/** * Log in and store the user on the client. * Does not perform any password checking and replaces the login user stored * on the local client. Use this function only for a legitimate login. To * change the logged-in user when performing tasks, use {@link set_login()}. * To log in using a name and password, use {@link impersonate()}. * @param USER $user Log in as this user * @param boolean $remember Remember this login between sessions? */ public function log_in($user, $remember) { if (isset($user) && !$user->is_allowed(Privilege_set_global, Privilege_login)) { $this->page->raise_security_violation('You are not allowed to log in.'); } /** @var APPLICATION_STORAGE_OPTIONS $storage_options */ $storage_options = $this->storage_options; $storage = $this->_get_login_storage(); // user wants the password stored between sessions if ($remember) { $storage->expire_in_n_days($storage_options->login_duration); } else { $storage->expire_when_session_ends(); } $storage->set_value($storage_options->login_user_name, $this->_encode_user($user)); $this->set_login($user); }