sessions_8php_source.html

 <?php

 global $SESSION;

 function elgg_get_session() {
     return _elgg_services()->session;
 }

 function elgg_get_logged_in_user_entity() {
     return _elgg_services()->session->getLoggedInUser();
 }

 function elgg_get_logged_in_user_guid() {
     return _elgg_services()->session->getLoggedInUserGuid();
 }

 function elgg_is_logged_in() {
     return _elgg_services()->session->isLoggedIn();
 }

 function elgg_is_admin_logged_in() {
     return _elgg_services()->session->isAdminLoggedIn();
 }

 function elgg_is_admin_user($user_guid) {
     global $CONFIG;

     $user_guid = (int)$user_guid;

     $current_user = elgg_get_logged_in_user_entity();
     if ($current_user && $current_user->guid == $user_guid) {
         return $current_user->isAdmin();
     }

     // cannot use magic metadata here because of recursion

     // must support the old way of getting admin from metadata
     // in order to run the upgrade to move it into the users table.
     $version = (int) datalist_get('version');

     if ($version < 2010040201) {
         $admin = elgg_get_metastring_id('admin');
         $yes = elgg_get_metastring_id('yes');
         $one = elgg_get_metastring_id('1');

         $query = "SELECT 1 FROM {$CONFIG->dbprefix}users_entity as e,
             {$CONFIG->dbprefix}metadata as md
             WHERE (
                 md.name_id = '$admin'
                 AND md.value_id IN ('$yes', '$one')
                 AND e.guid = md.entity_guid
                 AND e.guid = {$user_guid}
                 AND e.banned = 'no'
             )";
     } else {
         $query = "SELECT 1 FROM {$CONFIG->dbprefix}users_entity as e
             WHERE (
                 e.guid = {$user_guid}
                 AND e.admin = 'yes'
             )";
     }

     // normalizing the results from get_data()
     // See #1242
     $info = get_data($query);
     if (!((is_array($info) && count($info) < 1) || $info === false)) {
         return true;
     }
     return false;
 }

 function elgg_authenticate($username, $password) {
     $pam = new \ElggPAM('user');
     $credentials = array('username' => $username, 'password' => $password);
     $result = $pam->authenticate($credentials);
     if (!$result) {
         return $pam->getFailureMessage();
     }
     return true;
 }

 function pam_auth_userpass(array $credentials = array()) {

     if (!isset($credentials['username']) || !isset($credentials['password'])) {
         return false;
     }

     $user = get_user_by_username($credentials['username']);
     if (!$user) {
         throw new \LoginException(_elgg_services()->translator->translate('LoginException:UsernameFailure'));
     }

     if (check_rate_limit_exceeded($user->guid)) {
         throw new \LoginException(_elgg_services()->translator->translate('LoginException:AccountLocked'));
     }

     $password_svc = _elgg_services()->passwords;
     $password = $credentials['password'];
     $hash = $user->password_hash;

     if (!$hash) {
         // try legacy hash
         $legacy_hash = $password_svc->generateLegacyHash($user, $password);
         if ($user->password !== $legacy_hash) {
             log_login_failure($user->guid);
             throw new \LoginException(_elgg_services()->translator->translate('LoginException:PasswordFailure'));
         }

         // migrate password
         $password_svc->forcePasswordReset($user, $password);
         return true;
     }

     if (!$password_svc->verify($password, $hash)) {
         log_login_failure($user->guid);
         throw new \LoginException(_elgg_services()->translator->translate('LoginException:PasswordFailure'));
     }

     if ($password_svc->needsRehash($hash)) {
         $password_svc->forcePasswordReset($user, $password);
     }

     return true;
 }

 function log_login_failure($user_guid) {
     $user_guid = (int)$user_guid;
     $user = get_entity($user_guid);

     if (($user_guid) && ($user) && ($user instanceof \ElggUser)) {
         $fails = (int)$user->getPrivateSetting("login_failures");
         $fails++;

         $user->setPrivateSetting("login_failures", $fails);
         $user->setPrivateSetting("login_failure_$fails", time());
         return true;
     }

     return false;
 }

 function reset_login_failure_count($user_guid) {
     $user_guid = (int)$user_guid;
     $user = get_entity($user_guid);

     if (($user_guid) && ($user) && ($user instanceof \ElggUser)) {
         $fails = (int)$user->getPrivateSetting("login_failures");

         if ($fails) {
             for ($n = 1; $n <= $fails; $n++) {
                 $user->removePrivateSetting("login_failure_$n");
             }

             $user->removePrivateSetting("login_failures");

             return true;
         }

         // nothing to reset
         return true;
     }

     return false;
 }

 function check_rate_limit_exceeded($user_guid) {
     // 5 failures in 5 minutes causes temporary block on logins
     $limit = 5;
     $user_guid = (int)$user_guid;
     $user = get_entity($user_guid);

     if (($user_guid) && ($user) && ($user instanceof \ElggUser)) {
         $fails = (int)$user->getPrivateSetting("login_failures");
         if ($fails >= $limit) {
             $cnt = 0;
             $time = time();
             for ($n = $fails; $n > 0; $n--) {
                 $f = $user->getPrivateSetting("login_failure_$n");
                 if ($f > $time - (60 * 5)) {
                     $cnt++;
                 }

                 if ($cnt == $limit) {
                     // Limit reached
                     return true;
                 }
             }
         }
     }

     return false;
 }

 function elgg_set_cookie(\ElggCookie $cookie) {
     if (elgg_trigger_event('init:cookie', $cookie->name, $cookie)) {
         return setcookie($cookie->name, $cookie->value, $cookie->expire, $cookie->path,
                         $cookie->domain, $cookie->secure, $cookie->httpOnly);
     }
     return false;
 }

 function login(\ElggUser $user, $persistent = false) {
     if ($user->isBanned()) {
         throw new \LoginException(elgg_echo('LoginException:BannedUser'));
     }

     $session = _elgg_services()->session;

     // give plugins a chance to reject the login of this user (no user in session!)
     if (!elgg_trigger_before_event('login', 'user', $user)) {
         throw new \LoginException(elgg_echo('LoginException:Unknown'));
     }

     // #5933: set logged in user early so code in login event will be able to
     // use elgg_get_logged_in_user_entity().
     $session->setLoggedInUser($user);

     // deprecate event
     $message = "The 'login' event was deprecated. Register for 'login:before' or 'login:after'";
     $version = "1.9";
     if (!elgg_trigger_deprecated_event('login', 'user', $user, $message, $version)) {
         $session->removeLoggedInUser();
         throw new \LoginException(elgg_echo('LoginException:Unknown'));
     }

     // if remember me checked, set cookie with token and store hash(token) for user
     if ($persistent) {
         _elgg_services()->persistentLogin->makeLoginPersistent($user);
     }

     // User's privilege has been elevated, so change the session id (prevents session fixation)
     $session->migrate();

     set_last_login($user->guid);
     reset_login_failure_count($user->guid);

     elgg_trigger_after_event('login', 'user', $user);

     // if memcache is enabled, invalidate the user in memcache @see https://github.com/Elgg/Elgg/issues/3143
     if (is_memcache_available()) {
         $guid = $user->getGUID();
         // this needs to happen with a shutdown function because of the timing with set_last_login()
         register_shutdown_function("_elgg_invalidate_memcache_for_entity", $guid);
     }

     return true;
 }

 function logout() {
     $session = _elgg_services()->session;
     $user = $session->getLoggedInUser();
     if (!$user) {
         return false;
     }

     if (!elgg_trigger_before_event('logout', 'user', $user)) {
         return false;
     }

     // deprecate event
     $message = "The 'logout' event was deprecated. Register for 'logout:before' or 'logout:after'";
     $version = "1.9";
     if (!elgg_trigger_deprecated_event('logout', 'user', $user, $message, $version)) {
         return false;
     }

     _elgg_services()->persistentLogin->removePersistentLogin();

     // pass along any messages into new session
     $old_msg = $session->get('msg');
     $session->invalidate();
     $session->set('msg', $old_msg);

     elgg_trigger_after_event('logout', 'user', $user);

     return true;
 }

 function _elgg_session_boot() {
     _elgg_services()->timer->begin([__FUNCTION__]);

     elgg_register_action('login', '', 'public');
     elgg_register_action('logout');
     register_pam_handler('pam_auth_userpass');

     $session = _elgg_services()->session;
     $session->start();

     // test whether we have a user session
     if ($session->has('guid')) {
         $user = _elgg_services()->entityTable->get($session->get('guid'), 'user');
         if (!$user) {
             // OMG user has been deleted.
             $session->invalidate();
             forward('');
         }

         $session->setLoggedInUser($user);

         _elgg_services()->persistentLogin->replaceLegacyToken($user);
     } else {
         $user = _elgg_services()->persistentLogin->bootSession();
         if ($user) {
             $session->setLoggedInUser($user);
         }
     }

     if ($session->has('guid')) {
         set_last_action($session->get('guid'));
     }

     // initialize the deprecated global session wrapper
     global $SESSION;
     $SESSION = new \Elgg\DeprecationWrapper($session, "\$SESSION is deprecated", 1.9);

     // logout a user with open session who has been banned
     $user = $session->getLoggedInUser();
     if ($user && $user->isBanned()) {
         logout();
         return false;
     }

     _elgg_services()->timer->end([__FUNCTION__]);
     return true;
 }
$n
$n
Profile fields.
Definition: list.php:9

elgg_is_logged_in
elgg_is_logged_in()
Returns whether or not the user is currently logged in.
Definition: sessions.php:51

$username
$username
Definition: delete.php:22

elgg_get_metastring_id
elgg_get_metastring_id($string, $case_sensitive=true)
Gets the metastring identifier for a value.
Definition: metastrings.php:25

$result
$result
Definition: set_maintenance_mode.php:11

elgg_is_admin_logged_in
elgg_is_admin_logged_in()
Returns whether or not the viewer is currently logged in and an admin user.
Definition: sessions.php:60

elgg_echo
elgg_echo($message_key, $args=array(), $language="")
Given a message key, returns an appropriately translated full-text string.
Definition: languages.php:21

register_pam_handler
register_pam_handler($handler, $importance="sufficient", $policy="user")
Register a PAM handler.
Definition: pam.php:42

$admin
$admin
Definition: useradd.php:22

elgg_get_session
elgg_get_session()
Gets Elgg&#39;s session object.
Definition: sessions.php:23

$message
$message
Definition: set_maintenance_mode.php:7

ElggEntity\getGUID
getGUID()
Returns the guid.
Definition: ElggEntity.php:1108

$guid
$guid
Removes an admin notice.
Definition: delete_admin_notice.php:6

reset_login_failure_count
reset_login_failure_count($user_guid)
Resets the fail login count for $user_guid.
Definition: sessions.php:232

set_last_login
set_last_login($user_guid)
Sets the last logon time of the given user to right now.
Definition: users.php:419

forward
elgg forward
Meant to mimic the php forward() function by simply redirecting the user to another page...
Definition: elgglib.js:425

$info
if($screenshots) $info
Definition: details.php:58

elgg_trigger_before_event
elgg_trigger_before_event($event, $object_type, $object=null)
Trigger a "Before event" indicating a process is about to begin.
Definition: elgglib.php:610

pam_auth_userpass
pam_auth_userpass(array $credentials=array())
Hook into the PAM system which accepts a username and password and attempts to authenticate it agains...
Definition: sessions.php:158

get_user_by_username
get_user_by_username($username)
Get user by username.
Definition: users.php:98

check_rate_limit_exceeded
check_rate_limit_exceeded($user_guid)
Checks if the rate limit of failed logins has been exceeded for $user_guid.
Definition: sessions.php:263

$persistent
$persistent
Definition: login.php:26

$limit
$limit
Definition: userpicker.php:38

ElggCookie
Definition: ElggCookie.php:14

elgg_trigger_deprecated_event
elgg_trigger_deprecated_event($event, $object_type, $object=null, $message, $version)
Trigger an event normally, but send a notice about deprecated use if any handlers are registered...
Definition: elgglib.php:646

datalist_get
datalist_get($name)
Get the value of a datalist element.
Definition: configuration.php:150

elgg_is_admin_user
elgg_is_admin_user($user_guid)
Check if the given user has full access.
Definition: sessions.php:74

$CONFIG
global $CONFIG
Definition: settings.example.php:19

set_last_action
set_last_action($user_guid)
Sets the last action time of the given user to right now.
Definition: users.php:408

$user
$user
Definition: ban.php:13

global
elgg global
Pointer to the global context.
Definition: elgglib.js:12

get_data
get_data($query, $callback=null, array $params=[])
Retrieve rows from the database.
Definition: database.php:55

_elgg_services
_elgg_services(\Elgg\Di\ServiceProvider $services=null)
Get the global service provider.
Definition: autoloader.php:17

$password
$password
Definition: login.php:25

elgg_set_cookie
elgg_set_cookie(\ElggCookie $cookie)
Set a cookie, but allow plugins to customize it first.
Definition: sessions.php:300

logout
logout()
Log the current user out.
Definition: sessions.php:372

time
elgg subtext time
Definition: typography.css.php:121

elgg_authenticate
elgg_authenticate($username, $password)
Perform user authentication with a given username and password.
Definition: sessions.php:136

login
login(\ElggUser $user, $persistent=false)
Logs in a specified .
Definition: sessions.php:320

elgg_trigger_after_event
elgg_trigger_after_event($event, $object_type, $object=null)
Trigger an "After event" indicating a process has finished.
Definition: elgglib.php:629

elgg_get_logged_in_user_entity
elgg_get_logged_in_user_entity()
Return the current logged in user, or null if no user is logged in.
Definition: sessions.php:32

ElggUser\isBanned
isBanned()
Is this user banned or not?
Definition: ElggUser.php:290

is_memcache_available
is_memcache_available()
Return true if memcache is available and configured.
Definition: memcache.php:16

elgg_register_action
elgg_register_action($action, $filename="", $access= 'logged_in')
Registers an action.
Definition: actions.php:85

$SESSION
global $SESSION
Elgg magic session.
Definition: sessions.php:15

_elgg_session_boot
_elgg_session_boot()
Initializes the session and checks for the remember me cookie.
Definition: sessions.php:408

$user_guid
$user_guid
Avatar remove action.
Definition: remove.php:6

elgg_trigger_event
elgg_trigger_event($event, $object_type, $object=null)
Definition: elgglib.php:589

$session
$session
Definition: login.php:9

$version
$version
Definition: version.php:14

log_login_failure
log_login_failure($user_guid)
Log a failed login for $user_guid.
Definition: sessions.php:209

elgg_get_logged_in_user_guid
elgg_get_logged_in_user_guid()
Return the current logged in user by guid.
Definition: sessions.php:42

get_entity
get_entity($guid)
Loads and returns an entity object from a guid.
Definition: entities.php:204

ElggUser
Definition: ElggUser.php:20