Skip to main content
page last edited on 17 April 2015

Authorization API

Version: 5.4 and early


This article shows you can authenticate a user by login and password. It also shows you how to log off a current user.


We start with creating an external script <X-Cart>/test.php with the following content: 


// test.php

//X-Cart initializtion
require_once '';

$login = '';
$password = 'master';

if ($_GET['mode'] == 'login') {

$profile = \XLite\Core\Auth::getInstance()->login($login, $password);
if ($profile !== \XLite\Core\Auth::RESULT_ACCESS_DENIED) {
echo 'You are logged in';
} else {
echo 'You could not be logged in. Check your login and password.';

} elseif ($_GET['mode'] == 'logoff') {


echo 'You are logged off';

As you can see, this script can work in two modes: logging in – if ($_GET['mode'] == 'login') – and logging off – elseif ($_GET['mode'] == 'logoff').

When we pass mode=login in request, then we try to log a user in with $login and $password credentials. Logging in is as simple as calling one function: 

$profile = \XLite\Core\Auth::getInstance()->login($login, $password);

If result equals to \XLite\Core\Auth::RESULT_ACCESS_DENIED constant, it means that we failed to log this user in and you need to make sure that a user with given login exists and the password is correct.

When we pass mode=logoff in request, we log off the current user and this operation is simple as well: 


Now, you can check this script in action:

  1. Adjust $login and $password variables in test.php script to contain actual login/password of some user.
  2. Open the script as test.php?mode=logoff and then open cart.php script in a new tab. You should be logged off.
  3. Open the script as test.php?mode=login and then reload cart.php script in that new tab. You should be logged in now.