Handles all authentication functionality including checking for a valid session and whether or not a user is authenticated, 2FA requests, invalid / expired logins, etc.
This class is available within the services container, meaning its methods can be accessed statically via the service singleton as shown below.
use apex\app; use apex\services\auth;
// Auto login a user $userid = 582; auth::auto_login($userid);
invalid_login(string $type = 'none')
Process invalid login
Processes an invalid login, and outputs the login.tpl template with any necessary user message (eg. invalid user / pass submitted). (
The type / reason for the invalid login (eg. expired, invalid, etc.)
check_password(string $username, string $password) : boolean
Checks a username / password if it's valid, and nothing more. Used for APIs, such as the /repo/ JSON API.
The username to check.
The password to check.
Whther or not the username / password is valid.
check_security_question(integer $userid, string $chk_sec_hash)
Check secondary security question
Check Security Question
Checks user for secondary question. If the system can not recognize the user has previously logged in from this browser / computer, will prompt the user to answer a pre-defined security question.
The userid of the user being checked.
The secondary cookie hash currently in their profile. if exists, the device is recognized, hence no question asked.
check_ip_restrictions(integer $userid) : boolean
Checks the user's IP address against any IP restrictions that have been pre-defined and are are in the database.
The ID# of the user to check IP restrictions for
Whther or not the check was successful
create_session(integer $userid, integer $require_2fa, integer $require_2fa_phone)
Create new login session
The ID# of the user to login
A 1/0 whether or not 2FA via e-mail is required
A 1/0 whether or not 2FA via phone is required