/** * Implements the webservice call from remote websites to check user credentials and * obtain matching warehouse user_id. * Does not support requests from users on the warehouse itself (website_id < 0) * Expects HTTP POST with username, password, options and usual service credentials. * Catches any Exceptions and passes them to handle_error() * * @return string (encrypted array) with user_id and optional user profile array */ public function authenticate_user() { try { // authenticate requesting website for this service $this->authenticate('read'); // decrypt and check the input $input = secure_msg::unseal_request($_POST, $this->website_password); if (array_key_exists(secure_msg::ERROR_MSG, $input)) { throw new ServiceError($input[secure_msg::ERROR_MSG], 3001); } kohana::log('debug', 'Site_User_Controller::authenticate_user, unsealed input is ' . print_r($input, true)); $options = array_key_exists('options', $input) ? $input['options'] : array(); // authenticate user $this->auth = new Auth(); $user_id = $this->auth->site_login($input['username'], $input['password'], $options, $this->website_id); $response = array('user_id' => $user_id); // get profile if user has been authenticated and profile has been requested $getprofile = array_key_exists('getprofile', $options) ? $options['getprofile'] : false; if ($user_id > 0 && $getprofile) { $response['profile'] = $this->_get_user_profile($user_id); } // seal response to secure it from prying or tampering kohana::log('debug', 'Site_User_Controller::authenticate_user, unsealed response is ' . print_r($response, true)); $sealed = secure_msg::SEALED . secure_msg::seal($response, $this->website_password); kohana::log('debug', 'Site_User_Controller::authenticate_user, sealed response is ' . print_r($sealed, true)); echo $sealed; } catch (Exception $e) { $this->handle_error($e); } }
/** * Sends a request to the indicia core module to ask if the login credentials * are valid for this website. * * @param string $username Required. * The username value entered by the authenticating user. * @param string $password Required. * The password value entered by the authenticating user. * @param array $readAuth Required. * Array containing service authentication data obtained from get_read_auth(). * @param string $website_password Required. * The client website password value to be supplied by the site administrator. * @param array $options Optional. * Options array with the following possibilities:<ul> * <li><b>namecase</b><br/> * Optional. Boolean defining if the username value should be treated as case sensitive when looking * the user up on indicia core. Defaults to true.</li> * <li><b>nameormail</b><br/> * Optional. String defining if the username value represents the user's name or their e-mail address when looking * the user up on indicia core. Allowed values are 'name' or 'mail'. Defaults to 'name'.</li> * <li><b>getprofile</b><br/> * Optional. Boolean for whether to retrieve the profile data for this user if successfully authenticated. * If true, the profile will be returned in the 'profile' key on the response array. * Defaults to false.</li> * </ul> * * @return array containing:<ul> * <li>The 'user_id' key hold the user_id for the authenticated user, * or '0' if the login credentials are not valid for this website.</li> * <li>The 'profile' as an array containing:-<ul> * <li>title</li> * <li>first_name</li> * <li>surname</li> * <li>initials</li> * <li>email_address</li> * <li>website_url</li> * <li>address</li> * <li>home_entered_sref</li> * <li>home_entered_sref_system</li> * <li>interests</li> * <li>location_name</li> * <li>email_visible</li> * <li>view_common_names</li> * <li>username</li> * <li>default_digest_mode</li> * <li>activated</li> * <li>banned</li> * <li>site_role</li> * <li>registration_datetime</li> * <li>last_login_datetime</li> * <li>preferred_sref_system</li> * </ul> * This is only returned if the 'getprofile' option is true in the request options.</li> * </ul> */ public static function authenticate_user($username, $password, $readAuth, $website_password, $options = array()) { // encrypt and seal the sensitive data $secrets = array("username" => $username, "password" => $password, "options" => $options); $sealed = secure_msg::seal($secrets, $website_password); // send authentication request to indicia core $url = self::$base_url . "index.php/services/site_user/authenticate_user"; $postargs = array(secure_msg::SEALED => $sealed, "auth_token" => $readAuth['auth_token'], "nonce" => $readAuth['nonce']); $response = self::http_post($url, $postargs); // decrypt response $output = secure_msg::unseal_response($response['output'], $website_password); // return result return $output; }