public function postLogin() { $email = Request::post('email', 'email'); $pass = Request::post('password'); $login_result = UserModel::login($email, $pass); $data = array(); if (!$login_result) { // BAD PASSWORD COMBO Messenger::error('Invalid password.'); } else { $session = Session::getInstance(); $session->setState(Session::STATE_APP); $data['cookies'] = array('session' => $session->session_key); Output::setJsonCookies(true); return $data; } }
/** * Create the default logged in user. * * @return User * The currently logged in user. */ public static function createInstance() { // If a session is found. $session = SessionTool::getInstance(true, false); if ($session && $session->user_id > 0) { // If we are logged into someone elses account. if ($impersonate = $session->getSetting('impersonate')) { $user = User::loadById($impersonate); } else { // Try to load the user on this session. $user = User::loadById($session->user_id); } } if (!empty($user)) { return $user; } else { // No user was found. return User::anonymous(); } }
/** * Add the session token as a JS accessible variable. */ public static function addSessionToken() { self::set('token', Session::getInstance()->getToken()); }
/** * Destroy a user object and end the session. */ public function logOut() { $session = Session::getInstance(); if ($this->id > 0) { $this->data = NULL; $this->id = 0; if (is_object($session)) { $session->destroy(); } } }
/** * Make sure a valid token has been received. * * @return boolean * Whether the token is valid. */ public function validateToken() { // If this is a post request, there must be a valid token. if (!$this->ignoreToken && strtolower(Request::type()) == 'post') { $token = Request::post('token', 'hex'); return !empty($token) && $token == Session::getInstance()->getToken(); } else { // This is not a POST request so it's not required. return true; } }