/** * Try loging the user in. * <ul> * <li>Checks if already logged in session var</li> * <li>If not, check for post data from login module</li> * <li>Otherwise, redirect to login module</li> * </ul> * <p>If user if found and password/login match, user data is stored into * $this->user attributes, that you can access using Core\Auth->user()->name; * for example.</p> * <p>If login fails, a redirection occurs toward login module * , using /error/err_code routing.</p> */ public static function login($noredirect = false) { if (isset($_SESSION['orionauth'])) { $session = new Models\Auth\User(); $session->fromArray($_SESSION['orionauth']); if (\Orion::isDebug()) { var_dump($session); } self::$user = $session; return true; } else { if (isset($_POST['auth']) && isset($_POST['login']) && isset($_POST['password'])) { $data = Models\Auth\User::get()->where('login', Query::EQUAL, $_POST['login'])->limit(1)->fetch(); if ($data != false) { if (Models\Auth\User::hasField('verified') && $data->verified == 0) { if ($noredirect) { return false; } else { Context::redirect(Context::genModuleURL(\Orion::config()->get('AUTH_MODULE'), 'error-' . self::E_NOT_VERIFIED), 'default'); } } if (Models\Auth\User::hasField('banned') && $data->banned == 1) { if ($noredirect) { return false; } else { Context::redirect(Context::genModuleURL(\Orion::config()->get('AUTH_MODULE'), 'error-' . self::E_BANNED), 'default'); } } $hash = Security::saltedHash($_POST['password'], $_POST['login']); if ($hash == $data->password) { $session = new Models\Auth\User(); $session->login = $data->login; $session->level = $data->level; $session->name = $data->name; $session->surname = $data->surname; $session->id = $data->id; self::$user = $session; $_SESSION['orionauth'] = $session->toArray(); return true; } else { if ($noredirect) { return false; } else { Context::redirect(Context::genModuleURL(\Orion::config()->get('AUTH_MODULE'), 'error-' . self::E_PASSWORD_MISMATCH), 'default'); } } } else { if ($noredirect) { return false; } else { Context::redirect(Context::genModuleURL(\Orion::config()->get('AUTH_MODULE'), 'error-' . self::E_LOGIN_MISMATCH), 'default'); } } } else { $_SESSION['orion_auth_target'] = Context::getFullURL(); if ($noredirect) { return false; } else { Context::redirect(Context::genModuleURL(\Orion::config()->get('AUTH_MODULE'), 'do/login', 'default')); } } } }