1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137:
<?php
namespace Core\Auth;
use Kernel\Providers\Permission;
use Core\ParentController;
use Core\Providers\Session;
/**
* Class AuthenticateController contains functions for user (de)authentication.
*
* @hooks
* <code>
* ('on_userauth', ['user' => $user]) // Called just after the login session has been created {@see \Core\AuthenticateController::login}
* ('on_userdeauth', ['user' => Session::getUser()]) // Called just before destroying the login session. {@see \Core\AuthenticateController::deauthenticateUser}
* </code>
* @package Core
*/
class AuthenticateController extends ParentController {
/**
* @var AuthenticateController The class instance.
* @internal
*/
protected static $instance;
/**
* @var PasswordModel The instance of the model
*/
protected $model;
/**
* @var \Kernel\Providers\Permission The instance of the Permission class. Used for (de)authentication.
*/
protected $permission;
public function __construct() {
parent::__construct();
$this->model = PasswordModel::singleton();
$this->permission = Permission::singleton();
}
/**
* Returns a AuthenticateController instance, creating it if it did not exist.
* @return AuthenticateController
*/
public static function singleton() {
if (!self::$instance) {
$v = __CLASS__;
self::$instance = new $v;
}
return self::$instance;
}
/**
* Returns the instance of the model for this controller
* @return PasswordModel
*/
public function getModel() {
return $this->model;
}
/**
* Performs an authentication request for a user with 'username' and 'password' post vars
* If the credentials are not correct, AuthenticateController->authenticateUser throws the user accordingly
*
* @param string $username (Optional) if $username is
* @param string $password
*
* @returns array $user The authenticated user (on success) or FALSE on fail
*/
public function login($username = '', $password = '') {
$user = $this->authenticateUser(
$username ?: $this->getPost('username'),
$password ?: $this->getPost('password')
);
if ($user) {
Session::setUser($user);
$this->hooks->do_action('on_userauth', ['user' => $user]);
}
// return either the $user array or false.
return $user;
}
/**
* Logs a user out. That is, sets the current user with ROLE_USER privileges and redirects them to the Home path.
*/
public function logout() {
$this->deauthenticateUser();
$this->redirect($this->url('Home'));
}
/**
* Checks against the database or the config file (depending on configuration) if the credentials are correct.
* @param string $username
* @param string $password
* @return mixed $user on success. On fail redirects accordingly.
*/
protected function authenticateUser($username, $password) {
$config = $this->config->get('Login');
$dbEnabled = (bool)(int)$this->config->get('Database', 'DB_SUPPORT');
$user = [];
if ($dbEnabled && $config['DB_SUPPORT'] == 1) {
$user = $this->model->getUser($username, $password);
} elseif ($username == $config['LOGIN_USERNAME'] && $password == $config['LOGIN_PASSWORD']) {
$user = array(
'username' => $username,
'password' => $password,
'role' => __ROLE_ADMIN__); /* only one user? must be an admin! */
} else {
// Not valid credentials... -> !$user = true;
}
if (!$user) {
/**
* If user didn't authenticate properly, we return false
*/
return false;
//$this->redirect($this->url('Login'));
}
$this->permission->setUserPermission($user['role']);
return $user;
}
/**
* Deauthenticates the current user by setting ROLE_USER privileges.
* @return AuthenticateController;
*/
protected function deauthenticateUser() {
$this->hooks->do_action('on_userdeauth', ['user' => Session::getUser()]);
Session::cleanUser();
$this->permission->setUserPermission(__ROLE_GUEST__);
return $this;
}
}