These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Elgg login action |
||
4 | */ |
||
5 | |||
6 | $session = elgg_get_session(); |
||
7 | |||
8 | // set forward url |
||
9 | if ($session->has('last_forward_from')) { |
||
10 | $forward_url = $session->get('last_forward_from'); |
||
11 | $forward_source = 'last_forward_from'; |
||
12 | } elseif (get_input('returntoreferer')) { |
||
13 | $forward_url = REFERER; |
||
14 | $forward_source = 'return_to_referer'; |
||
15 | } else { |
||
16 | // forward to main index page |
||
17 | $forward_url = ''; |
||
18 | $forward_source = null; |
||
19 | } |
||
20 | |||
21 | $username = get_input('username'); |
||
22 | $password = get_input('password', null, false); |
||
23 | $persistent = (bool) get_input("persistent"); |
||
24 | $result = false; |
||
25 | |||
26 | if (empty($username) || empty($password)) { |
||
27 | return elgg_error_response(elgg_echo('login:empty')); |
||
28 | } |
||
29 | |||
30 | // check if logging in with email address |
||
31 | View Code Duplication | if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { |
|
1 ignored issue
–
show
|
|||
32 | $username = $users[0]->username; |
||
33 | } |
||
34 | |||
35 | $user = get_user_by_username($username); |
||
36 | |||
37 | $result = elgg_authenticate($username, $password); |
||
38 | if ($result !== true) { |
||
39 | // was due to missing hash? |
||
40 | if ($user && !$user->password_hash) { |
||
41 | // if we did this in pam_auth_userpass(), visitors could sniff account usernames from |
||
42 | // email addresses. Instead, this lets us give the visitor only the information |
||
43 | // they provided. |
||
44 | elgg_get_session()->set('forgotpassword:hash_missing', get_input('username')); |
||
45 | $output = [ |
||
46 | 'forward' => 'forgotpassword', |
||
47 | ]; |
||
48 | return elgg_ok_response($output, '', 'forgotpassword'); |
||
49 | } |
||
50 | |||
51 | return elgg_error_response($result); |
||
52 | } |
||
53 | |||
54 | if (!$user) { |
||
55 | return elgg_error_response(elgg_echo('login:baduser')); |
||
56 | } |
||
57 | |||
58 | try { |
||
59 | login($user, $persistent); |
||
60 | // re-register at least the core language file for users with language other than site default |
||
61 | register_translations(dirname(dirname(__FILE__)) . "/languages/"); |
||
62 | } catch (LoginException $e) { |
||
63 | return elgg_error_response($e->getMessage()); |
||
64 | } |
||
65 | |||
66 | $message = elgg_echo('loginok', [], $user->getLanguage(get_current_language())); |
||
67 | |||
68 | // clear after login in case login fails |
||
69 | $session->remove('last_forward_from'); |
||
70 | |||
71 | $params = ['user' => $user, 'source' => $forward_source]; |
||
72 | $forward_url = elgg_trigger_plugin_hook('login:forward', 'user', $params, $forward_url); |
||
73 | |||
74 | $output = [ |
||
75 | 'forward' => $forward_url, |
||
76 | ]; |
||
77 | |||
78 | if (elgg_is_xhr()) { |
||
79 | // Hold the system messages until the client refreshes the page. |
||
80 | set_input('elgg_fetch_messages', 0); |
||
81 | } |
||
82 | |||
83 | return elgg_ok_response($output, $message, $forward_url); |
||
84 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.