/** * Attempt to log a user into the application with password and * identity field(s), usually email or username. * * @param array $input Array containing at least 'username' or 'email' and 'password'. * Optionally the 'remember' boolean. * @param bool $mustBeConfirmed If true, the user must have confirmed his email account in order to log-in. * * @return bool Success. */ public function logAttempt(array $input, $mustBeConfirmed = true) { $remember = $this->extractRememberFromArray($input); $emailOrUsername = $this->extractIdentityFromArray($input); if (!$this->loginThrottling($emailOrUsername)) { return false; } $user = $this->repo->getUserByEmailOrUsername($emailOrUsername); if ($user) { if (!$user->getConfirmed() && $mustBeConfirmed) { return false; } $correctPassword = $this->app['hash']->check(isset($input['password']) ? $input['password'] : false, $user->getPassword()); if (!$correctPassword) { return false; } $this->app['auth']->login($user, $remember); return true; } return false; }