From 3086fa2998187a1a6678a348fca290b0ada9ebbc Mon Sep 17 00:00:00 2001 From: Deon George Date: Wed, 31 Aug 2016 21:51:00 +1000 Subject: [PATCH] Moved token functions from OSB --- classes/lnAuth/Auth/ORM.php | 88 ++++++++++++++++++++++++++++++++++++- 1 file changed, 87 insertions(+), 1 deletion(-) diff --git a/classes/lnAuth/Auth/ORM.php b/classes/lnAuth/Auth/ORM.php index 84aafd9..2a00081 100644 --- a/classes/lnAuth/Auth/ORM.php +++ b/classes/lnAuth/Auth/ORM.php @@ -66,7 +66,7 @@ abstract class lnAuth_Auth_ORM extends lnApp_Auth_ORM { Session::instance()->set('token',$token); - $uo = ORM::factory($this->_model,$mmto->account_id); + $uo = ORM::factory('Account',$mmto->account_id); $uo->log(sprintf('Token %s used for method %s [%s]',$mmto->token,$mmto->module_method->id,Request::current()->param('id'))); } } @@ -75,6 +75,92 @@ abstract class lnAuth_Auth_ORM extends lnApp_Auth_ORM { return $uo; } + /** + * Logs a user in. + * + * @param string username + * @param string password + * @param boolean enable autologin + * @return boolean + */ + protected function _login($user,$password,$remember) { + if (! is_object($user)) { + $username = $user; + + // Load the user + $user = ORM::factory('Account'); + $user->where('username','=',$username)->find(); + + // If no user loaded, return + if (! $user->loaded()) + return FALSE; + } + + // Create a hashed password + if (is_string($password)) + $password = $this->hash($password); + + // If the passwords match, perform a login + if ($user->active AND $user->has_any('group',ORM::factory('Group',array('name'=>'Registered Users'))->list_childgrps(TRUE)) AND $user->password === $password) { + + // @todo This is not currently used. + if ($remember === TRUE) { + // Create a new autologin token + $token = ORM::factory('User_Token'); + + // Set token data + $token->user_id = $user->id; + $token->expires = time() + $this->_config['lifetime']; + $token->save(); + + // Set the autologin cookie + Cookie::set('authautologin', $token->token, $this->_config['lifetime']); + } + + // Record our session ID, we may need to update our DB when we get a new ID + $oldsess = session_id(); + + // Finish the login + $this->complete_login($user); + + // Do we need to update databases with our new sesion ID + $sct = Kohana::$config->load('config')->session_change_trigger; + if (session_id() != $oldsess AND count($sct)) + foreach ($sct as $t => $c) + if (Config::module_exist($t)) + foreach (ORM::factory(ucwords($t))->where($c,'=',$oldsess)->find_all() as $o) + $o->set('session_id',session_id()) + ->update(); + + return TRUE; + } + + // Login failed + return FALSE; + } + + /** + * Gets the currently logged in user from the session. + * Returns NULL if no user is currently logged in. + * + * @param boolean Check token users too + * @return mixed + */ + public function get_user($default=NULL,$tokenuser=TRUE) { + // If we are a CLI, we are not logged in + if (PHP_SAPI === 'cli') + throw new Kohana_Exception('Calling :method from the CLI is not allowed!',array(':method'=>__METHOD__)); + + // Get the current user + $uo = parent::get_user($default); + + // If we are not logged in, see if there is token for the user + if (is_null($uo) AND $tokenuser AND ($token=Session::instance()->get('token')) OR ($token=Arr::get($_REQUEST,'token'))) + $uo = $this->_get_token_user($token); + + return $uo; + } + /** * Authentication is controlled via database queries. *