public function index($parameter) { // authenticate user if form data POSTed if (isset($_POST['username'])) { if (Fari_User::authenticate($_POST['username'], $_POST['password'], $_POST['token'], 'realname')) { // JSON response for our client if ($_SERVER['HTTP_USER_AGENT'] == $this->clientIdentifier) { echo json_encode(array('status' => 'success')); } else { $user = Fari_User::getCredentials(); Fari_Message::notify("Welcome back {$user}!"); $this->redirect('/shoutbox/'); die; } } else { // JSON response for our client if ($_SERVER['HTTP_USER_AGENT'] == $this->clientIdentifier) { echo json_encode(array('status' => 'fail')); } else { Fari_Message::fail("Failed to authenticate!"); $this->view->system = Fari_Message::get(); } } } // create token & display login form $this->view->token = Fari_Token::create(); if ($_SERVER['HTTP_USER_AGENT'] != $this->clientIdentifier) { $this->view->display('login'); } }
/** * Authenticate user (input will be escaped). * @uses 'username', 'password'(sha1) in 'users' table * * @param string $username Username passed from a form * @param string $password Password passed from a form * @param string $token Token passed from a form * @param string $credentialsColumn Optionally specify which column to use for credentials * @return void */ public static function authenticate($username, $password, $token, $credentialsColumn = 'username') { // if credentials provided and token is valid if (isset($username, $password) && Fari_Token::isValid($token)) { // escape input, add slashes and encrypt $username = Fari_Escape::text($username); $password = self::_encrypt(Fari_Escape::text($password)); // select a matching row from a table $whereClause = array('username' => $username, 'password' => $password); $user = Fari_Db::selectRow('users', $credentialsColumn, $whereClause); // user id is set if (isset($user[$credentialsColumn])) { // create and set credentials string $_SESSION[self::SESSION_CREDENTIALS_STORAGE] = $user[$credentialsColumn]; unset($user); return TRUE; } } return FALSE; }
public function login() { if (Fari_User::isAuthenticated('realname')) { $this->redirect('/'); } // authenticate user if form data POSTed if (isset($_POST['username'])) { if (Fari_User::authenticate($_POST['username'], $_POST['password'], $_POST['token'], 'realname')) { Fari_Message::success('Welcome back \'' . Fari_User::getCredentials() . '\''); $this->redirect('/'); die; } Fari_Message::fail('Incorrect authentication details'); } // create token & display login form $this->view->token = Fari_Token::create(); // pickup messages for us $this->view->messages = Fari_Message::get(); $this->view->display('/themes/' . BLOG_THEME . '/login'); }