgg_echo('LoginException:BannedUser'));
252  }
253 
254  // give plugins a chance to reject the login of this user (no user in session!)
255  if (!elgg_trigger_before_event('login', 'user', $user)) {
256  throw new LoginException(elgg_echo('LoginException:Unknown'));
257  }
258 
259  if (!$user->isEnabled()) {
260  throw new LoginException(elgg_echo('LoginException:DisabledUser'));
261  }
262 
263  // #5933: set logged in user early so code in login event will be able to
264  // use elgg_get_logged_in_user_entity().
265  $session = _elgg_services()->session;
266  $session->setLoggedInUser($user);
267 
268  // re-register at least the core language file for users with language other than site default
269  _elgg_services()->translator->registerTranslations(\Elgg\Project\Paths::elgg() . 'languages/');
270 
271  // if remember me checked, set cookie with token and store hash(token) for user
272  if ($persistent) {
273  _elgg_services()->persistentLogin->makeLoginPersistent($user);
274  }
275 
276  // User's privilege has been elevated, so change the session id (prevents session fixation)
277  $session->migrate();
278 
279  // check before updating last login to determine first login
280  $first_login = empty($user->last_login);
281 
282  $user->setLastLogin();
283  reset_login_failure_count($user->guid);
284 
285  elgg_trigger_after_event('login', 'user', $user);
286 
287  if ($first_login) {
288  elgg_trigger_event('login:first', 'user', $user);
289  $user->first_login = time();
290  }
291 
292  return true;
293 }
294 
300 function logout() {
301  $session = _elgg_services()->session;
302  $user = $session->getLoggedInUser();
303  if (!$user) {
304  return false;
305  }
306 
307  if (!elgg_trigger_before_event('logout', 'user', $user)) {
308  return false;
309  }
310 
311  _elgg_services()->persistentLogin->removePersistentLogin();
312 
313  // pass along any messages into new session
314  $old_msg = $session->get(SystemMessagesService::SESSION_KEY, []);
315  $session->invalidate();
316  $session->set(SystemMessagesService::SESSION_KEY, $old_msg);
317 
318  elgg_trigger_after_event('logout', 'user', $user);
319 
320  return true;
321 }
322 
333 
335  if ($session->has('last_forward_from')) {
336  $forward_url = $session->get('last_forward_from');
337  $session->remove('last_forward_from');
338  $forward_source = 'last_forward_from';
339  } elseif ($request->getParam('returntoreferer')) {
341  $forward_source = 'return_to_referer';
342  } else {
343  // forward to main index page
344  $forward_url = '';
345  $forward_source = null;
346  }
347 
348  $params = [
349  'request' => $request,
350  'user' => $user,
351  'source' => $forward_source,
352  ];
353 
354  return elgg_trigger_plugin_hook('login:forward', 'user', $params, $forward_url);
355 
356 }
elgg_call(int $flags, Closure $closure)
Calls a callable autowiring the arguments using public DI services and applying logic based on flags...
Definition: elgglib.php:731
$user_guid
Definition: login_as.php:10
elgg_is_logged_in()
Returns whether or not the user is currently logged in.
Definition: sessions.php:45
if(!$entity->delete()) $forward_url
Definition: delete.php:30
$username
Definition: delete.php:23
_elgg_get_login_forward_url(\Elgg\Request $request,\ElggUser $user)
Determine which URL the user should be forwarded to upon successful login.
Definition: sessions.php:332
$params
Saves global plugin settings.
Definition: save.php:13
elgg_is_admin_logged_in()
Returns whether or not the viewer is currently logged in and an admin user.
Definition: sessions.php:54
Generic parent class for login exceptions.
pam_auth_userpass(array $credentials=[])
Hook into the PAM system which accepts a username and password and attempts to authenticate it agains...
Definition: sessions.php:95
$request
Definition: livesearch.php:11
elgg_get_session()
Gets Elgg&#39;s session object.
Definition: sessions.php:17
if(!$annotation instanceof ElggAnnotation) $time
Definition: time.php:20
setLastLogin()
Sets the last logon time of the user to right now.
Definition: ElggUser.php:237
reset_login_failure_count($user_guid)
Resets the fail login count for $user_guid.
Definition: sessions.php:160
elgg_echo($message_key, array $args=[], $language="")
Elgg language module Functions to manage language and translations.
Definition: languages.php:18
elgg_trigger_before_event($event, $object_type, $object=null)
Trigger a "Before event" indicating a process is about to begin.
Definition: elgglib.php:211
check_rate_limit_exceeded($user_guid)
Checks if the rate limit of failed logins has been exceeded for $user_guid.
Definition: sessions.php:194
get_user_by_username($username)
Get user by username.
Definition: users.php:41
const ELGG_IGNORE_ACCESS
elgg_call() flags
Definition: constants.php:146
if(!$user||!$user->canEdit()) $password
const ELGG_SHOW_DISABLED_ENTITIES
Definition: constants.php:148
$user
Definition: ban.php:7
elgg_trigger_plugin_hook($hook, $type, $params=null, $returnvalue=null)
Definition: elgglib.php:380
isEnabled()
Is this entity enabled?
elgg_set_cookie(\ElggCookie $cookie)
Set a cookie, but allow plugins to customize it first.
Definition: sessions.php:233
logout()
Log the current user out.
Definition: sessions.php:300
if(isset($_COOKIE['elggperm'])) $session
Definition: login_as.php:28
const REFERER
Definition: constants.php:52
elgg_authenticate($username, $password)
Perform user authentication with a given username and password.
Definition: sessions.php:73
if($item instanceof\ElggEntity) elseif($item instanceof\ElggRiverItem) elseif($item instanceof ElggRelationship) elseif(is_callable([$item, 'getType']))
Definition: item.php:48
login(\ElggUser $user, $persistent=false)
Logs in a specified .
Definition: sessions.php:249
_elgg_services()
Get the global service provider.
Definition: elgglib.php:777
$persistent
Definition: login_as.php:21
elgg_trigger_after_event($event, $object_type, $object=null)
Trigger an "After event" indicating a process has finished.
Definition: elgglib.php:230
elgg_get_logged_in_user_entity()
Return the current logged in user, or null if no user is logged in.
Definition: sessions.php:26
isBanned()
Is this user banned or not?
Definition: ElggUser.php:175
elgg_trigger_event($event, $object_type, $object=null)
Definition: elgglib.php:190
$limit
Definition: comments.php:25
Login as the specified user.
log_login_failure($user_guid)
Log a failed login for $user_guid.
Definition: sessions.php:134
elgg_get_logged_in_user_guid()
Return the current logged in user by guid.
Definition: sessions.php:36
var elgg
Definition: elgglib.js:4
get_entity($guid)
Loads and returns an entity object from a guid.
Definition: entities.php:69