You are here

Home » API reference » Services 7.3 » user_resource.inc

function _user_resource_login in Services 7.3

Same name and namespace in other branches
  1. 6.3 resources/user_resource.inc \_user_resource_login()

Login a user using the specified credentials.

Note this will transfer a plaintext password.

Parameters

$username: Username to be logged in.

$password: Password, must be plain text and not hashed.

Return value

A valid session object.

1 string reference to '_user_resource_login'
_user_resource_definition in resources/user_resource.inc

File

resources/user_resource.inc, line 599

Code

function _user_resource_login($username, $password) {
  global $user;
  if ($user->uid) {

    // user is already logged in
    return services_error(t('Already logged in as @user.', array(
      '@user' => $user->name,
    )), 406);
  }

  // Check if account is active.
  if (user_is_blocked($username)) {
    return services_error(t('The username %name has not been activated or is blocked.', array(
      '%name' => $username,
    )), 403);
  }

  // Emulate drupal native flood control: check for flood condition.
  $flood_state = array();
  if (variable_get('services_flood_control_enabled', TRUE)) {
    $flood_state = _user_resource_flood_control_precheck($username);
  }

  // Only authenticate if a flood condition was not detected.
  if (empty($flood_state['flood_control_triggered'])) {
    $uid = user_authenticate($username, $password);
  }
  else {
    $uid = FALSE;
  }

  // Emulate drupal native flood control: register flood event, and throw error
  // if a flood condition was previously detected
  if (variable_get('services_flood_control_enabled', TRUE)) {
    $flood_state['uid'] = $uid;
    _user_resource_flood_control_postcheck($flood_state);
  }
  if ($uid) {
    $user = user_load($uid);
    if ($user->uid) {
      user_login_finalize();
      $return = new stdClass();
      $return->sessid = session_id();
      $return->session_name = session_name();
      $return->token = drupal_get_token('services');
      $account = clone $user;
      services_remove_user_data($account);
      $return->user = $account;
      return $return;
    }
  }
  watchdog('user', 'Invalid login attempt for %username.', array(
    '%username' => $username,
  ));
  return services_error(t('Wrong username or password.'), 401);
}