_config = $config; if (PHP_SAPI !== 'cli') parent::__construct($config); } /** * Get the user that a token applies to * * This will check that the token is valid (not expired and for the request) * * @param $token The token * @return Model_Account|NULL The user that the token is valid for. */ private function _get_token_user($token) { list($id,$key) = explode(':',$token,2); $uo = ORM::factory('Account',$id); return ($uo->token(NULL,NULL,NULL,NULL) == $token) ? $uo : NULL; } /** * Logs a user in. * * @param string username * @param string password * @param boolean enable autologin * @return boolean */ protected function _login($user,$password,$remember) { if (! is_object($user)) { $username = $user; // Load the user $user = ORM::factory($this->_model); $user->where('email','=',$username)->find(); // If no user loaded, return if (! $user->loaded()) return FALSE; } // Create a hashed password if (is_string($password)) $password = $this->hash($password); // If we have the right password, we'll check the status of the account if ($user->password === $password AND $user->active) { if (! $user->activated()) HTTP::redirect(URL::link('user','account/activate')); // Record our session ID, we may need to update our DB when we get a new ID $oldsess = session_id(); // Finish the login $this->complete_login($user); // Do we need to update databases with our new sesion ID $sct = Kohana::$config->load('config')->session_change_trigger; if (session_id() != $oldsess AND count($sct)) foreach ($sct as $t => $c) if (Config::module_exist($t)) foreach (ORM::factory(ucwords($t))->where($c,'=',$oldsess)->find_all() as $o) $o->set('session_id',session_id()) ->update(); return TRUE; } // Login failed return FALSE; } /** * Determine if a user is authorised to view an account * * @param Model_Account Account Ojbect to validate if the current user has access * @return boolean TRUE if authorised, FALSE if not. */ public function authorised(Model_Account $ao) { return (($uo = $this->get_user()) AND $uo->loaded() AND ($uo == $ao OR in_array($ao->id,$uo->RTM->customers($uo->RTM)))); } public function get_groups() { return is_null($x=$this->get_user()) ? ORM::factory('Group')->where('id','=',0)->find_all() : $x->groups(); } /** * Gets the currently logged in user from the session. * Returns NULL if no user is currently logged in. * * @param boolean Check token users too * @return mixed */ public function get_user($default=NULL,$tokenuser=TRUE) { // If we are a CLI, we are not logged in if (PHP_SAPI === 'cli') throw new Kohana_Exception('Calling :method from the CLI is not allowed!',array(':method'=>__METHOD__)); // Get the current user $uo = parent::get_user($default); // If we are not logged in, see if there is token for the user if (is_null($uo) AND $tokenuser AND ($token=Session::instance()->get('token')) OR (! empty($_REQUEST['token']) AND $token=$_REQUEST['token'])) $uo = $this->_get_token_user($token); return $uo; } // Override Kohana Auth requirement to have a hash_key public function hash($str) { switch ($this->_config['hash_method']) { case '' : return $str; case 'md5': return md5($str); default: return hash_hmac($this->_config['hash_method'], $str, $this->_config['hash_key']); } } /** * lnApp authentication is controlled via database queries. * * This method can be used to test two situations: * 1) Is the user logged in? ($role == FALSE) * 2) Can the user run the current controller->action ($role == TRUE) * * @param boolean If authentication should be done for this module:method (ie: controller:action). * @return boolean */ public function logged_in($role=NULL,$debug=NULL) { $status = FALSE; // If we are a CLI, we are not logged in if (PHP_SAPI === 'cli') return $status; // Get the user from the session $uo = $this->get_user(); // If we are not a valid user object, then we are not logged in if (is_object($uo) AND ($uo instanceof Model_Account) AND $uo->loaded()) $status = TRUE; return $status; } } ?>