Methods summary
public
|
#
__construct( )
Initialize Users
Overrides
|
public
integer
|
#
login( Session $session, array $vars )
Attempts to authenticate the given user and initialize a session with
that user's ID.
Attempts to authenticate the given user and initialize a session with
that user's ID.
Parameters
- $session
- session to initialize
- $vars
An array of login information including:
- username The username of the user attempting to log in
- password The password of the user attempting to log in
- remember_me If "true" will set a cookie to remember the user's session on a subsequent visit
- otp The one-time password required to authenticate this user (required only if enabled for this user)
- ip_address The IP address of the user attempting to log in (determined automatically if not given)
Returns
integer
The ID of the user authenticated, false on failure
|
public
|
#
logout( Session $session )
Logs the user out by terminating the session
Logs the user out by terminating the session
Parameters
- $session
- session to terminate
|
public
boolean
|
#
auth( string $username, array $vars, string $type = 'any' )
Checks to ensure that the user specified can be authenticated
Checks to ensure that the user specified can be authenticated
Parameters
- $username
- The ID or username of the user to authenticate
- $vars
an array of authentication info including:
- username The username of the user attempting to log in
- password The password of the user attempting to log in
- $type
The type of user to authenticate:
- any Will check any type
- staff Check staff type only
- client Check client type only
- contact Check contact type only
Returns
boolean
True if the user can be authenticated, false otherwise
|
public
boolean
|
#
validateOtp( string $otp, stdClass $user )
Validates the given OTP against the given user
Validates the given OTP against the given user
Parameters
- $otp
The one-time password required to authenticate this
user (required only if enabled for this user) - $user
- The stdClass object representation of the user to validate the OTP against
Returns
boolean
True if the OTP validates, false otherwise
|
public
integer
|
#
add( array $vars )
Adds the user record to the system
Adds the user record to the system
Parameters
- $vars
An array of user info including:
- username The username for this user. Must be unique across all companies for this installation.
- new_password The password for this user
- confirm_password The password for this user
- two_factor_mode The two factor authentication mode 'none', 'motp', 'totp' (optional, default 'none')
- two_factor_key The two factor authentication key (optional, default null)
- two_factor_pin The two factor authentication pin (optional, default null)
Returns
integer
The ID of the user created, void on error
|
public
|
#
edit( integer $user_id, array $vars, boolean $validate_pass = false )
Edits the user record in the system
Edits the user record in the system
Parameters
- $user_id
- The ID of the user to edit
- $vars
An array of user info including:
- username The username for this user (optional)
- current_password The current password for this user (optional, required if $validate_pass is true)
- new_password The new password for this user (optional)
- confirm_password The new password for this user (optional, required if 'new_password' is given)
- two_factor_mode The two factor authentication mode 'none', 'motp', 'totp' (optional)
- two_factor_key The two factor authentication key (optional)
- two_factor_pin The two factor authentication pin (optional)
- otp The one-time-password to validate, required if two_factor_mode
is something other than 'none' and $validate_pass is set to true
- verify Whether or not the email should be verified, overrides the company and client group settings
(Only applies to users who use their email address as a username)
- $validate_pass
Whether or not to validate the
current_password before updating this user (optional, default
false). If set will also attempt to validate the one-time-password.
|
public
|
#
delete( integer $user_id )
Permanently deletes a user record from the system. USE WITH EXTREME CAUTION
Permanently deletes a user record from the system. USE WITH EXTREME CAUTION
Parameters
- $user_id
- The ID of the user to delete
|
public
mixed
|
#
get( integer $user_id )
Fetches a user
Parameters
- $user_id
- The user ID to fetch
Returns
mixed
An stdClass object representing the user, or false if it does not exist
See
|
public
mixed
|
#
getByUsername( string $username )
Fetches a user
Parameters
- $username
- The username to fetch
Returns
mixed
An stdClass object representing the user, or false if it does not exist
See
|
public
mixed
|
#
getByEmail( string $email )
Fetches a user
Parameters
- $email
- The username email address to fetch
Returns
mixed
An stdClass object representing the user, or false if it does not exist
See
|
public
array
|
#
getAllByEmail( string $email )
Fetches a list of users
Parameters
- $email
- The username email address to fetch
Returns
array
A list of stdClass objects representing users
|
public
Record
|
#
queryByEmail( string $email )
Partially constructs the query fetching users by email
Partially constructs the query fetching users by email
Parameters
- $email
- The username email address to fetch
Returns
Record
The partially constructed query Record object
See
|
public
|
#
getOtp( integer $user_id, string $otp )
Returns the one-time password record if it exists
Returns the one-time password record if it exists
Parameters
- $user_id
- The ID of the user to fetch on
- $otp
- The one-time password to search for
Reutrn
mixed An stdClass object representing this record, or false if it does not exist
|
public
array
|
#
getOtpModes( )
Return all One-time-password modes supported by the system
Return all One-time-password modes supported by the system
Returns
array
An array of key/value pairs consisting of the OTP mode (the key) and it's friendly name (the value)
|
public
|
#
addOtp( integer $user_id, string $otp )
Adds the one-time password record to the system so we can ensure it is not
used again.
Adds the one-time password record to the system so we can ensure it is not
used again.
Parameters
- $user_id
- The ID of the user to record the one-time password for
- $otp
- The one-time password to record
|
public
mixed
|
#
requiredOtpMode( string $user )
Fetches the one-time password mode required to authenticate this user
Fetches the one-time password mode required to authenticate this user
Parameters
- $user
- ID or username of the user to fetch the required OTP mode
Returns
mixed A string containing the type of OTP mode, false if the user does not exist or
no mode is set
|
public
boolean
|
#
validateTwoFactorMode( string $mode )
Validates the user's 'two_factor_mode' field
Validates the user's 'two_factor_mode' field
Parameters
- $mode
- The two factor mode to check
Returns
boolean
True if validated, false otherwise
|
public
|
#
validateTwoFactorKey( string $key, string $mode )
Validates the user's 'two_factor_key'
Validates the user's 'two_factor_key'
Parameters
- $key
- The two factor key
- $mode
- The two factor mode
Retrun
boolean True if valid, false otherwise
|
public
boolean
|
#
validatePasswordEquals( string $password, integer $user_id )
Validates the given password matches the one on record
Validates the given password matches the one on record
Parameters
- $password
- The encrypted password to check
- $user_id
- The user ID of the user to check against
Returns
boolean
True if the passwords are equivalent, false otherwise
|
public
boolean
|
#
validateUniqueUser( string $username, integer $user_id )
Validates the given username is unique across all users, besides $user_id
Validates the given username is unique across all users, besides $user_id
Parameters
- $username
- The username to be validated against the user ID
- $user_id
- A user ID
Returns
boolean
True if the username is unique for all users (besides this $user_id), false otherwise
|
public
string
|
#
hashPassword( string $password )
Computes an HMAC sha-256 hash of the given password, then hashes that
using the best hashing algorithm available on the system
Computes an HMAC sha-256 hash of the given password, then hashes that
using the best hashing algorithm available on the system
Parameters
- $password
- The password to hash
Returns
string
The hashed password
|
public
boolean
|
#
checkPassword( string $password, string $stored_hash, string $algorithm = null )
Verifies whether or not the given plain-text password produces the
supplied hash.
Verifies whether or not the given plain-text password produces the
supplied hash.
Parameters
- $password
- The password to validate
- $stored_hash
- The hash to verify the password against
- $algorithm
- The algorithm to use for validating the password
Returns
boolean
True if the password is good, false otherwise
|
public
boolean
|
#
validateClientsExist( integer $user_id )
Validates that at least one client is assigned to this user
Validates that at least one client is assigned to this user
Parameters
- $user_id
- The ID of the user
Returns
boolean
True if at least one client is assigned to this user, false otherwise
|
public
boolean
|
#
validateLoginAttempts( string $username, string $ip_address )
Validates whether the user has made too many failed attempts to login
Validates whether the user has made too many failed attempts to login
Parameters
- $username
- The username
- $ip_address
- The IP address from which the login took place
Returns
boolean
False if there has been too many failed login attempts, true otherwise
|
public
boolean
|
#
validateUser( array $vars, boolean $edit = false, boolean $validate_pass = false )
Validate user information for add or edit
Validate user information for add or edit
Parameters
- $vars
An array of user info including:
- user_id The ID of the user for validating edits (optional)
- username The username for this user (optional)
- current_password The current password for this user (optional, required if $validate_pass is true)
- new_password The new password for this user (optional)
- confirm_password The new password for this user (optional, required if 'new_password' is given)
- two_factor_mode The two factor authentication mode 'none', 'motp', 'totp' (optional)
- two_factor_key The two factor authentication key (optional)
- two_factor_pin The two factor authentication pin (optional)
- otp The one-time-password to validate, required if two_factor_mode
is something other than 'none' and $validate_pass is set to true
- $edit
- Whether this data is being validated for an edit (optional, default false)
- $validate_pass
Whether or not to validate the
current_password before updating this user (optional, default
false). If set will also attempt to validate the one-time-password. Returns
boolean
True if the user info is valid, false otherwise
|
AppModel
uses
Blesta\Core\Util\Common\Traits\Container