function ip_login_login in IP Login 6.2
Same name and namespace in other branches
- 5 ip_login.module \ip_login_login()
- 6 ip_login.module \ip_login_login()
- 7.3 ip_login.module \ip_login_login()
- 7.2 ip_login.module \ip_login_login()
Performs a login for user with $uid and stores IP Login variables for later
Parameters
$uid: The UID of the account to be logged in
2 calls to ip_login_login()
- ip_login_attempt_login in ./
ip_login.module - Checks the request IP and logs user in there's a match by calling ip_login_check then ip_login_attempt_login
- ip_login_boot in ./
ip_login.module - Implementation of hook_boot().
File
- ./
ip_login.module, line 432 - Allow user login by IP addresses, ranges or wildcards.
Code
function ip_login_login($uid) {
if ($uid) {
// if a uid is passed in
// check this page's path is ok to login automatically from
if (ip_login_check_path() === FALSE) {
return;
}
// get user module and include some handy functions
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
// get account (reload from db) , bail if no loaded active user
$account = user_load(array(
'uid' => $uid,
'status' => 1,
));
if (!$account) {
return;
}
// login by assigning account to global $user object
global $user;
$user = $account;
if (!variable_get('ip_login_suppress_messages', 0)) {
// notify user - if messages not suppressed
$message = t('Welcome %name. You have been automatically logged into %sitename.', array(
'%name' => $user->name,
'%sitename' => variable_get('site_name', 'this website'),
));
drupal_set_message($message);
// add handy message for those who can log out and then back in as another user
if (_ip_login_can_login_as_another_user($user)) {
$message = t('You may also <a href="@other_user_link">log in as another user</a> if required.', array(
'@other_user_link' => url(IP_LOGOUT),
));
drupal_set_message($message);
}
}
// following borrowed from user_authenticate_finalize(), but with slightly different message
watchdog('user', 'Session opened for %name by IP Login.', array(
'%name' => $user->name,
));
// This is also used to invalidate one-time login links.
$user->login = time();
db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid);
// Regenerate the session ID to prevent against session fixation attacks.
// This is called before hook_user in case one of those functions fails
// or incorrectly does a redirect which would leave the old session in place.
$edit = NULL;
sess_regenerate();
user_module_invoke('login', $edit, $user);
// following borrowed from ipAuthenticator's login and avoids caching issues
if (variable_get('cache', CACHE_DISABLED) != CACHE_DISABLED && !isset($_GET['ip_login_no_cache'])) {
// make a url to reload page, remove newlines from the URL to avoid header injection attacks.
// use admin settings for destination if set.
$url = variable_get('ip_login_destination', '');
if (drupal_strlen($url) == 0) {
$url = str_replace(array(
"\n",
"\r",
), '', $_GET["q"]);
}
if ($url == 'logout') {
$url = '<front>';
}
$url = url($url, array(
'query' => 'ip_login_no_cache=' . md5(time()),
'absolute' => TRUE,
));
// Before the redirect, allow modules to react to the end of the page request.
module_invoke_all('exit', $url);
// Even though session_write_close() is registered as a shutdown function, we
// need all session data written to the database before redirecting.
session_write_close();
header('Location: ' . $url, TRUE, 302);
exit;
}
}
}