AuthService

Table of contents

1. Overview
2. Public Methods
3. Related Components
4. Notes

1. Overview Table of Contents

The AuthService class manages all user authentication processes, including login, logout, session handling, password resets, and “remember me” cookie-based login. It integrates directly with your session, cookie, and logging subsystems.

Setup

use Core\Services\AuthService;

Common Use Cases

• Log users in or out
• Manage login attempts and account locking
• Handle “remember me” sessions
• Reset user passwords
• Upload profile images

2. Public Methods Table of Contents

A. confirm()

Returns the value of the confirm field from the request, typically used for password confirmation.

Parameter:

• Input $request - The request.

Returns:

• string - The value of the confirm field.

  $confirm = AuthService::confirm($request);
  

B. currentUser()

Retrieves the currently logged-in user from the session, or loads it from the database if not cached.

Returns:

• Users

  false

  null An object containing information about current logged in user from users table.

$user = AuthService::currentUser();

C. hashPassword()

Hashes a plain text password using PHP’s password_hash() with the default algorithm.

Parameter:

• string $password - Original password submitted on a registration or update password form.

Returns:

• string - The hashed version of the password.

$hash = AuthService::hashPassword($rawPassword);

D. login()

Attempts to log a user in. If successful, resets login attempts and creates a session. Otherwise, tracks failed attempts and optionally triggers an email notification.

Parameters:

• Input $request - The request for the login.
• Login $loginModel - The login model.
• string $username - The user to be logged in.
• bool $mailer - Sends account deactivated E-mail when user surpasses max number of login attempts before account is locked.

Returns:

• Login - Model that handles logins.

$loginModel = AuthService::login($request, new Login(), 'johndoe', true);

E. loginAttempts()

Increments login attempt counter, locks the account if maximum attempts are reached, and optionally sends an account deactivation email.

• User $user - The user whose login attempts we are tracking.
• Login $loginModel - The model that will be responsible for displaying messages.
• bool $mailer - Sends account deactivated E-mail when user surpasses max number of login attempts before account is locked.

Returns:

• Login $loginModel - The Login model after login in attempt test and session messages are assigned.

AuthService::loginAttempts($user, $loginModel, true);

F. loginUser()

Creates a session for the logged-in user and stores a remember-me token if requested.

Parameters:

• Users $loginUser - The user to be logged in.
• bool $rememberMe - Value obtained from remember me checkbox found in login form. Default value is false.

AuthService::loginUser($user, true);

G. loginUserFromCookie

Attempts to log in a user from a remember me cookie. If valid, creates a session and returns the user.

Returns:

• Users - The user associated with previous session.

$user = AuthService::loginUserFromCookie();

H. logout()

Logs out the currently logged-in user by clearing the session and deleting any active cookies.

AuthService::logout();

I. logoutUser()

Clears the user’s session and remember-me cookie. Also removes the corresponding record from the user_sessions table.

Parameter:

• User $user - The user to be logged out.

Returns:

• bool - Returns true if operation is successful.

AuthService::logoutUser($user);

J. passwordReset()

Handles the complete flow of resetting a user’s password, including setting the confirmation field and updating the record.

Parameters:

• Input $request - The request for the password reset action.
• Users $user - The user whose password we will reset.

AuthService::passwordReset($request, $user);

K. profileImageUpload()

Processes a profile image upload and returns an Uploads object. Assumes the input name is profileImage.

Parameter:

• Users $user - The user who uploaded a profile image.

Returns:

• Uploads|null - The uploads object if it’s created or null.

$upload = AuthService::profileImageUpload($user);

3. Related ComponentsTable of Contents

• Users – User model used for authentication and lookup.
• Login – Model used to store validation and error states during login.
• UserSessions – Tracks persistent sessions for “remember me” functionality.
• Uploads – Used for uploading profile images.
• AccountDeactivatedMailer – Sends account lockout notifications when enabled.

4. Notes Table of Contents

• Session and cookie names are retrieved from environment variables via Env::get(...).
• Login attempt limits and remember-me expiration are also configurable via .env:
  • MAX_LOGIN_ATTEMPTS
  • REMEMBER_ME_COOKIE_NAME
  • REMEMBER_ME_COOKIE_EXPIRY
• The loginUser() method logs to the app’s logging system using Logger.
• The service makes use of a $currentLoggedInUser static cache to prevent redundant database queries.