Source code for file /joomla/user/authenticate.php
Documentation is available at authenticate.php
* @version $Id: authenticate.php 6694 2007-02-22 01:28:09Z CoolAcid $
* @package Joomla.Framework
* @copyright Copyright (C) 2005 - 2007 Open Source Matters. All rights reserved.
* @license GNU/GPL, see LICENSE.php
* Joomla! is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
// Check to ensure this file is within the rest of the framework
* This is the status code returned when the authentication is success.
define('JAUTHENTICATE_STATUS_SUCCESS', 1);
* Status to indicate cancellation of authentication.
define('JAUTHENTICATE_STATUS_CANCEL', 2);
* This is the status code returned when the authentication failed
define('JAUTHENTICATE_STATUS_FAILURE', 4);
* Authorization class, provides an interface for the Joomla authentication system
* @package Joomla.Framework
// Get the global event dispatcher to load the plugins
foreach ($plugins as $plugin) {
$isLoaded |=
$this->loadPlugin($plugin->element, $dispatcher);
JError::raiseWarning('SOME_ERROR_CODE', 'JAuthenticate::__constructor: Could not load authentication libraries.', $plugins);
* Returns a reference to a global authentication object, only creating it
* if it doesn't already exist.
* This method must be invoked as:
* <pre> $auth = &JAuthenticate::getInstance();</pre>
* @return object The global JAuthenticate object
if (!isset
($instances)) {
if (empty ($instances[0])) {
* Finds out if a set of login credentials are valid by asking all obvserving
* objects to run their respective authentication routines.
* @param string The username.
* @param string The password.
* @return mixed Integer userid for valid user if credentials are valid or boolean false if they are not
// Get the global event dispatcher object
// Time to authenticate the credentials. Lets fire the auth event
$results =
$dispatcher->trigger( 'onAuthenticate', array($username, $password));
* Check each of the results to see if a valid user ID was returned. and use the
* first ID to log into the system.
* Any errors raised in the plugin should be returned via the JAuthenticateResponse
* and handled appropriately.
foreach($results as $result)
if(empty($result->username)) {
$result->username =
$username;
if(empty($result->fullname)) {
$result->fullname =
$username;
//TODO :: this needs to be changed, should only return at the end
$errorlog['status'] =
$result->type .
" CANCELED: ";
$errorlog['comment'] =
$result->error_message;
$log->addEntry($errorlog);
$errorlog['status'] =
$result->type .
" FAILURE: ";
$errorlog['comment'] =
$result->error_message;
$log->addEntry($errorlog);
$errorlog['status'] =
$result->type .
" UNKNOWN ERROR: ";
$errorlog['comment'] =
$result->error_message;
$log->addEntry($errorlog);
* Static method to load an auth plugin and attach it to the JEventDispatcher
* This method should be invoked as:
* <pre> $isLoaded = JAuthenticate::loadPlugin($plugin, $subject);</pre>
* @param string $plugin The authentication plugin to use.
* @param object $subject Observable object for the plugin to observe
* @return boolean True if plugin is loaded
if (!isset
($instances)) {
if (empty ($instances[$plugin])) {
// Build authentication plugin classname
$name =
'plgAuthenticate'.
$plugin;
$instances[$plugin] =
new $name ($subject);
* Authorization response class, provides an object for storing user and error details
* @package Joomla.Framework
* User type (refers to the authentication method used)
* Response status (see status codes)
* @var error_message string
* Any UTF-8 string that the End User wants to use as a username.
* The email address of the End User as specified in section 3.4.1 of [RFC2822]
* UTF-8 string free text representation of the End User's full name.
* The End User's date of birth as YYYY-MM-DD. Any values whose representation uses
* fewer than the specified number of digits should be zero-padded. The length of this
* value MUST always be 10. If the End User user does not want to reveal any particular
* component of this value, it MUST be set to zero.
* For instance, if a End User wants to specify that his date of birth is in 1980, but
* not the month or day, the value returned SHALL be "1980-00-00".
* The End User's gender, "M" for male, "F" for female.
* UTF-8 string free text that SHOULD conform to the End User's country's postal system.
* The End User's country of residence as specified by ISO3166.
* End User's preferred language as specified by ISO639.
* ASCII string from TimeZone database
* @param string $name The type of the response