MightyPHP comes with built in functions to easily keep track of user's authenticated sessions.
To authenticate a user, you may call the security class and call its setAuth()
method.
use MightyCore\Security;​Security::setAuth();
Besides that, the setAuth()
method accepts an optional array parameter:
Security::setAuth(["id" => 1,"role" => 2]);
The parameters passed in via an array will be used to set the session variables upon setAuth()
based on key value pair.
Before the auth method can be used, it is crucial that the user passwords in the database to be used for comparison are encrypted with the encryptPassword
method of the security class.
Security::encryptPassword('123abc');
This will encrypt the string using PHP's PASSWORD_DEFAULT
algorithm.
If you wish to check if a valid session is ongoing, you may access the checkAuth
method from the Security
class.
Security::checkAuth() // returns true if Authenticated.
If for some reason, you wish to just check the authenticity of the user's password, you may call the comparePassword
method.
// Returns true if compared successfully.Security::comparePassword('hashed_password', 'user_input_string');
If you wish to terminate the user's session, you may call the logout
method to destroy the session.
Security::logout();