function auth_token_check($token, $username, $password) { $user = get_user_by_username($username); if (!$user) { throw new InvalidParameterException('registration:usernamenotvalid'); } if (validate_user_token($token, 1) == $user->guid) { $return['auth_token'] = 'OK'; $return['api_key'] = get_api_key(); $return['gcm_sender_id'] = get_gcm_sender_id(); } else { $return = auth_gettoken($username, $password); } return $return; }
/** * The auth.gettoken API. * This API call lets a user log in, returning an authentication token which can be used * to authenticate a user for a period of time. It is passed in future calls as the parameter * auth_token. * * @param string $username Username * @param string $password Clear text password * * @return string Token string or exception * @throws SecurityException * @access private */ function auth_gettoken($username, $password) { // check if username is an email address if (is_email_address($username)) { $users = get_user_by_email($username); // check if we have a unique user if (is_array($users) && count($users) == 1) { $username = $users[0]->username; } } // validate username and password if (true === elgg_authenticate($username, $password)) { $return['auth_token'] = create_user_token($username); $return['api_key'] = get_api_key(); $return['gcm_sender_id'] = get_gcm_sender_id(); if ($return) { return $return; } // $token = create_user_token($username); // if ($token) { // return $token; // } } throw new SecurityException(elgg_echo('SecurityException:authenticationfailed')); }