public static function authenticate($who, $pw)
{
if ('' === $who || '' === $pw) {
return false;
}
$user = new \StdClass();
$require = false;
$user = Plugins::filter('user_authenticate', $user, $who, $pw);
if ($user instanceof User) {
self::$identity = $user;
Plugins::act('user_authenticate_successful', self::$identity);
EventLog::log(_t('Successful login for %s', array($user->username)), 'info', 'authentication', 'habari');
// set the cookie
$user->remember();
return self::$identity;
} elseif (!is_object($user)) {
Plugins::act('user_authenticate_failure', 'plugin');
EventLog::log(_t('Login attempt (via authentication plugin) for non-existent user %s', array($who)), 'warning', 'authentication', 'habari');
Session::error(_t('Invalid username/password'));
self::$identity = null;
return false;
}
// Check by name first. Allows for the '@' to be in the username, without it being an email address
$user = self::get_by_name($who);
if (!$user) {
// No such user.
Plugins::act('user_authenticate_failure', 'non-existent');
EventLog::log(_t('Login attempt for non-existent user %s', array($who)), 'warning', 'authentication', 'habari');
Session::error(_t('Invalid username/password'));
self::$identity = null;
return false;
}
if (Utils::crypt($pw, $user->password)) {
// valid credentials were supplied
self::$identity = $user;
Plugins::act('user_authenticate_successful', self::$identity);
EventLog::log(_t('Successful login for %s', array($user->username)), 'info', 'authentication', 'habari');
// set the cookie
$user->remember();
return self::$identity;
} else {
// Wrong password.
Plugins::act('user_authenticate_failure', 'bad_pass');
EventLog::log(_t('Wrong password for user %s', array($user->username)), 'warning', 'authentication', 'habari');
Session::error(_t('Invalid username/password'));
self::$identity = null;
return false;
}
}