Chart Roots - warwickfoster/qurantools GitHub Wiki

File: app/auth/auth_functions.php

Purpose

The code snippet implements a user authentication and authorization system using PHP sessions and cookies. It includes functions for logging in, logging out, and handling user authentication.

Functions

  • start_login()
  • validate_login()
  • log_user_in()
  • log_user_out()
  • is_auth_stop_processing()
  • handle_logged_in_user()
  • handle_email_password_hash_mismatch()

Key Features

  • Session-based Authentication Users are authenticated using email and password credentials, which are stored in session variables.
  • Session Management The system manages user sessions using cookies and session variables.
  • Error Handling The code handles various error scenarios, such as invalid login credentials, account lockout, and session hijacking.
  • Session Verification The handle_logged_in_user() function verifies that the logged-in user's session credentials still match the database records.

Implementation

  • The start_login() function initiates the login process by setting up the necessary session variables.
  • The validate_login() function checks the user's credentials against the database and sets appropriate error messages in the session.
  • The log_user_in() function populates session variables with user information and logs the login event.
  • The log_user_out() function unsets the session variables and cookies to log the user out.
  • The is_auth_stop_processing() function checks if the AUTH_STOP_PROCESSING flag is set, which indicates that authentication processing should be stopped.
  • The handle_logged_in_user() function performs additional checks and redirects the user if their session credentials do not match the database records.

Usage

To use the authentication system, developers can call the appropriate functions based on the user's actions. For example, to handle a logged-in user accessing a protected page, they can call the handle_logged_in_user() function.

Note

The code snippet assumes the existence of a database table named USERS with fields such as Email Address, password_hash, and LOCKED WITH MESSAGE. The specific functions used for database interactions (e.g., get_user_by_email_password_hash()) may vary depending on the database management system used.