public function authenticate($user, $password)
{
# Sals the password with the unique salt given in the database
$password = Services_User_Util::passToHash($this->_settings->get('pass_salt'), $password);
# authenticate the user
$userId = $this->_userDao->authUser($user, $password);
if ($userId !== false) {
/*
* If the user is logged in, create a session.
*
* Order of actions is import here, because
* in a new session the lastvisit time is always
* set to the lastlogon time, therefore we first
* want the session to be created and after that
* we can update the last logon time
*/
$userSession = $this->createNewSession($userId);
$this->updateCookie($userSession);
# now update the user record with the last logon time
$userSession['user']['lastlogin'] = time();
$this->_userDao->setUser($userSession['user']);
# Initialize the security system
$userSession['security'] = new SpotSecurity($this->_userDao, $this->_daoFactory->getAuditDao(), $this->_settings, $userSession['user'], $userSession['session']['ipaddr']);
return $userSession;
} else {
return false;
}
# else
}
function createPasswordSalt()
{
$salt = Services_User_Util::generateUniqueId() . Services_User_Util::generateUniqueId();
$this->setIfNot('pass_salt', $salt);
}
function resetUserApi($user)
{
$user['apikey'] = md5(Services_User_Util::generateUniqueId());
$this->_userDao->setUser($user);
$result = new Dto_FormResult('success');
$result->addData('apikey', $user['apikey']);
return $result;
}