Habari\User::authenticate PHP Метод

Документация по классу User Usage Examples Of Habari\User::authenticate Показать файл Открыть проект

authenticate() публичный статический Метод

Check a user's credentials to see if they are legit -- calls all auth plugins BEFORE checking local database.

public static authenticate ( string $who, string $pw ) : User \| boolean
$who	string	A username
$pw	string	A password
Результат	User \| boolean	a User object, or false

    public static function authenticate($who, $pw)
    {
        if ('' === $who || '' === $pw) {
            return false;
        }
        $user = new \StdClass();
        $require = false;
        $user = Plugins::filter('user_authenticate', $user, $who, $pw);
        if ($user instanceof User) {
            self::$identity = $user;
            Plugins::act('user_authenticate_successful', self::$identity);
            EventLog::log(_t('Successful login for %s', array($user->username)), 'info', 'authentication', 'habari');
            // set the cookie
            $user->remember();
            return self::$identity;
        } elseif (!is_object($user)) {
            Plugins::act('user_authenticate_failure', 'plugin');
            EventLog::log(_t('Login attempt (via authentication plugin) for non-existent user %s', array($who)), 'warning', 'authentication', 'habari');
            Session::error(_t('Invalid username/password'));
            self::$identity = null;
            return false;
        }
        // Check by name first. Allows for the '@' to be in the username, without it being an email address
        $user = self::get_by_name($who);
        if (!$user) {
            // No such user.
            Plugins::act('user_authenticate_failure', 'non-existent');
            EventLog::log(_t('Login attempt for non-existent user %s', array($who)), 'warning', 'authentication', 'habari');
            Session::error(_t('Invalid username/password'));
            self::$identity = null;
            return false;
        }
        if (Utils::crypt($pw, $user->password)) {
            // valid credentials were supplied
            self::$identity = $user;
            Plugins::act('user_authenticate_successful', self::$identity);
            EventLog::log(_t('Successful login for %s', array($user->username)), 'info', 'authentication', 'habari');
            // set the cookie
            $user->remember();
            return self::$identity;
        } else {
            // Wrong password.
            Plugins::act('user_authenticate_failure', 'bad_pass');
            EventLog::log(_t('Wrong password for user %s', array($user->username)), 'warning', 'authentication', 'habari');
            Session::error(_t('Invalid username/password'));
            self::$identity = null;
            return false;
        }
    }

Usage Example

Пример #1

Показать файл

Файл: atomhandler.php Проект: habari/system

 /**
  * Check if a user is authenticated for Atom editing
  *
  * @todo This entire function should be put into the User class somehow.
  * @todo X-WSSE
  * @param bool $force Force authorization? If so, basic HTTP_AUTH is displayed if not authed
  * @return User The logged-in user
  */
 function is_auth($force = false)
 {
     if ($this->user == null || $force != false) {
         if (isset($_SERVER['PHP_AUTH_USER'])) {
             User::authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
         }
         $this->user = User::identify();
         if ($force != false && !$this->user->loggedin) {
             header('HTTP/1.1 401 Unauthorized', true, 401);
             header('Status: 401 Unauthorized');
             header('WWW-Authenticate: Basic realm="Habari"');
             die;
         }
     }
     return $this->user->loggedin;
 }

User

__construct

__get

add_to_group

anonymous

authenticate

can

can_any

cannot

commenter

content_type

count_posts