khosb/includes/kohana/modules/orm/classes/Kohana/Auth/ORM.php

<?php defined('SYSPATH') OR die('No direct access allowed.');
/**
 * ORM Auth driver.
 *
 * @package    Kohana/Auth
 * @author     Kohana Team
 * @copyright  (c) 2007-2012 Kohana Team
 * @license    http://kohanaframework.org/license
 */
class Kohana_Auth_ORM extends Auth {

	/**
	 * Checks if a session is active.
	 *
	 * @param   mixed    $role Role name string, role ORM object, or array with role names
	 * @return  boolean
	 */
	public function logged_in($role = NULL)
	{
		// Get the user from the session
		$user = $this->get_user();

		if ( ! $user)
			return FALSE;

		if ($user instanceof Model_User AND $user->loaded())
		{
			// If we don't have a roll no further checking is needed
			if ( ! $role)
				return TRUE;

			if (is_array($role))
			{
				// Get all the roles
				$roles = ORM::factory('Role')
							->where('name', 'IN', $role)
							->find_all()
							->as_array(NULL, 'id');

				// Make sure all the roles are valid ones
				if (count($roles) !== count($role))
					return FALSE;
			}
			else
			{
				if ( ! is_object($role))
				{
					// Load the role
					$roles = ORM::factory('Role', array('name' => $role));

					if ( ! $roles->loaded())
						return FALSE;
				}
			}

			return $user->has('roles', $roles);
		}
	}

	/**
	 * Logs a user in.
	 *
	 * @param   string   $username
	 * @param   string   $password
	 * @param   boolean  $remember  enable autologin
	 * @return  boolean
	 */
	protected function _login($user, $password, $remember)
	{
		if ( ! is_object($user))
		{
			$username = $user;

			// Load the user
			$user = ORM::factory('User');
			$user->where($user->unique_key($username), '=', $username)->find();
		}

		if (is_string($password))
		{
			// Create a hashed password
			$password = $this->hash($password);
		}

		// If the passwords match, perform a login
		if ($user->has('roles', ORM::factory('Role', array('name' => 'login'))) AND $user->password === $password)
		{
			if ($remember === TRUE)
			{
				// Token data
				$data = array(
					'user_id'    => $user->pk(),
					'expires'    => time() + $this->_config['lifetime'],
					'user_agent' => sha1(Request::$user_agent),
				);

				// Create a new autologin token
				$token = ORM::factory('User_Token')
							->values($data)
							->create();

				// Set the autologin cookie
				Cookie::set('authautologin', $token->token, $this->_config['lifetime']);
			}

			// Finish the login
			$this->complete_login($user);

			return TRUE;
		}

		// Login failed
		return FALSE;
	}

	/**
	 * Forces a user to be logged in, without specifying a password.
	 *
	 * @param   mixed    $user                    username string, or user ORM object
	 * @param   boolean  $mark_session_as_forced  mark the session as forced
	 * @return  boolean
	 */
	public function force_login($user, $mark_session_as_forced = FALSE)
	{
		if ( ! is_object($user))
		{
			$username = $user;

			// Load the user
			$user = ORM::factory('User');
			$user->where($user->unique_key($username), '=', $username)->find();
		}

		if ($mark_session_as_forced === TRUE)
		{
			// Mark the session as forced, to prevent users from changing account information
			$this->_session->set('auth_forced', TRUE);
		}

		// Run the standard completion
		$this->complete_login($user);
	}

	/**
	 * Logs a user in, based on the authautologin cookie.
	 *
	 * @return  mixed
	 */
	public function auto_login()
	{
		if ($token = Cookie::get('authautologin'))
		{
			// Load the token and user
			$token = ORM::factory('User_Token', array('token' => $token));

			if ($token->loaded() AND $token->user->loaded())
			{
				if ($token->user_agent === sha1(Request::$user_agent))
				{
					// Save the token to create a new unique token
					$token->save();

					// Set the new token
					Cookie::set('authautologin', $token->token, $token->expires - time());

					// Complete the login with the found data
					$this->complete_login($token->user);

					// Automatic login was successful
					return $token->user;
				}

				// Token is invalid
				$token->delete();
			}
		}

		return FALSE;
	}

	/**
	 * Gets the currently logged in user from the session (with auto_login check).
	 * Returns $default if no user is currently logged in.
	 *
	 * @param   mixed    $default to return in case user isn't logged in
	 * @return  mixed
	 */
	public function get_user($default = NULL)
	{
		$user = parent::get_user($default);

		if ($user === $default)
		{
			// check for "remembered" login
			if (($user = $this->auto_login()) === FALSE)
				return $default;
		}

		return $user;
	}

	/**
	 * Log a user out and remove any autologin cookies.
	 *
	 * @param   boolean  $destroy     completely destroy the session
	 * @param	boolean  $logout_all  remove all tokens for user
	 * @return  boolean
	 */
	public function logout($destroy = FALSE, $logout_all = FALSE)
	{
		// Set by force_login()
		$this->_session->delete('auth_forced');

		if ($token = Cookie::get('authautologin'))
		{
			// Delete the autologin cookie to prevent re-login
			Cookie::delete('authautologin');

			// Clear the autologin token from the database
			$token = ORM::factory('User_Token', array('token' => $token));

			if ($token->loaded() AND $logout_all)
			{
				// Delete all user tokens. This isn't the most elegant solution but does the job
				$tokens = ORM::factory('User_Token')->where('user_id','=',$token->user_id)->find_all();
				
				foreach ($tokens as $_token)
				{
					$_token->delete();
				}
			}
			elseif ($token->loaded())
			{
				$token->delete();
			}
		}

		return parent::logout($destroy);
	}

	/**
	 * Get the stored password for a username.
	 *
	 * @param   mixed   $user  username string, or user ORM object
	 * @return  string
	 */
	public function password($user)
	{
		if ( ! is_object($user))
		{
			$username = $user;

			// Load the user
			$user = ORM::factory('User');
			$user->where($user->unique_key($username), '=', $username)->find();
		}

		return $user->password;
	}

	/**
	 * Complete the login for a user by incrementing the logins and setting
	 * session data: user_id, username, roles.
	 *
	 * @param   object  $user  user ORM object
	 * @return  void
	 */
	protected function complete_login($user)
	{
		$user->complete_login();

		return parent::complete_login($user);
	}

	/**
	 * Compare password with original (hashed). Works for current (logged in) user
	 *
	 * @param   string  $password
	 * @return  boolean
	 */
	public function check_password($password)
	{
		$user = $this->get_user();

		if ( ! $user)
			return FALSE;

		return ($this->hash($password) === $user->password);
	}

} // End Auth ORM
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`<?php defined('SYSPATH') OR die('No direct access allowed.');`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`/**`
			`* ORM Auth driver.`
			`*`
			`* @package Kohana/Auth`
			`* @author Kohana Team`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`* @copyright (c) 2007-2012 Kohana Team`
Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`* @license http://kohanaframework.org/license`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`*/`
			`class Kohana_Auth_ORM extends Auth {`

			`/**`
			`* Checks if a session is active.`
			`*`
Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`* @param mixed $role Role name string, role ORM object, or array with role names`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`* @return boolean`
			`*/`
			`public function logged_in($role = NULL)`
			`{`
			`// Get the user from the session`
			`$user = $this->get_user();`

Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`if ( ! $user)`
			`return FALSE;`

			`if ($user instanceof Model_User AND $user->loaded())`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`{`
Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`// If we don't have a roll no further checking is needed`
			`if ( ! $role)`
			`return TRUE;`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00
Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`if (is_array($role))`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`{`
Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`// Get all the roles`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`$roles = ORM::factory('Role')`
Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`->where('name', 'IN', $role)`
			`->find_all()`
			`->as_array(NULL, 'id');`

			`// Make sure all the roles are valid ones`
			`if (count($roles) !== count($role))`
			`return FALSE;`
			`}`
			`else`
			`{`
			`if ( ! is_object($role))`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`{`
Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`// Load the role`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`$roles = ORM::factory('Role', array('name' => $role));`
Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00
			`if ( ! $roles->loaded())`
			`return FALSE;`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`}`
			`}`

Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`return $user->has('roles', $roles);`
			`}`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`}`

			`/**`
			`* Logs a user in.`
			`*`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`* @param string $username`
			`* @param string $password`
			`* @param boolean $remember enable autologin`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`* @return boolean`
			`*/`
			`protected function _login($user, $password, $remember)`
			`{`
			`if ( ! is_object($user))`
			`{`
			`$username = $user;`

			`// Load the user`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`$user = ORM::factory('User');`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`$user->where($user->unique_key($username), '=', $username)->find();`
			`}`

Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`if (is_string($password))`
			`{`
			`// Create a hashed password`
			`$password = $this->hash($password);`
			`}`

Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`// If the passwords match, perform a login`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`if ($user->has('roles', ORM::factory('Role', array('name' => 'login'))) AND $user->password === $password)`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`{`
			`if ($remember === TRUE)`
			`{`
Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`// Token data`
			`$data = array(`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`'user_id' => $user->pk(),`
Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`'expires' => time() + $this->_config['lifetime'],`
			`'user_agent' => sha1(Request::$user_agent),`
			`);`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00
Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`// Create a new autologin token`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`$token = ORM::factory('User_Token')`
Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`->values($data)`
			`->create();`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00
			`// Set the autologin cookie`
			`Cookie::set('authautologin', $token->token, $this->_config['lifetime']);`
			`}`

			`// Finish the login`
			`$this->complete_login($user);`

			`return TRUE;`
			`}`

			`// Login failed`
			`return FALSE;`
			`}`

			`/**`
			`* Forces a user to be logged in, without specifying a password.`
			`*`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`* @param mixed $user username string, or user ORM object`
			`* @param boolean $mark_session_as_forced mark the session as forced`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`* @return boolean`
			`*/`
			`public function force_login($user, $mark_session_as_forced = FALSE)`
			`{`
			`if ( ! is_object($user))`
			`{`
			`$username = $user;`

			`// Load the user`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`$user = ORM::factory('User');`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`$user->where($user->unique_key($username), '=', $username)->find();`
			`}`

			`if ($mark_session_as_forced === TRUE)`
			`{`
			`// Mark the session as forced, to prevent users from changing account information`
			`$this->_session->set('auth_forced', TRUE);`
			`}`

			`// Run the standard completion`
			`$this->complete_login($user);`
			`}`

			`/**`
			`* Logs a user in, based on the authautologin cookie.`
			`*`
			`* @return mixed`
			`*/`
			`public function auto_login()`
			`{`
			`if ($token = Cookie::get('authautologin'))`
			`{`
			`// Load the token and user`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`$token = ORM::factory('User_Token', array('token' => $token));`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00
			`if ($token->loaded() AND $token->user->loaded())`
			`{`
			`if ($token->user_agent === sha1(Request::$user_agent))`
			`{`
			`// Save the token to create a new unique token`
			`$token->save();`

			`// Set the new token`
			`Cookie::set('authautologin', $token->token, $token->expires - time());`

			`// Complete the login with the found data`
			`$this->complete_login($token->user);`

			`// Automatic login was successful`
			`return $token->user;`
			`}`

			`// Token is invalid`
			`$token->delete();`
			`}`
			`}`

			`return FALSE;`
			`}`

			`/**`
			`* Gets the currently logged in user from the session (with auto_login check).`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`* Returns $default if no user is currently logged in.`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`*`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`* @param mixed $default to return in case user isn't logged in`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`* @return mixed`
			`*/`
Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`public function get_user($default = NULL)`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`{`
Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`$user = parent::get_user($default);`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`if ($user === $default)`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`{`
			`// check for "remembered" login`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`if (($user = $this->auto_login()) === FALSE)`
			`return $default;`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`}`

			`return $user;`
			`}`

			`/**`
			`* Log a user out and remove any autologin cookies.`
			`*`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`* @param boolean $destroy completely destroy the session`
			`* @param boolean $logout_all remove all tokens for user`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`* @return boolean`
			`*/`
			`public function logout($destroy = FALSE, $logout_all = FALSE)`
			`{`
			`// Set by force_login()`
			`$this->_session->delete('auth_forced');`

			`if ($token = Cookie::get('authautologin'))`
			`{`
			`// Delete the autologin cookie to prevent re-login`
			`Cookie::delete('authautologin');`

			`// Clear the autologin token from the database`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`$token = ORM::factory('User_Token', array('token' => $token));`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00
			`if ($token->loaded() AND $logout_all)`
			`{`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`// Delete all user tokens. This isn't the most elegant solution but does the job`
			`$tokens = ORM::factory('User_Token')->where('user_id','=',$token->user_id)->find_all();`

			`foreach ($tokens as $_token)`
			`{`
			`$_token->delete();`
			`}`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`}`
			`elseif ($token->loaded())`
			`{`
			`$token->delete();`
			`}`
			`}`

			`return parent::logout($destroy);`
			`}`

			`/**`
			`* Get the stored password for a username.`
			`*`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`* @param mixed $user username string, or user ORM object`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`* @return string`
			`*/`
			`public function password($user)`
			`{`
			`if ( ! is_object($user))`
			`{`
			`$username = $user;`

			`// Load the user`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`$user = ORM::factory('User');`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`$user->where($user->unique_key($username), '=', $username)->find();`
			`}`

			`return $user->password;`
			`}`

			`/**`
			`* Complete the login for a user by incrementing the logins and setting`
			`* session data: user_id, username, roles.`
			`*`
Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`* @param object $user user ORM object`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`* @return void`
			`*/`
			`protected function complete_login($user)`
			`{`
			`$user->complete_login();`

			`return parent::complete_login($user);`
			`}`

			`/**`
			`* Compare password with original (hashed). Works for current (logged in) user`
			`*`
			`* @param string $password`
			`* @return boolean`
			`*/`
			`public function check_password($password)`
			`{`
			`$user = $this->get_user();`

Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`if ( ! $user)`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`return FALSE;`

Upgrade to KH 3.1.3.1 2011-05-13 06:00:25 +00:00			`return ($this->hash($password) === $user->password);`
Added Kohana v3.0.8 2010-08-21 04:43:03 +00:00			`}`

Upgraded to KH 3.3.0 2012-11-09 12:18:50 +00:00			`} // End Auth ORM`