Bonfire includes an Auth library in the Users module which handles user authentication and authorization.
User authentication allows the application to confirm the user's identity (in terms of confirming that they can access a particular user account on the site).
User authorization allows the application to determine what the user is allowed to do (verifying that a user has permission to visit a particular page or perform a particular action).
Verify that the user has been authenticated.
Attempt to authenticate the user with the provided credentials.
- $login
is the email address or username entered by the user (depending on the site's configuration).
- $password
is the password entered by the user.
- $remember
is a boolean value indicating whether the user checked the "Remember Me" box (defaults to false
), if enabled by the site's configuration.
Log the current user out of the site.
Destroys the autologin information (if they checked the "Remember Me" box on login) and the session.
Get the user's information from the session and/or database.
Returns false if the user_id
isn't found in the session, the user_id
found in the session doesn't match a user in the database, or the session's user_token
is invalid.
Determine whether a role has the permission named by the value of $permission
.
Permission names are case-insensitive.
If $role_id
is not provided, this method will determine whether the current user's role has the requested permission.
Otherwise, it will check the role that corresponds to the provided $role_id
.
The $override
parameter allows access to be granted if $permission
does not exist in the site's list of permissions.
With the exception of the behavior of $override
, this method will return true
if the role has the $permission
, or false
if they do not.
Returns true
if $permission
exists in the site's permissions list, or false
if it does not.
Permission names are case-insensitive.
Requires a user to authenticate (and, optionally, to have the requested $permission
) before allowing them to view the current page.
Generally, this method is called from a controller to regulate access to either the entire controller (when called from the controller's constructor) or a particular action/method.
This is the work-horse of the Auth library, directing the user to the login screen if they have not been authenticated and, optionally, checking for the supplied $permission
to determine whether the user is authorized to view the page.
If a user chooses not to authenticate, or is not authorized (does not have permission), they will be returned to the previous page or the main site URL, unless $uri
is provided, in which case they will be redirected to the page indicated by $uri
.
Retrieve the role_id from the current session.
If the current user is not authenticated, this will return false.
A convenience method to return the name of the role which corresponds to the given $role_id
.
Check whether the supplied $password
matches the supplied $hash
.
Hashes the supplied password ($pass
), optionally using the supplied number of $iterations
.
If $iterations
is not supplied, it will use the site's password_iterations
configuration to determine the number of iterations to use in hashing the password.
Since the library stores the number of iterations in the password hash, it is not necessary to store this information separately.
Get the number of login attempts from the current user's IP address or from the given $login
.
Retrieve the logged identity from the current session.
Returns false if the user is not currently logged in.
Retrieve the user_id from the current session.
Returns false if the user is not currently logged in.
The URL to which the user should be redirected when they are successfully authenticated.
$trigger_data = array(
'user_id' => $user->id,
'role_id' => $user->role_id,
);
Events::trigger('after_login', $trigger_data);
Triggered near the end of the login()
method.
$data = array(
'user_id' => $this->user_id(),
'role_id' => $this->role_id(),
);
Events::trigger('before_logout', $data);
Triggered at the beginning of the logout()
method.
Helper functions are not methods of the Auth library (so they are called without using the $this->auth->
prefix).
They are included automatically when loading the Auth library.
Determine whether the current user has the requested $permission
.
A shortcut to $this->auth->has_permission($permission, null, $override)
Determine whether $permission
is in the site's list of permissions.
A shortcut to $this->auth->permission_exists($permission)