/** * Authenticates current user with credentials, passed as a parameters. The user should be * guest. If not, exception will be raised. You should make logout before. * * The $auth_credentials parameter should contain information to auth. In case of simple * built-in auth, the array must contain "login" and "password" keys. Optionally, "one_time_token" * may be passed to authenticate using it instead of login and password. * Custom auth methods (OAuth, OpenID) may use this array to pass required information. The * BeforeAuth behavior code intercept this credentials and manage custom authentication. * If after that callback session was updated with new user, the auth process considered to be * successful and further actions will be skipped. * * If user.split_auth_message is not false, the incorrect auth message will be split into two messages: * one for incorrect login, another for incorrect password. In other case, the single message * will be outputted via the exception. * * Behaviors BeforeAuth and AfterAuth are available. */ function auth(array $auth_credentials) { if ($this->id !== self::GUEST) { throw new UserException("User already authenticated.Log out before."); } if (empty($auth_credentials)) { throw new UserException("You must specify auth credentials. E.g. array('login'=>'qwe', 'password'=>'qwe') "); } $this->trigger("BeforeAuth", array($this, &$auth_credentials)); $new_user = User::renew(); if ($new_user->isGuest() && isset($auth_credentials['login'], $auth_credentials['password'])) { $new_user = self::findBy("login", $auth_credentials['login']); if (Config::getInstance()->user->split_auth_message) { if (is_null($new_user)) { throw new UserAuthException("No such user with login '{$auth_credentials['login']}'"); } if (!PasswordAuth::match($new_user, $auth_credentials['password'])) { throw new UserAuthException("Password don't match"); } elseif ($new_user->getState() != "active") { throw new UserAuthException("User is not active"); } } elseif (is_null($new_user) || $new_user->getState() != "active" || !PasswordAuth::match($new_user, $auth_credentials['password'])) { throw new UserAuthException("Login or password don't match or user is not active"); } } if (User::renew()->isGuest() && Config::getInstance()->session->one_time_token->allowed && isset($auth_credentials['one_time_token'])) { if (is_null($user_id = OneTimeTokenAuth::findUser($auth_credentials['one_time_token'], true))) { throw new UserAuthException("Wrong one time token"); } $new_user = self::findBy("id", $user_id); } $this->trigger("AfterAuth", array($this, &$new_user)); return self::forceAuth($new_user); }