/** * Calls all the methods necessary to do a login * * @param $params * Array of parameters * - $params['POST']['username']: The username of the user POSTed to the page * - $params['POST']['password']: The password of the user POSTed to the page * @return * A response object with a session ID on success, an error object on failure to login */ public function do_login($params) { /* * Assumes we've already checked for an existing session - which we do in index * Will hand out as many sessions for a valid login as the user wants * If we had malicious users they could use this to flood memcache and force other users sessions to expire */ $username = $params['POST']['username']; # Don't allow logins via GET! $password = $params['POST']['password']; # Don't allow logins via GET! /* * Make sure we were called properly */ if (is_null($username) || empty($username)) { return new error('No username supplied', 403); } if (is_null($password) || empty($password)) { return new error('No password supplied', 403); } if (login::valid_credentials($username, $password, $user_id, $response)) { // Make a session and all that lovely stuff // If we successfully put out session into memcache if (login::create_session($user_id, &$response)) { currentuser::set(new user($user_id)); $resp = new response('Login success'); $resp->set('session_id', $response); $resp->set('user_id', $user_id); return $resp; } else { return new error($response, 500); } } else { return new error($response, 403); } }
exit(0); } else { $response_renderer->set_format($format); } if (is_null($params['POST']['session_id'])) { # Problem, complain not logged in and boot out, unless doing a login if ($method == 'wrms_login' && class_exists($method)) { error_logging('DEBUG', "Creating class login::"); $class = new wrms_login(); $result = $class->run($params); } else { $result = new error("Session not set."); error_logging('WARNING', 'session_id not set'); } } else { currentuser::set(new user(login::check_session($params['POST']['session_id']))); if (currentuser::getInstance() != null) { if (substr($method, 0, 5) == 'wrms_' && class_exists($method)) { $access = access::getInstance(); $access->setUser(currentuser::getInstance()); error_logging('DEBUG', "method {$method} exists"); $class = new $method(); error_logging('DEBUG', "about to run {$method}"); $result = $class->run($params); } else { error_logging('WARNING', "Method {$method} does not exist"); $result = new error("The method you are trying to call does not exist"); } } else { error_logging('DEBUG', "Session is invalid, timed out, or no longer exists."); $result = new error("Session is invalid, timed out, or no longer exists.");