public function authenticate($user, $password)
{
# Sals the password with the unique salt given in the database
$password = Services_User_Util::passToHash($this->_settings->get('pass_salt'), $password);
# authenticate the user
$userId = $this->_userDao->authUser($user, $password);
if ($userId !== false) {
/*
* If the user is logged in, create a session.
*
* Order of actions is import here, because
* in a new session the lastvisit time is always
* set to the lastlogon time, therefore we first
* want the session to be created and after that
* we can update the last logon time
*/
$userSession = $this->createNewSession($userId);
$this->updateCookie($userSession);
# now update the user record with the last logon time
$userSession['user']['lastlogin'] = time();
$this->_userDao->setUser($userSession['user']);
# Initialize the security system
$userSession['security'] = new SpotSecurity($this->_userDao, $this->_daoFactory->getAuditDao(), $this->_settings, $userSession['user'], $userSession['session']['ipaddr']);
return $userSession;
} else {
return false;
}
# else
}
function setUserPassword($user)
{
# Convert the password to an passhash
$user['passhash'] = Services_User_Util::passToHash($this->_settings->get('pass_salt'), $user['newpassword1']);
$this->_userDao->setUserPassword($user);
}