function _invoice_api_check_user_pass in Invoice 7

Verifies the username and password

1 call to _invoice_api_check_user_pass()

_invoice_api_authenticate in ./invoice_api.inc: Authenticates through basic HTTP authentication

File

./invoice_api.inc, line 95

Code

function _invoice_api_check_user_pass() {
  require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
  $edit['name'] = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';
  $edit['pass'] = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';
  $users = user_load_multiple(array(), array(
    'name' => $edit['name'],
    'status' => 1,
  ));
  $account = reset($users);
  if (user_check_password($edit['pass'], $account)) {

    // Login the user
    $GLOBALS['user'] = $account;

    // Update the user table timestamp noting user has logged in.
    // This is also used to invalidate one-time login links.

    /*$GLOBALS['user']->login = REQUEST_TIME;
            db_update('users')
              ->fields(array('login' => $GLOBALS['user']->login))
              ->condition('uid', $GLOBALS['user']->uid)
              ->execute();

            // Regenerate the session ID to prevent against session fixation attacks.
            // This is called before hook_user in case one of those functions fails
            // or incorrectly does a redirect which would leave the old session in place.
            drupal_session_regenerate();*/
  }
  else {

    // Authentication failed
    _invoice_api_http_response_code(401);
    drupal_add_http_header('WWW-Authenticate', 'Basic Realm="Invoice API"');
    exit;
  }
}

You are here

function _invoice_api_check_user_pass in Invoice 7

File

Code

API Navigation