/**
* Initialisation Method
*
* @access public
* @return void
*/
public function init()
{
parent::init();
// Raise an "onEndUser" event.
$this->onStartUser(new Event($this));
// Is the user logged in or not?
if (!$this->getState('isGuest')) {
// Load the database model for the currently logged in user so we can use their information throughout
// the request.
$this->user = User::model()->findByPk($this->getState('id'));
// Raise an "onAuthenticated" event; specifying that the end-user is logged in.
$this->onAuthenticated(new Event($this));
} else {
// Raise an "onGuest" event; specifying that the end-user is not logged in.
$this->onGuest(new Event($this));
}
}
/**
* Authenticate User
*
* Without specifying all of the events, which are listed below, this method performs the following:
*
* - Load a model of the user defined by the username given.
* - If the user does not exist in the database, set the error code to ERROR_USERNAME_INVALID, and return false.
* - Check that the password suppled matched the hash stored in the database.
* - If the password was incorrect, set the error code to ERROR_PASSWORD_INVALID, and return false.
* - User has now passed authentication. Set the error code to ERROR_NONE, set the states that are to be
* persisted in the session and return true.
*
* @event onAuthenticateStart
* @event onUsernameInvalid
* @event onUsernameValid
* @event onPasswordIncorrect
* @event onPasswordCorrect
* @event onStatesPersisted
*
* @access public
* @return boolean
*/
public function authenticate()
{
// Raise the "startAuthenticate" event.
$this->onAuthenticateStart(new Event($this));
// Load the model of the user defined by the username provided by the end-user.
$user = User::model()->findByAttributes(array('username' => $this->username));
// If the user does not exist in the database, or the user has been disabled (inactive), set the error code
// to ERROR_USERNAME_INVALID, return false.
if (!is_object($user) || !$user->active) {
$this->errorCode = self::ERROR_USERNAME_INVALID;
// Raise "onPasswordIncorrect" event; specifying that the password that the end-user entered was
// incorrect.
$this->onUsernameInvalid(new Event($this));
return false;
}
// Store the user ID in a local scope variable so that we don't have to query the User model object each
// time we reference it.
$this->id = (int) $user->id;
// Raise the "onUsernameValid" event; specifying that the username that the end-user entered has been found
// in the database.
$this->onUsernameValid(new Event($this));
// Check that the password supplied matched the hash stored in the database. If it doesn't add a FailedLogin
// entry, set the error code to ERROR_PASSWORD_INVALID, return false.
if (!$user->password($this->password)) {
// Set the error code.
$this->errorCode = self::ERROR_PASSWORD_INVALID;
// Raise the "onPasswordIncorrect" event; specifying that the password that the end-user entered was
// incorrect.
$this->onPasswordIncorrect(new Event($this));
return false;
}
// Raise the "onPasswordCorrect" event; specifying that the password that the end-user entered was correct.
$this->onPasswordCorrect(new Event($this));
// Set the user variables that we would like persisted accross subsequent HTTP requests in the session
// state.
$this->setPersistentStates(array('id' => $this->id, 'isGuest' => false));
// Raise the "onStatesPersisted" event; specifying that the variables to be saved in the user-specific
// session have been defined.
$this->onStatesPersisted(new Event($this));
// Now that information has been store to the session state, specify that we did not come across an error
// and return true.
$this->errorCode = self::ERROR_NONE;
return true;
}