improving auth class comments.

ab089872 · Taylor Otwell · f841e5d2 · ab089872
Commit ab089872 authored Jun 17, 2011 by Taylor Otwell
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 6 deletions

auth.php system/auth.php +13 -6

No files found.
--- a/system/auth.php
+++ b/system/auth.php
@@ -34,7 +34,9 @@ class Auth {
 	public static function user()
 	{
 		// -----------------------------------------------------
-		// Verify that sessions are enabled.
+		// Verify that sessions are enabled. Since the user ID
+		// is stored in the session, we can't authenticate
+		// without a session driver specified.
 		// -----------------------------------------------------
 		if (Config::get('session.driver') == '')
 		{
@@ -64,19 +66,18 @@ class Auth {
 	{
 		$model = static::model();

-		// -----------------------------------------------------
-		// Get the user by username.
-		// -----------------------------------------------------
 		$user = $model::where(Config::get('auth.username'), '=', $username)->first();

 		if ( ! is_null($user))
 		{
 			// -----------------------------------------------------
-			// Hash the password.
+			// Hash the password. If a salt is present on the user
+			// record, we will recreate the hashed password using
+			// the salt. Otherwise, we will just use a plain hash.
 			// -----------------------------------------------------
 			$password = (isset($user->salt)) ? Hash::make($password, $user->salt)->value : sha1($password);

-			if ($user->password == $password)
+			if ($user->password === $password)
 			{
 				static::$user = $user;

@@ -96,7 +97,13 @@ class Auth {
 	 */
 	public static function logout()
 	{
+		// -----------------------------------------------------
+		// By removing the user ID from the session, the user
+		// will no longer be considered logged in on subsequent
+		// requests to the application.
+		// -----------------------------------------------------
 		Session::forget(static::$key);
+
 		static::$user = null;
 	}