2014-09-29 22:06:38 +10:00
|
|
|
<?php defined('SYSPATH') or die('No direct access allowed.');
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Auth driver.
|
|
|
|
*
|
|
|
|
* @package lnApp
|
|
|
|
* @category Classes
|
|
|
|
* @author Deon George
|
|
|
|
* @copyright (c) 2014 Deon George
|
|
|
|
* @license http://dev.leenooks.net/license.html
|
|
|
|
*/
|
|
|
|
abstract class lnApp_Auth_ORM extends Kohana_Auth_ORM {
|
|
|
|
/**
|
|
|
|
* We need to override Kohana's __construct(), for tasks, which attempt to open a session
|
|
|
|
* and probably dont have access to PHP sessions path.
|
|
|
|
* Tasks dont need sessions anyway?
|
|
|
|
*/
|
|
|
|
public function __construct($config = array()) {
|
|
|
|
// Save the config in the object
|
|
|
|
$this->_config = $config;
|
|
|
|
|
|
|
|
if (PHP_SAPI !== 'cli')
|
|
|
|
parent::__construct($config);
|
|
|
|
}
|
|
|
|
|
2014-10-02 15:33:07 +10:00
|
|
|
/**
|
|
|
|
* Get the user that a token applies to
|
|
|
|
*
|
|
|
|
* This will check that the token is valid (not expired and for the request)
|
|
|
|
*
|
|
|
|
* @param $token The token
|
|
|
|
* @return Model_Account|NULL The user that the token is valid for.
|
|
|
|
*/
|
2014-10-04 00:35:26 +10:00
|
|
|
protected function _get_token_user($token) {
|
2016-08-26 15:02:40 +10:00
|
|
|
try {
|
|
|
|
list($id,$key) = explode(':',$token,2);
|
|
|
|
} catch (Exception $e) {
|
|
|
|
return ORM::factory('Account');
|
|
|
|
}
|
2014-10-02 15:33:07 +10:00
|
|
|
|
|
|
|
$uo = ORM::factory('Account',$id);
|
|
|
|
|
|
|
|
return ($uo->token(NULL,NULL,NULL,NULL) == $token) ? $uo : NULL;
|
|
|
|
}
|
|
|
|
|
2014-09-29 22:06:38 +10:00
|
|
|
/**
|
|
|
|
* Logs a user in.
|
|
|
|
*
|
|
|
|
* @param string username
|
|
|
|
* @param string password
|
|
|
|
* @param boolean enable autologin
|
|
|
|
* @return boolean
|
|
|
|
*/
|
|
|
|
protected function _login($user,$password,$remember) {
|
|
|
|
if (! is_object($user)) {
|
|
|
|
$username = $user;
|
|
|
|
|
|
|
|
// Load the user
|
|
|
|
$user = ORM::factory($this->_model);
|
|
|
|
$user->where('email','=',$username)->find();
|
|
|
|
|
|
|
|
// If no user loaded, return
|
|
|
|
if (! $user->loaded())
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create a hashed password
|
|
|
|
if (is_string($password))
|
|
|
|
$password = $this->hash($password);
|
|
|
|
|
|
|
|
// If we have the right password, we'll check the status of the account
|
|
|
|
if ($user->password === $password AND $user->active) {
|
2014-10-02 15:33:07 +10:00
|
|
|
if (! $user->activated())
|
|
|
|
HTTP::redirect(URL::link('user','account/activate'));
|
|
|
|
|
2014-09-29 22:06:38 +10:00
|
|
|
// Record our session ID, we may need to update our DB when we get a new ID
|
|
|
|
$oldsess = session_id();
|
|
|
|
|
|
|
|
// Finish the login
|
|
|
|
$this->complete_login($user);
|
|
|
|
|
|
|
|
// Do we need to update databases with our new sesion ID
|
|
|
|
$sct = Kohana::$config->load('config')->session_change_trigger;
|
|
|
|
if (session_id() != $oldsess AND count($sct))
|
|
|
|
foreach ($sct as $t => $c)
|
|
|
|
if (Config::module_exist($t))
|
|
|
|
foreach (ORM::factory(ucwords($t))->where($c,'=',$oldsess)->find_all() as $o)
|
|
|
|
$o->set('session_id',session_id())
|
|
|
|
->update();
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Login failed
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Determine if a user is authorised to view an account
|
|
|
|
*
|
|
|
|
* @param Model_Account Account Ojbect to validate if the current user has access
|
|
|
|
* @return boolean TRUE if authorised, FALSE if not.
|
|
|
|
*/
|
|
|
|
public function authorised(Model_Account $ao) {
|
2014-10-08 23:20:27 +11:00
|
|
|
return (($uo = $this->get_user()) AND $uo->loaded() AND ($uo == $ao OR ($uo->admin > $ao->admin)));
|
2014-09-29 22:06:38 +10:00
|
|
|
}
|
|
|
|
|
|
|
|
public function get_groups() {
|
|
|
|
return is_null($x=$this->get_user()) ? ORM::factory('Group')->where('id','=',0)->find_all() : $x->groups();
|
|
|
|
}
|
|
|
|
|
2014-10-02 15:33:07 +10:00
|
|
|
/**
|
|
|
|
* Gets the currently logged in user from the session.
|
|
|
|
* Returns NULL if no user is currently logged in.
|
|
|
|
*
|
|
|
|
* @param boolean Check token users too
|
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
public function get_user($default=NULL,$tokenuser=TRUE) {
|
|
|
|
// If we are a CLI, we are not logged in
|
|
|
|
if (PHP_SAPI === 'cli')
|
|
|
|
throw new Kohana_Exception('Calling :method from the CLI is not allowed!',array(':method'=>__METHOD__));
|
|
|
|
|
|
|
|
// Get the current user
|
|
|
|
$uo = parent::get_user($default);
|
|
|
|
|
|
|
|
// If we are not logged in, see if there is token for the user
|
2016-08-03 15:56:14 +10:00
|
|
|
if (is_null($uo) AND $tokenuser AND ($token=Session::instance()->get('token')) OR ($token=Arr::get($_REQUEST,'token')))
|
2014-10-02 15:33:07 +10:00
|
|
|
$uo = $this->_get_token_user($token);
|
|
|
|
|
|
|
|
return $uo;
|
|
|
|
}
|
|
|
|
|
2014-09-29 22:06:38 +10:00
|
|
|
// Override Kohana Auth requirement to have a hash_key
|
|
|
|
public function hash($str) {
|
|
|
|
switch ($this->_config['hash_method']) {
|
|
|
|
case '' : return $str;
|
|
|
|
case 'md5': return md5($str);
|
|
|
|
default: return hash_hmac($this->_config['hash_method'], $str, $this->_config['hash_key']);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2014-10-02 15:33:07 +10:00
|
|
|
* lnApp authentication is controlled via database queries.
|
2014-09-29 22:06:38 +10:00
|
|
|
*
|
|
|
|
* This method can be used to test two situations:
|
|
|
|
* 1) Is the user logged in? ($role == FALSE)
|
|
|
|
* 2) Can the user run the current controller->action ($role == TRUE)
|
|
|
|
*
|
|
|
|
* @param boolean If authentication should be done for this module:method (ie: controller:action).
|
|
|
|
* @return boolean
|
|
|
|
*/
|
|
|
|
public function logged_in($role=NULL,$debug=NULL) {
|
|
|
|
$status = FALSE;
|
|
|
|
|
|
|
|
// If we are a CLI, we are not logged in
|
|
|
|
if (PHP_SAPI === 'cli')
|
|
|
|
return $status;
|
|
|
|
|
|
|
|
// Get the user from the session
|
|
|
|
$uo = $this->get_user();
|
|
|
|
|
|
|
|
// If we are not a valid user object, then we are not logged in
|
|
|
|
if (is_object($uo) AND ($uo instanceof Model_Account) AND $uo->loaded())
|
2014-10-08 23:20:27 +11:00
|
|
|
if (empty($role) OR ($role <= $uo->admin))
|
|
|
|
$status = TRUE;
|
2014-09-29 22:06:38 +10:00
|
|
|
|
|
|
|
return $status;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
?>
|