diff options
Diffstat (limited to 'src/SemanticScuttle/Service/AuthUser.php')
| -rw-r--r-- | src/SemanticScuttle/Service/AuthUser.php | 232 |
1 files changed, 232 insertions, 0 deletions
diff --git a/src/SemanticScuttle/Service/AuthUser.php b/src/SemanticScuttle/Service/AuthUser.php new file mode 100644 index 0000000..9447ee4 --- /dev/null +++ b/src/SemanticScuttle/Service/AuthUser.php @@ -0,0 +1,232 @@ +<?php +/** + * SemanticScuttle - your social bookmark manager. + * + * PHP version 5. + * + * @category Bookmarking + * @package SemanticScuttle + * @author Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net> + * @author Christian Weiske <cweiske@cweiske.de> + * @author Eric Dane <ericdane@users.sourceforge.net> + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ + +require_once 'Auth.php'; +require_once 'SemanticScuttle/Service/User.php'; + +/** + * SemanticScuttle extendet user management service utilizing + * the PEAR Auth package to enable authentication against + * different services, i.e. LDAP or other databases. + * + * Requires the Log packages for debugging purposes. + * + * @category Bookmarking + * @package SemanticScuttle + * @author Christian Weiske <cweiske@cweiske.de> + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ +class SemanticScuttle_Service_AuthUser extends SemanticScuttle_Service_User +{ + /** + * PEAR Auth instance + * + * @var Auth + */ + protected $auth = null; + + /** + * If we want to debug authentication process + * + * @var boolean + */ + protected $authdebug = false; + + /** + * Authentication type (i.e. LDAP) + * + * @var string + * + * @link http://pear.php.net/manual/en/package.authentication.auth.intro-storage.php + */ + var $authtype = null; + + /** + * Authentication options + * + * @var array + * + * @link http://pear.php.net/manual/en/package.authentication.auth.intro.php + */ + var $authoptions = null; + + + + /** + * Returns the single service instance + * + * @param sql_db $db Database object + * + * @return SemanticScuttle_Service_AuthUser + */ + public static function getInstance($db) + { + static $instance; + if (!isset($instance)) { + $instance = new self($db); + } + return $instance; + } + + + + /** + * Create new instance + * + * @var sql_db $db Database object + */ + protected function __construct($db) + { + parent::__construct($db); + + $this->authtype = $GLOBALS['authType']; + $this->authoptions = $GLOBALS['authOptions']; + $this->authdebug = $GLOBALS['authDebug']; + + //FIXME: throw error when no authtype set? + if (!$this->authtype) { + return; + } + require_once 'Auth.php'; + $this->auth = new Auth($this->authtype, $this->authoptions); + //FIXME: check if it worked (i.e. db connection) + if ($this->authdebug) { + require_once 'Log.php'; + $this->auth->logger = Log::singleton( + 'display', '', '', array(), PEAR_LOG_DEBUG + ); + $this->auth->enableLogging = true; + } + $this->auth->setShowLogin(false); + } + + + + /** + * Return current user id based on session or cookie + * + * @return mixed Integer user id or boolean false when user + * could not be found or is not logged on. + */ + public function getCurrentUserId() + { + if (!$this->auth) { + return parent::getCurrentUserId(); + } + + //FIXME: caching? + $name = $this->auth->getUsername(); + if (!$name) { + return parent::getCurrentUserId(); + } + return $this->getIdFromUser($name); + } + + + + /** + * Try to authenticate and login a user with + * username and password. + * + * @param string $username Name of user + * @param string $password Password + * @param boolean $remember If a long-time cookie shall be set + * + * @return boolean True if the user could be authenticated, + * false if not. + */ + public function login($username, $password, $remember = false) + { + if (!$this->auth) { + return parent::login($username, $password, $remember); + } + + $ok = $this->loginAuth($username, $password); + if (!$ok) { + return false; + } + + //utilize real login method to get longtime cookie support etc. + $ok = parent::login($username, $password, $remember); + if ($ok) { + return $ok; + } + + //user must have changed password in external auth. + //we need to update the local database. + $user = $this->getUserByUsername($username); + $this->_updateuser( + $user['uId'], $this->getFieldName('password'), + $this->sanitisePassword($password) + ); + + return parent::login($username, $password, $remember); + } + + + /** + * Uses PEAR's Auth class to authenticate the user against a container. + * This allows us to use LDAP, a different database or some other + * external system. + * + * @param string $username Username to check + * @param string $password Password to check + * + * @return boolean If the user has been successfully authenticated or not + */ + public function loginAuth($username, $password) + { + $this->auth->post = array( + 'username' => $username, + 'password' => $password, + ); + $this->auth->start(); + + if (!$this->auth->checkAuth()) { + return false; + } + + //put user in database + if (!$this->getUserByUsername($username)) { + $this->addUser( + $username, $password, + $username . $GLOBALS['authEmailSuffix'] + ); + } + + return true; + } + + + + + /** + * Logs the current user out of the system. + * + * @return void + */ + public function logout() + { + parent::logout(); + + if ($this->auth) { + $this->auth->logout(); + $this->auth = null; + } + } + +} +?>
\ No newline at end of file |