@@ -87,9 +87,6 @@ class Auth {
*/
protected static function recall($recaller)
{
- // When the remember me cookie is stored, it is encrypted and contains
- // the user's ID and a long, random string. The segments are separated
- // by a pipe character so we'll explode on that.
$recaller = explode('|', Crypter::decrypt($recaller));
// We'll pass the ID that was stored in the cookie into the same user
@@ -127,11 +124,8 @@ class Auth {
// When attempting to login the user, we will call the "attempt" closure
// from the configuration file. This gives the developer the freedom to
- // authenticate based on the needs of their application.
- //
- // All of the password hashing and checking and left totally up to the
- // developer, as this gives them the freedom to use any hashing scheme
- // or authentication provider they wish.
+ // authenticate based on the needs of their application, even allowing
+ // the user of third-party providers.
$user = call_user_func($config['attempt'], $username, $password);
if (is_null($user)) return false;
Taylor Otwell