joshtronic/pickles
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Updates.

Browse source 
git-svn-id: http://svn.cleancode.org/svn/pickles@144 4d10bc64-7434-11dc-a737-d2d0f8310089
This commit is contained in:
Josh Sherman 2009-07-29 01:16:49 +00:00
parent 71b2a7c11a
commit c471a7aa3f
11 changed files with 456 additions and 4580 deletions
Download patch file Download diff file Expand all files Collapse all files

149
classes/Security.php
View file

@ -28,19 +28,14 @@
* Security Class
*
* Handles authenticating a user via an Apache login box.
*
* @todo Make the SQL less specific, right now you have to use a table
* named users, and use the email as the username. I will need
* to move this to the configuration and allow the user to
* specify which table to authenticate against, and what column
* names to use for the username and password.
*/
class Security extends Object {
class Security extends Object
{
private $config;
private $db;
public function __construct(Config $config, DB $db) {
public function __construct(Config $config, DB $db)
{
parent::__construct();
$this->config = $config;
$this->db = $db;
@ -54,69 +49,89 @@ class Security extends Object {
* the user cannot successfully they will be presented with a 401
* Unauthorized page.
*
* @todo I'm sure someone will find the access denied message offensive,
* so this will need to be made more generic. May also want to
* add in the ability for someone to add a custom message and/or
* landing page in the configuration as well.
* @todo May also want to add in the ability for someone to add a custom
* message and/or landing page in the configuration as well.
*/
public function authenticate() {
if (isset($this->config->admin, $this->config->admin->username, $this->config->admin->password)) {
$_SESSION['user_id'] = null;
if (isset($_SERVER['PHP_AUTH_USER'])) {
if (
$_SERVER['PHP_AUTH_USER'] == $this->config->admin->username
&& $this->encrypt($this->config->admin->salt, $_SERVER['PHP_AUTH_PW']) == $this->config->admin->password
) {
$_SESSION['user_id'] = 1;
public function authenticate()
{
if (!isset($_SESSION['user_id']))
{
if (isset($this->config->admin, $this->config->admin->username, $this->config->admin->password))
{
$_SESSION['user_id'] = null;
if (isset($_SERVER['PHP_AUTH_USER']))
{
if ($_SERVER['PHP_AUTH_USER'] == $this->config->admin->username && Security::doubleMD5($_SERVER['PHP_AUTH_PW'], $this->config->admin->salt) == $this->config->admin->password)
{
$_SESSION['user_id'] = 1;
}
}
}
}
else {
else
{
$table = array(
'name' => 'users',
'fields' => array(
'id' => 'id',
'username' => 'username',
'password' => 'password'
)
);
$table = array(
'name' => 'users',
'fields' => array(
'id' => 'id',
'username' => 'username',
'password' => 'password'
)
);
$table = $this->config->getTableMapping('users', $table);
$table = $this->config->getTableMapping('users', $table);
if (isset($_SERVER['PHP_AUTH_USER']))
{
$from = '
FROM ' . $table['name'] . '
WHERE ' . $table['fields']['username'] . ' = "' . $_SERVER['PHP_AUTH_USER'] . '"
AND ' . $table['fields']['password'] . ' = "' . md5($_SERVER['PHP_AUTH_PW']) . '";
';
if (isset($_SERVER['PHP_AUTH_USER'])) {
$from = '
FROM ' . $table['name'] . '
WHERE ' . $table['fields']['username'] . ' = "' . $_SERVER['PHP_AUTH_USER'] . '"
AND ' . $table['fields']['password'] . ' = "' . md5($_SERVER['PHP_AUTH_PW']) . '";
';
$this->db->execute('SELECT COUNT(' . $table['fields']['id'] . ') ' . $from);
if ($this->db->getField() != 0) {
$this->db->execute('SELECT ' . $table['fields']['id'] . ' ' . $from);
$_SESSION['user_id'] = $this->db->getField();
}
else {
$_SESSION['user_id'] = null;
$this->db->execute('SELECT COUNT(' . $table['fields']['id'] . ') ' . $from);
if ($this->db->getField() != 0)
{
$this->db->execute('SELECT ' . $table['fields']['id'] . ' ' . $from);
$_SESSION['user_id'] = $this->db->getField();
}
else
{
$_SESSION['user_id'] = null;
}
}
}
}
if (!isset($_SESSION['user_id'])) {
header('WWW-Authenticate: Basic realm="' . $_SERVER['SERVER_NAME'] . ' Secured Page"');
header('HTTP/1.0 401 Unauthorized');
exit('Invalid login credentials, access denied.');
if (!isset($_SESSION['user_id']))
{
if ($this->config->modules->{'pre-login'})
{
header('Location: /' . $this->config->modules->{'pre-login'});
exit();
}
else
{
header('WWW-Authenticate: Basic realm="' . $_SERVER['SERVER_NAME'] . ' Secured Page"');
header('HTTP/1.0 401 Unauthorized');
exit('Invalid login credentials, access denied.');
}
}
else {
/**
* @todo add logic to allow the site owner to force a redirect when a user logs in
*/
//header('Location: /');
//exit();
/*
else
{
if ($this->config->modules->{'post-login'})
{
//header('Location: /' . $this->config->modules->{'post-login'});
//exit();
}
else
{
//header('Location: /');
//exit();
}
}
*/
}
/**
@ -124,13 +139,21 @@ class Security extends Object {
*
* Destroys the session, and redirects the user to the root of the site.
*/
public function logout() {
public function logout()
{
session_destroy();
header('Location: /');
}
public function encrypt($salt, $string) {
return md5($salt . md5($salt . $string));
public static function doubleMD5($string, $salt1 = null, $salt2 = null)
{
if (!isset($salt2))
{
$salt2 = $salt1;
}
return md5($salt2 . md5($salt1 . $string));
}
}