Commit ab089872 authored by Taylor Otwell's avatar Taylor Otwell

improving auth class comments.

parent f841e5d2
......@@ -34,7 +34,9 @@ class Auth {
public static function user()
{
// -----------------------------------------------------
// Verify that sessions are enabled.
// Verify that sessions are enabled. Since the user ID
// is stored in the session, we can't authenticate
// without a session driver specified.
// -----------------------------------------------------
if (Config::get('session.driver') == '')
{
......@@ -64,19 +66,18 @@ class Auth {
{
$model = static::model();
// -----------------------------------------------------
// Get the user by username.
// -----------------------------------------------------
$user = $model::where(Config::get('auth.username'), '=', $username)->first();
if ( ! is_null($user))
{
// -----------------------------------------------------
// Hash the password.
// Hash the password. If a salt is present on the user
// record, we will recreate the hashed password using
// the salt. Otherwise, we will just use a plain hash.
// -----------------------------------------------------
$password = (isset($user->salt)) ? Hash::make($password, $user->salt)->value : sha1($password);
if ($user->password == $password)
if ($user->password === $password)
{
static::$user = $user;
......@@ -96,7 +97,13 @@ class Auth {
*/
public static function logout()
{
// -----------------------------------------------------
// By removing the user ID from the session, the user
// will no longer be considered logged in on subsequent
// requests to the application.
// -----------------------------------------------------
Session::forget(static::$key);
static::$user = null;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment