From b74c17f1b5df4862d15c6f072ef0049ff61e3713 Mon Sep 17 00:00:00 2001 From: cweiske Date: Tue, 2 Feb 2010 19:27:03 +0000 Subject: nearly there with auth integration git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@627 b3834d28-1941-0410-a4f8-b48e95affb8f --- src/SemanticScuttle/Service/AuthUser.php | 218 +++++++++++++++++++++++++++++++ 1 file changed, 218 insertions(+) create mode 100644 src/SemanticScuttle/Service/AuthUser.php (limited to 'src/SemanticScuttle/Service/AuthUser.php') diff --git a/src/SemanticScuttle/Service/AuthUser.php b/src/SemanticScuttle/Service/AuthUser.php new file mode 100644 index 0000000..79cac9c --- /dev/null +++ b/src/SemanticScuttle/Service/AuthUser.php @@ -0,0 +1,218 @@ + + * @author Christian Weiske + * @author Eric Dane + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ + +require_once 'Auth.php'; +require_once 'SemanticScuttle/Service/User.php'; + +/** + * SemanticScuttle extendet user management service utilizing + * the PEAR Auth package to enable authentication against + * different services, i.e. LDAP or other databases. + * + * Requires the Log packages for debugging purposes. + * + * @category Bookmarking + * @package SemanticScuttle + * @author Christian Weiske + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ +class SemanticScuttle_Service_AuthUser extends SemanticScuttle_Service_User +{ + /** + * PEAR Auth instance + * + * @var Auth + */ + protected $auth = null; + + /** + * If we want to debug authentication process + * + * @var boolean + */ + protected $authdebug = false; + + /** + * Authentication type (i.e. LDAP) + * + * @var string + * + * @link http://pear.php.net/manual/en/package.authentication.auth.intro-storage.php + */ + var $authtype = null; + + /** + * Authentication options + * + * @var array + * + * @link http://pear.php.net/manual/en/package.authentication.auth.intro.php + */ + var $authoptions = null; + + + + /** + * Returns the single service instance + * + * @param sql_db $db Database object + * + * @return SemanticScuttle_Service_AuthUser + */ + public static function getInstance($db) + { + static $instance; + if (!isset($instance)) { + $instance = new self($db); + } + return $instance; + } + + + + /** + * Create new instance + * + * @var sql_db $db Database object + */ + protected function __construct($db) + { + parent::__construct($db); + + $this->authtype = $GLOBALS['authType']; + $this->authoptions = $GLOBALS['authOptions']; + $this->authdebug = $GLOBALS['authDebug']; + + //FIXME: throw error when no authtype set? + if (!$this->authtype) { + return; + } + require_once 'Auth.php'; + $this->auth = new Auth($this->authtype, $this->authoptions); + //FIXME: check if it worked (i.e. db connection) + if ($this->authdebug) { + require_once 'Log.php'; + $this->auth->logger = Log::singleton( + 'display', '', '', array(), PEAR_LOG_DEBUG + ); + $this->auth->enableLogging = true; + } + $this->auth->setShowLogin(false); + } + + + + /** + * Return current user id based on session or cookie + * + * @return mixed Integer user id or boolean false when user + * could not be found or is not logged on. + */ + public function getCurrentUserId() + { + if (!$this->auth) { + return parent::getCurrentUserId(); + } + + //FIXME: caching? + $name = $this->auth->getUsername(); + if (!$name) { + return false; + } + return $this->getIdFromUser($name); + } + + + + /** + * Try to authenticate and login a user with + * username and password. + * + * @param string $username Name of user + * @param string $password Password + * @param boolean $remember If a long-time cookie shall be set + * + * @return boolean True if the user could be authenticated, + * false if not. + */ + public function login($username, $password, $remember = false) + { + if (!$this->auth) { + return parent::login($username, $password, $remember); + } + + $ok = $this->loginAuth($username, $password); + $password = $this->sanitisePassword($password); + $id = $this->getIdFromUser($username); + //FIXME: check against auth + } + + + /** + * Uses PEAR's Auth class to authenticate the user against a container. + * This allows us to use LDAP, a different database or some other + * external system. + * + * @param string $username Username to check + * @param string $password Password to check + * + * @return boolean If the user has been authenticated or not + */ + public function loginAuth($username, $password) + { + $this->auth->post = array( + 'username' => $username, + 'password' => $password, + ); + $this->auth->start(); + + if (!$this->auth->checkAuth()) { + return false; + } + + //put user in database + if (!$this->getUserByUsername($username)) { + $this->addUser( + $username, $password, + $username . '@' . $GLOBALS['authemaildomain'] + ); + } + //FIXME: what if the user changed his password? + //FIXME: what if the user does not need an email domain? + + return true; + } + + + + + /** + * Logs the current user out of the system. + * + * @return void + */ + public function logout() + { + parent::logout(); + + if ($this->auth) { + $this->auth->logout(); + $this->auth = null; + } + } + +} +?> \ No newline at end of file -- cgit v1.2.3