Developing (v7+)

Programmatically Authenticate User

Permalink December 04, 2014 at 8:55 PM

Hello good people!

I am trying to make a custom block to authenticate a user but am having difficulty. So far I have devised the following code:

$ui = UserInfo::getByUserName($username);
      $u = $ui->getUserObject();
      $p1 = $ui->getUserPassword();
      $p2 = $u->getUserPasswordHasher()->HashPassword($password);
      if($p1==$p2) { echo "Good credentials!" }

...however despite the same password being used (and working when logging in via the C5 login screen), the hashed version of the password ($p2) is never the same as $p1.

Anyone ever get this working? Am I missing something? I've been searching around and am not finding much on the internets.

Many thanks in advance for any help!
Cheers,

Alex

alexaalto replied on Dec 4, 2014 at 9:08 pm Permalink Best Answer Reply

...ok - I should have tried harder. Looking at Concrete5_Controller_Login, I was able to create the following code:

private function validateUser($user,$pass) {
      Loader::library('authentication/open_id');
      $u = new User($user,$pass);
      if ($u->isError()) {
         switch($u->getError()) {
            case USER_NON_VALIDATED:
               throw new Exception(t('This account has not yet been validated. Please check the email associated with this account and follow the link it contains.'));
               break;
            case USER_INVALID:
               if (USER_REGISTRATION_WITH_EMAIL_ADDRESS) {
                  throw new Exception(t('Invalid email address or password.'));
               } else {
                  throw new Exception(t('Invalid username or password.'));
               }
               break;

Viewing 15 lines of 35 lines. View entire code block.

 
   private function validateUser($user,$pass) {
      Loader::library('authentication/open_id');
      $u = new User($user,$pass);
      if ($u->isError()) {
         switch($u->getError()) {
            case USER_NON_VALIDATED:
               throw new Exception(t('This account has not yet been validated. Please check the email associated with this account and follow the link it contains.'));
               break;
            case USER_INVALID:
               if (USER_REGISTRATION_WITH_EMAIL_ADDRESS) {
                  throw new Exception(t('Invalid email address or password.'));
               } else {
                  throw new Exception(t('Invalid username or password.'));
               }
               break;
            case USER_INACTIVE:
               throw new Exception(t('This user is inactive. Please contact us regarding this account.'));
               break;
         }
      } else {      
         if(OpenIDAuth::isEnabled() && $_SESSION['uOpenIDExistingUser'] > 0) {
            $oa = new OpenIDAuth();
            if ($_SESSION['uOpenIDExistingUser'] == $u->getUserID()) {
               // the account we logged in with is the same as the existing user from the open id. that means
               // we link the account to open id and keep the user logged in.
               $oa->linkUser($_SESSION['uOpenIDRequested'], $u);
            } else {
               // The user HAS logged in. But the account they logged into is NOT the same as the one
               // that links to their OpenID. So we log them out and tell them so.
               $u->logout();
               throw new Exception(t('This account does not match the email address provided.'));
            }
         }
      }
   }

...and it works!

Forums

Developing (v7+)

Programmatically Authenticate User

Code

Post Reply

Delete Post

Mark Post as Spam

Destroy Spammer

Sign In?