/** * Calls all the methods necessary to do a login * * @param $params * Array of parameters * - $params['POST']['username']: The username of the user POSTed to the page * - $params['POST']['password']: The password of the user POSTed to the page * @return * A response object with a session ID on success, an error object on failure to login */ public function do_login($params) { /* * Assumes we've already checked for an existing session - which we do in index * Will hand out as many sessions for a valid login as the user wants * If we had malicious users they could use this to flood memcache and force other users sessions to expire */ $username = $params['POST']['username']; # Don't allow logins via GET! $password = $params['POST']['password']; # Don't allow logins via GET! /* * Make sure we were called properly */ if (is_null($username) || empty($username)) { return new error('No username supplied', 403); } if (is_null($password) || empty($password)) { return new error('No password supplied', 403); } if (login::valid_credentials($username, $password, $user_id, $response)) { // Make a session and all that lovely stuff // If we successfully put out session into memcache if (login::create_session($user_id, &$response)) { currentuser::set(new user($user_id)); $resp = new response('Login success'); $resp->set('session_id', $response); $resp->set('user_id', $user_id); return $resp; } else { return new error($response, 500); } } else { return new error($response, 403); } }