/** * Check that the method call has the proper API and user authentication * * @param string $method The api name that was exposed * * @return true or throws an exception * @throws APIException * @since 1.7.0 * @access private */ function authenticate_method($method) { global $API_METHODS; // method must be exposed if (!isset($API_METHODS[$method])) { throw new APIException(elgg_echo('APIException:MethodCallNotImplemented', array($method))); } // check API authentication if required if ($API_METHODS[$method]["require_api_auth"] == true) { $api_pam = new ElggPAM('api'); if ($api_pam->authenticate() !== true) { throw new APIException(elgg_echo('APIException:APIAuthenticationFailed')); } } $user_pam = new ElggPAM('user'); $user_auth_result = $user_pam->authenticate(array()); // check if user authentication is required if ($API_METHODS[$method]["require_user_auth"] == true) { if ($user_auth_result == false) { throw new APIException($user_pam->getFailureMessage(), ErrorResult::$RESULT_FAIL_AUTHTOKEN); } } return true; }
/** * Perform user authentication with a given username and password. * * @warning This returns an error message on failure. Use the identical operator to check * for access: if (true === elgg_authenticate()) { ... }. * * * @see login * * @param string $username The username * @param string $password The password * * @return true|string True or an error message on failure * @access private */ function elgg_authenticate($username, $password) { $pam = new ElggPAM('user'); $credentials = array('username' => $username, 'password' => $password); $result = $pam->authenticate($credentials); if (!$result) { return $pam->getFailureMessage(); } return true; }