/** * constructor */ public function __construct() { parent::__construct(); if (!Core::getUser() instanceof UserAccount && get_class($this) !== 'LoginController') { if (isset($_REQUEST['user']) && isset($_REQUEST['pass']) && in_array(get_class($this), array('OrderPrintController', 'POPrintController')) && ($userAccount = UserAccount::getUserByUsernameAndPassword(trim($_REQUEST['user']), trim($_REQUEST['pass']), true)) instanceof UserAccount) { Core::setUser($userAccount); } else { $this->getResponse()->Redirect('/login.html'); } } }
/** * login a user * * @param array $params * * @throws Exception * @return multitype: */ private function _login($params) { if (!isset($params['username']) || ($username = trim($params['username'])) === '') { throw new Exception('username is empty!'); } if (!isset($params['password']) || ($password = trim($params['password'])) === '') { throw new Exception('password is empty!'); } $userAccount = UserAccount::getUserByUsernameAndPassword($username, $password, true); $role = null; if (count($roles = $userAccount->getRoles()) > 0) { $role = $roles[0]; } Core::setUser($userAccount, $role); return array(); }
/** * validate a user providing $username and $password * * @param string $username * @param string $password * @return true, if there is such a userAccount in the database;otherwise, false; */ public function validateUser($username, $password) { if (!Core::getUser() instanceof UserAccount) { $userAccount = UserAccount::getUserByUsernameAndPassword($username, $password); if (!$userAccount instanceof UserAccount) { return false; } $role = null; if (!Core::getRole() instanceof Role) { if (count($roles = $userAccount->getRoles()) > 0) { $role = $roles[0]; } } Core::setUser($userAccount, $role); } return true; }
/** * Logs in a user with the given username and password POSTed. Though true * REST doesn't believe in sessions, it is often desirable for an AJAX server. * * @url POST /login */ public function login() { try { $username = trim($_POST['username']); if ($username === '') { throw new AuthenticationException("Empty username not allowed"); } $password = trim($_POST['password']); if ($password === '') { throw new AuthenticationException("Empty password not allowed"); } $userAccount = UserAccount::getUserByUsernameAndPassword($username, $password); if ($userAccount instanceof UserAccount) { Core::getUser($userAccount); } } catch (Exception $ex) { throw new RestException(401, $ex->getMessage(), $ex); } return array("success" => "Logged in " . $username); }