2013-04-13 16:17:56 +10:00
|
|
|
<?php defined('SYSPATH') OR die('No direct access allowed.');
|
2011-07-20 22:57:07 +10:00
|
|
|
/**
|
|
|
|
* User authorization library. Handles user login and logout, as well as secure
|
|
|
|
* password hashing.
|
|
|
|
*
|
|
|
|
* @package Kohana/Auth
|
|
|
|
* @author Kohana Team
|
2013-04-13 16:17:56 +10:00
|
|
|
* @copyright (c) 2007-2012 Kohana Team
|
2011-07-20 22:57:07 +10:00
|
|
|
* @license http://kohanaframework.org/license
|
|
|
|
*/
|
|
|
|
abstract class Kohana_Auth {
|
|
|
|
|
|
|
|
// Auth instances
|
|
|
|
protected static $_instance;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Singleton pattern
|
|
|
|
*
|
|
|
|
* @return Auth
|
|
|
|
*/
|
|
|
|
public static function instance()
|
|
|
|
{
|
|
|
|
if ( ! isset(Auth::$_instance))
|
|
|
|
{
|
|
|
|
// Load the configuration for this type
|
2013-04-13 16:17:56 +10:00
|
|
|
$config = Kohana::$config->load('auth');
|
2011-07-20 22:57:07 +10:00
|
|
|
|
|
|
|
if ( ! $type = $config->get('driver'))
|
|
|
|
{
|
|
|
|
$type = 'file';
|
|
|
|
}
|
|
|
|
|
|
|
|
// Set the session class name
|
|
|
|
$class = 'Auth_'.ucfirst($type);
|
|
|
|
|
|
|
|
// Create a new session instance
|
|
|
|
Auth::$_instance = new $class($config);
|
|
|
|
}
|
|
|
|
|
|
|
|
return Auth::$_instance;
|
|
|
|
}
|
|
|
|
|
|
|
|
protected $_session;
|
|
|
|
|
|
|
|
protected $_config;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Loads Session and configuration options.
|
|
|
|
*
|
2013-04-13 16:17:56 +10:00
|
|
|
* @param array $config Config Options
|
2011-07-20 22:57:07 +10:00
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function __construct($config = array())
|
|
|
|
{
|
|
|
|
// Save the config in the object
|
|
|
|
$this->_config = $config;
|
|
|
|
|
2013-04-13 16:17:56 +10:00
|
|
|
$this->_session = Session::instance($this->_config['session_type']);
|
2011-07-20 22:57:07 +10:00
|
|
|
}
|
|
|
|
|
|
|
|
abstract protected function _login($username, $password, $remember);
|
|
|
|
|
|
|
|
abstract public function password($username);
|
|
|
|
|
|
|
|
abstract public function check_password($password);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Gets the currently logged in user from the session.
|
|
|
|
* Returns NULL if no user is currently logged in.
|
|
|
|
*
|
2013-04-13 16:17:56 +10:00
|
|
|
* @param mixed $default Default value to return if the user is currently not logged in.
|
2011-07-20 22:57:07 +10:00
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
public function get_user($default = NULL)
|
|
|
|
{
|
|
|
|
return $this->_session->get($this->_config['session_key'], $default);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Attempt to log in a user by using an ORM object and plain-text password.
|
|
|
|
*
|
2013-04-13 16:17:56 +10:00
|
|
|
* @param string $username Username to log in
|
|
|
|
* @param string $password Password to check against
|
|
|
|
* @param boolean $remember Enable autologin
|
2011-07-20 22:57:07 +10:00
|
|
|
* @return boolean
|
|
|
|
*/
|
|
|
|
public function login($username, $password, $remember = FALSE)
|
|
|
|
{
|
|
|
|
if (empty($password))
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
return $this->_login($username, $password, $remember);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Log out a user by removing the related session variables.
|
|
|
|
*
|
2013-04-13 16:17:56 +10:00
|
|
|
* @param boolean $destroy Completely destroy the session
|
|
|
|
* @param boolean $logout_all Remove all tokens for user
|
2011-07-20 22:57:07 +10:00
|
|
|
* @return boolean
|
|
|
|
*/
|
|
|
|
public function logout($destroy = FALSE, $logout_all = FALSE)
|
|
|
|
{
|
|
|
|
if ($destroy === TRUE)
|
|
|
|
{
|
|
|
|
// Destroy the session completely
|
|
|
|
$this->_session->destroy();
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
// Remove the user from the session
|
|
|
|
$this->_session->delete($this->_config['session_key']);
|
|
|
|
|
|
|
|
// Regenerate session_id
|
|
|
|
$this->_session->regenerate();
|
|
|
|
}
|
|
|
|
|
|
|
|
// Double check
|
|
|
|
return ! $this->logged_in();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check if there is an active session. Optionally allows checking for a
|
|
|
|
* specific role.
|
|
|
|
*
|
2013-04-13 16:17:56 +10:00
|
|
|
* @param string $role role name
|
2011-07-20 22:57:07 +10:00
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
public function logged_in($role = NULL)
|
|
|
|
{
|
|
|
|
return ($this->get_user() !== NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Creates a hashed hmac password from a plaintext password. This
|
|
|
|
* method is deprecated, [Auth::hash] should be used instead.
|
|
|
|
*
|
|
|
|
* @deprecated
|
2013-04-13 16:17:56 +10:00
|
|
|
* @param string $password Plaintext password
|
2011-07-20 22:57:07 +10:00
|
|
|
*/
|
|
|
|
public function hash_password($password)
|
|
|
|
{
|
|
|
|
return $this->hash($password);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Perform a hmac hash, using the configured method.
|
|
|
|
*
|
2013-04-13 16:17:56 +10:00
|
|
|
* @param string $str string to hash
|
2011-07-20 22:57:07 +10:00
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function hash($str)
|
|
|
|
{
|
|
|
|
if ( ! $this->_config['hash_key'])
|
|
|
|
throw new Kohana_Exception('A valid hash key must be set in your auth config.');
|
|
|
|
|
|
|
|
return hash_hmac($this->_config['hash_method'], $str, $this->_config['hash_key']);
|
|
|
|
}
|
|
|
|
|
|
|
|
protected function complete_login($user)
|
|
|
|
{
|
|
|
|
// Regenerate session_id
|
|
|
|
$this->_session->regenerate();
|
|
|
|
|
|
|
|
// Store username in session
|
|
|
|
$this->_session->set($this->_config['session_key'], $user);
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
} // End Auth
|