AuthService

Table of contents

  1. Overview
  2. Public Methods
  3. Related Components
  4. Notes


1. Overview Table of Contents

The AuthService class manages all user authentication processes, including login, logout, session handling, password resets, and “remember me” cookie-based login. It integrates directly with your session, cookie, and logging subsystems.

Setup

use Core\Services\AuthService;

Common Use Cases

  • Log users in or out
  • Manage login attempts and account locking
  • Handle “remember me” sessions
  • Reset user passwords
  • Upload profile images


2. ⚙️ Public Methods Table of Contents

confirm(Input $request): string

Returns the value of the confirm field from the request, typically used for password confirmation.

$confirm = AuthService::confirm($request);


currentUser(): ?Users

Retrieves the currently logged-in user from the session, or loads it from the database if not cached.

$user = AuthService::currentUser();


hashPassword(string $password): string

Hashes a plain text password using PHP’s password_hash() with the default algorithm.

$hash = AuthService::hashPassword($rawPassword);


login(Input $request, Login $loginModel, string $username, bool $mailer = false): Login

Attempts to log a user in. If successful, resets login attempts and creates a session. Otherwise, tracks failed attempts and optionally triggers an email notification.

$loginModel = AuthService::login($request, new Login(), 'johndoe', true);


loginAttempts(Users $user, Login $loginModel, bool $mailer = false): Login

Increments login attempt counter, locks the account if maximum attempts are reached, and optionally sends an account deactivation email.

AuthService::loginAttempts($user, $loginModel, true);


loginUser(Users $loginUser, bool $rememberMe = false): void

Creates a session for the logged-in user and stores a remember-me token if requested.

AuthService::loginUser($user, true);


loginUserFromCookie(): ?Users

Attempts to log in a user from a remember me cookie. If valid, creates a session and returns the user.

$user = AuthService::loginUserFromCookie();


logout(): void

Logs out the currently logged-in user by clearing the session and deleting any active cookies.

AuthService::logout();


logoutUser(Users $user): bool

Clears the user’s session and remember-me cookie. Also removes the corresponding record from the user_sessions table.

AuthService::logoutUser($user);


passwordReset(Input $request, Users $user): void

Handles the complete flow of resetting a user’s password, including setting the confirmation field and updating the record.

AuthService::passwordReset($request, $user);


profileImageUpload(Users $user): ?Uploads

Processes a profile image upload and returns an Uploads object. Assumes the input name is profileImage.

$upload = AuthService::profileImageUpload($user);


3. 📦 Related ComponentsTable of Contents

  • Users – User model used for authentication and lookup.
  • Login – Model used to store validation and error states during login.
  • UserSessions – Tracks persistent sessions for “remember me” functionality.
  • Uploads – Used for uploading profile images.
  • AccountDeactivatedMailer – Sends account lockout notifications when enabled.


4. 🧠 Notes Table of Contents

  • Session and cookie names are retrieved from environment variables via Env::get(...).
  • Login attempt limits and remember-me expiration are also configurable via .env:
    • MAX_LOGIN_ATTEMPTS
    • REMEMBER_ME_COOKIE_NAME
    • REMEMBER_ME_COOKIE_EXPIRY
  • The loginUser() method logs to the app’s logging system using Logger.
  • The service makes use of a $currentLoggedInUser static cache to prevent redundant database queries.