/**
* Calls all the methods necessary to do a login
*
* @param $params
* Array of parameters
* - $params['POST']['username']: The username of the user POSTed to the page
* - $params['POST']['password']: The password of the user POSTed to the page
* @return
* A response object with a session ID on success, an error object on failure to login
*/
public function do_login($params)
{
/*
* Assumes we've already checked for an existing session - which we do in index
* Will hand out as many sessions for a valid login as the user wants
* If we had malicious users they could use this to flood memcache and force other users sessions to expire
*/
$username = $params['POST']['username'];
# Don't allow logins via GET!
$password = $params['POST']['password'];
# Don't allow logins via GET!
/*
* Make sure we were called properly
*/
if (is_null($username) || empty($username)) {
return new error('No username supplied', 403);
}
if (is_null($password) || empty($password)) {
return new error('No password supplied', 403);
}
if (login::valid_credentials($username, $password, $user_id, $response)) {
// Make a session and all that lovely stuff
// If we successfully put out session into memcache
if (login::create_session($user_id, &$response)) {
currentuser::set(new user($user_id));
$resp = new response('Login success');
$resp->set('session_id', $response);
$resp->set('user_id', $user_id);
return $resp;
} else {
return new error($response, 500);
}
} else {
return new error($response, 403);
}
}
