function auth_token_check($token, $username, $password)
{
$user = get_user_by_username($username);
if (!$user) {
throw new InvalidParameterException('registration:usernamenotvalid');
}
if (validate_user_token($token, 1) == $user->guid) {
$return['auth_token'] = 'OK';
$return['api_key'] = get_api_key();
$return['gcm_sender_id'] = get_gcm_sender_id();
} else {
$return = auth_gettoken($username, $password);
}
return $return;
}
/**
* The auth.gettoken API.
* This API call lets a user log in, returning an authentication token which can be used
* to authenticate a user for a period of time. It is passed in future calls as the parameter
* auth_token.
*
* @param string $username Username
* @param string $password Clear text password
*
* @return string Token string or exception
* @throws SecurityException
* @access private
*/
function auth_gettoken($username, $password)
{
// check if username is an email address
if (is_email_address($username)) {
$users = get_user_by_email($username);
// check if we have a unique user
if (is_array($users) && count($users) == 1) {
$username = $users[0]->username;
}
}
// validate username and password
if (true === elgg_authenticate($username, $password)) {
$return['auth_token'] = create_user_token($username);
$return['api_key'] = get_api_key();
$return['gcm_sender_id'] = get_gcm_sender_id();
if ($return) {
return $return;
}
// $token = create_user_token($username);
// if ($token) {
// return $token;
// }
}
throw new SecurityException(elgg_echo('SecurityException:authenticationfailed'));
}
