/**
* Uses the user credentials sent with the HTTP-Header to authenticate the user calling the API.
*
* œ@api
*
* @throws \FeM\sPof\exception\BasicAuthException
*
* @return boolean True, if user with the given password was authenticated successfully, else false.
*/
public final function authenticate()
{
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
throw new \FeM\sPof\exception\BasicAuthException(_s('Missing authentication credentials'));
}
$user_id = User::getIdByCredentials($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
if ($user_id === false) {
throw new \FeM\sPof\exception\BasicAuthException(_s('Wrong user and/or password.'));
}
return $user_id;
}
/**
* Login user.
*
* @internal
*/
public static function login()
{
$config = self::getConfig();
if (empty($config['login']) || !isset($_COOKIE[$config['login']]) || empty($config['password']) || !isset($_COOKIE[$config['password']])) {
// return if no login cookie set
return;
}
if (!Session::isLoggedIn()) {
// try to login
$user_id = User::getIdByCredentials($_COOKIE[$config['login']], $_COOKIE[$config['password']], true);
if ($user_id !== false) {
$_SESSION['thisuser'] = User::getByPk($user_id);
Logger::getInstance()->info("login with cookies");
LogEvent::add(['event' => 'Login.Cookie.Success', 'user_id' => $user_id, 'reference_parameters' => json_encode([]), 'description' => $_SESSION['thisuser']['name'] . ' logged in (über Cookies)']);
} else {
LogEvent::add(['event' => 'Login.Cookie.Failed', 'user_id' => 0, 'reference_parameters' => json_encode([]), 'description' => $_COOKIE[$config['login']] . ' hat sich vergeblich versucht einzuloggen (über Cookies)']);
self::deleteLoginCookie();
}
} else {
// renew
Logger::getInstance()->info("renew login cookie");
self::setLoginCookie($_COOKIE[$config['login']], $_COOKIE[$config['password']]);
}
}
