/** * Authenticates current user. * * This method is expected to implement some kind of session-based * authentication persistence, thus ignoring any provided or missing * credentials if that session-based authentication succeeded internally. * * @throws unauthorized_exception when authentication fails * @param mixed $credentials arbitrary data required for authenticating user * @return user current instance for chaining calls */ public function authenticate($credentials) { if ($this->isAuthenticated()) { return $this; } exception::enterSensitive(); $record = $this->getRecord(); $token = @$record['password']; if ($credentials && $token) { if (blowfish::isValidHash($token)) { $hash = blowfish::get($credentials, blowfish::extractSalt($token)); } else { if (ssha::isValidHash($token)) { $hash = ssha::get($credentials, ssha::extractSalt($token)); } else { throw new \RuntimeException("unknown hashing on user's token"); } } if ($hash === $token) { if (trim($record['lock']) !== '') { throw new unauthorized_exception(_L('account is locked'), unauthorized_exception::ACCOUNT_LOCKED, $this); } $this->_authenticated = true; // store credentials in session $this->saveCredentials($credentials); // reset any previously cached copy of user's node $this->record = null; } } exception::leaveSensitive(); if ($this->_authenticated) { return $this; } throw new unauthorized_exception(_L('invalid/missing password.'), unauthorized_exception::TOKEN_MISMATCH, $this); }