Class: User extends ExtendedModel

This is the default user authentication source for Elefant. Provides the basic User::require_login() and User::require_admin() methods, as well as User::is_valid() and User::logout(). If a user is logged in, the first call to any validation method will initialize the $user property to contain the static User object.

Note that this class extends ExtendedModel, so all of the ExtendedModel and Model methods are available for querying the user list, and for user management, as well.


  • id
  • email
  • password
  • session_id
  • expires
  • name
  • type
  • signed_up
  • updated
  • userdata
  • phone
  • fax
  • address
  • address2
  • city
  • state
  • country
  • zip
  • title
  • company
  • photo
  • about
  • website

Basic usage of additional methods:


// Send unauth users to myapp/login view
if (! User::require_login ()) {
    $page->title = __ ('Members');
    echo $this->run ('user/login');

// Check if a user is valid at any point
if (! User::is_valid ()) {
    // Not allowed

// Check the user's type
if (User::is ('member')) {
    // Access granted

// Get the name value
$name = User::val ('name');

// Get the actual user object
info (User::$user);

// Update and save a user's name
User::val ('name', 'Bob Diggity');
User::save ();

// Encrypt a password
$encrypted = User::encrypt_pass ($password);

// Log out and send them home
User::logout ('/');



public static $user = false

This is the static User object for the current user.

public static $session

Session object for storing session IDs and expiry times, when multi_login is enabled.

public static $acl

Acl object for require_acl() method. Get and set via User::acl().

public static $versions_link = '/user/details?id={{id}}'

Link format for version history.

public static $versions_display_fields = array ()

Fields to display as links in version history.

private static $_error = false

public $table = '#prefix#user'

The database table name.

public $_extended_field = 'userdata'

Tell the ExtendedModel which field should contain the extended properties.


public links ()

Get all social links for the current user. Alias of user\Link::for_user ($user_id)

public notes ()

Get all notes for the current user. Alias of user\Note::for_user ($user_id)

public static error ()

Fetch reason for login failure, or false if none.

public static encrypt_pass ($plain)

Generates a random salt and encrypts a password using Blowfish.

public static generate_pass ($length = 8)

Takes a length and returns a random string of characters of that length for use in passwords. String may contain any number, lower or uppercase letters, or common symbols.

public static init_session ($name = false, $duration = false, $path = '/', $domain = false, $secure = false, $httponly = true)

Initializes the PHP session with the right settings and save handler.

public static verifier ($user, $pass)

Verifies a username/password combo against the database. Username is matched to the email field. If things check out, a session_id is generated and initialized in the database and for the user. Also creates the global $user object as well, since we have the data (no sense requesting it twice).

public static method ($callback)

A custom handler for simple_auth(). Note: Calls session_start() for you, and creates the global $user object if a session is valid, since we have the data already.

public static require_login ()

Simplifies authorization down to:


if (! User::require_login ()) {
    // unauthorized


public static require_verification ()

Alternative to require_login() that also checks that their account has been verified via email.

public static require_admin ()

Alias of require_acl('admin'). Simplifies authorization for general admin access down to:


if (! User::require_admin ()) {
    // unauthorized


public static require_acl ($resource)

Determine whether the current user is allowed to access a given resource.

public static is_valid ()

Check if a user is valid.

public static is ($type)

Check if a user is of a certain type.

public static current ($current)

Fetch or set the currently active user.

public static access ($access)

Alias of require_acl('content/' . $access), prepending the content/ string to the resource name before comparing it. Where User::require_acl('resource') is good for validating access to any resource type, User::access('member') is used for content access levels.

Can also be called via User::access() and it will return an array of the access values which the current user may access, for example:

array ('public' => 'Public', 'member' => 'Member')

public static access_list ()

Returns the list of access levels for content. This is a list of resources that begin with content/ e.g., content/private, with keys as the resource and values as a display name for that resource:

array (
    'public'  => 'Public',
    'member'  => 'Member',
    'private' => 'Private'

Note: Public is hard-coded, since there's no need to verify access to public resources, but you still need an access level to specify it.

public static acl ($acl)

Get or set the Acl object.

public static allowed_roles ()

Fetch the roles that an admin user is allowed to assign.

public static val ($key, $val)

Get or set a specific field's value.

public static save ()

Save the user's data to the database.

public static logout ($redirect_to = false, $path = '/', $domain = false, $secure = false, $httponly = true)

Log out and optionally redirect to the specified URL.