/** * Validate an identifier with the password * In other words is the login correct? * * @param string $identifier * @param string $password * @return mixed false on failure, user object on success */ public function validate($identifier, $password) { $user = null; $user_model = $this->config->user_model; foreach ($this->config->identifiers as $property) { if ($user = $user_model::find($property, $identifier)) { break; } } // when could not find a user matching the identifiers return false if (!$user) { return false; } // in case the user has no password set always return false // you might implement a oauth login so you dont need to set a // password but this makes sure that validating fails the password fails if (empty($user->password)) { return false; } // when the passwords match return the user object if (\CCStr::verify_hash($password, $user->password)) { return $user; } // otherwise return false return false; }