|
|
@@ -34,7 +34,9 @@ class Auth {
|
|
|
public static function user()
|
|
|
{
|
|
|
// -----------------------------------------------------
|
|
|
- // Verify that sessions are enabled.
|
|
|
+ // Verify that sessions are enabled. Since the user ID
|
|
|
+ // is stored in the session, we can't authenticate
|
|
|
+ // without a session driver specified.
|
|
|
// -----------------------------------------------------
|
|
|
if (Config::get('session.driver') == '')
|
|
|
{
|
|
|
@@ -64,19 +66,18 @@ class Auth {
|
|
|
{
|
|
|
$model = static::model();
|
|
|
|
|
|
- // -----------------------------------------------------
|
|
|
- // Get the user by username.
|
|
|
- // -----------------------------------------------------
|
|
|
$user = $model::where(Config::get('auth.username'), '=', $username)->first();
|
|
|
|
|
|
if ( ! is_null($user))
|
|
|
{
|
|
|
// -----------------------------------------------------
|
|
|
- // Hash the password.
|
|
|
+ // Hash the password. If a salt is present on the user
|
|
|
+ // record, we will recreate the hashed password using
|
|
|
+ // the salt. Otherwise, we will just use a plain hash.
|
|
|
// -----------------------------------------------------
|
|
|
$password = (isset($user->salt)) ? Hash::make($password, $user->salt)->value : sha1($password);
|
|
|
|
|
|
- if ($user->password == $password)
|
|
|
+ if ($user->password === $password)
|
|
|
{
|
|
|
static::$user = $user;
|
|
|
|
|
|
@@ -96,7 +97,13 @@ class Auth {
|
|
|
*/
|
|
|
public static function logout()
|
|
|
{
|
|
|
+ // -----------------------------------------------------
|
|
|
+ // By removing the user ID from the session, the user
|
|
|
+ // will no longer be considered logged in on subsequent
|
|
|
+ // requests to the application.
|
|
|
+ // -----------------------------------------------------
|
|
|
Session::forget(static::$key);
|
|
|
+
|
|
|
static::$user = null;
|
|
|
}
|
|
|
|
Taylor Otwell