advanced code snippet search

Posted By

mladoux on 05/28/12


Tagged

security codeigniter mBlog


Versions (?)

mBlog Authentication Library

 / Published in: PHP
 

URL: http://markladoux.com

mBlog Authentication Library Mark LaDoux http://markladoux.com/

Inspired by the DBlog Authentication Library David Behler http://www.davidbehler.de/

Handles authentication and authorization requests for mBlog.

Expand | Embed | Plain Text 
  1. <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
  2. /**
  3.  * mBlog Authentication Library
  4.  * Mark LaDoux <http://markladoux.com/>
  5.  *
  6.  * Inspired by the DBlog Authentication Library
  7.  * David Behler <http://www.davidbehler.de/>
  8.  *
  9.  * Handles authentication and authorization requests for mBlog.
  10.  *
  11.  * Changes:
  12.  *
  13.  * Change hashing method from md5 to use the PHPass Framework
  14.  * <http://www.openwall.com/phpass/>
  15.  * 
  16.  * Removed some unnecessary functions as they are for features that I
  17.  * have not yet implemented.
  18.  *
  19.  * Simplified a few things here and there.
  20.  *
  21.  * Added a registration function
  22.  *
  23.  * @version		1.0.1
  24.  * @author		Mark LaDoux <[email protected]>
  25.  * @copyright	Copyright (c) 2012, Mark LaDoux
  26.  * @license		http://www.gnu.org/licenses/gpl.html
  27.  */
  28. class Auth
  29. {
  30. 	/**
  31. 	 * CodeIgniter object
  32. 	 *
  33. 	 * @access	protected
  34. 	 * @var		object
  35. 	 * @since	1.0
  36. 	 */
  37. 	protected $ci;
  38.  
  39. 	/**
  40. 	 * User information
  41. 	 *
  42. 	 * @access	protected
  43. 	 * @static	array
  44. 	 * @since	1.0
  45. 	 */
  46. 	protected static $user = FALSE; // default to not logged in
  47.  
  48. 	/**
  49. 	 * User Rights
  50. 	 *
  51. 	 * @access	protected
  52. 	 * @static	array
  53. 	 * @since	1.0
  54. 	 */
  55. 	protected static $rights = FALSE; // default to no rights
  56.  
  57. 	/**
  58. 	 * __construct
  59. 	 *
  60. 	 * Prepares library for use
  61. 	 *
  62. 	 * @access	public
  63. 	 * @return	void
  64. 	 * @since	1.0
  65. 	 */
  66.  
  67. 	public function __construct()
  68. 	{
  69. 		// Load the CodeIgniter object
  70. 		$this->ci =& get_instance();
  71.  
  72. 		// Ensure library requirements are loaded
  73. 		$this->ci->load->database();
  74. 		$this->ci->load->library('session');
  75. 		$this->ci->load->library('PasswordHash');
  76.  
  77. 		// TODO: Add email verification support
  78. 		// $this->ci->load->library('email');
  79.  
  80. 		// Prepare configuration options
  81. 		$user = $this->ci->session->userdata('user');
  82.  
  83. 		// get user data
  84. 		if($user != FALSE)
  85. 		{
  86. 			self::$user = $this->get_user($user['user_id']);
  87. 		}
  88. 		$this->_get_rights($this->get_user_id());
  89. 	}
  90.  
  91. 	/**
  92. 	 * is_logged_in
  93. 	 *
  94. 	 * Reports whether a user is logged in or not.
  95. 	 *
  96. 	 * @access	public
  97. 	 * @return	bool 
  98. 	 * @since	1.0
  99. 	 */
  100.  
  101. 	public function is_logged_in()
  102. 	{
  103. 		return is_array(self::$user);
  104. 	}
  105.  
  106. 	/**
  107. 	 * login
  108. 	 *
  109. 	 * Verifies user credentials
  110. 	 *
  111. 	 * @access	public
  112. 	 * @param	string	$username
  113. 	 * @param	string	$password
  114. 	 * @return	bool
  115. 	 * @since	1.0
  116. 	 */
  117.  
  118. 	public function login($username, $password)
  119. 	{
  120. 		// retrieve data for processing.
  121. 		$this->ci->db->where('username', $username);
  122. 		$result = $this->ci->db->get('users');
  123.  
  124. 		// initialize check data as failed
  125. 		$valid = FALSE;
  126.  
  127. 		// check user password
  128. 		if($result->num_rows() ==1)
  129. 		{
  130. 			$user = $result->row_array();
  131. 			if($this->PasswordHash->CheckPassword($password, $user['password']))
  132. 			{
  133. 				$valid = TRUE;
  134. 			}
  135. 		}
  136.  
  137. 		// if password checks out, let's get this session started!
  138. 		if($valid)
  139. 		{
  140. 			$this->ci->session->set_userdata('user', $user);
  141. 			self::$user 	= $user;
  142. 			self::$rights	= $this->_get_rights();
  143. 		}
  144.  
  145. 		// return results
  146. 		return $valid;
  147. 	}
  148.  
  149. 	/**
  150. 	 * register
  151. 	 *
  152. 	 * Registers a new user
  153. 	 *
  154. 	 * @access	public
  155. 	 * @param	string	$username
  156. 	 * @param	string	$password
  157. 	 * @param	string	$email
  158. 	 * @return	bool
  159. 	 * @since	1.0
  160. 	 */
  161.  
  162. 	public function register($username, $password, $email)
  163. 	{
  164. 		// check if user exists
  165. 		$this->ci->db->where('username', $username);
  166. 		$result = $this->ci->db->get('users');
  167. 		if($result->num_rows() == 1)
  168. 		{
  169. 			return FALSE;
  170. 		}
  171.  
  172. 		// verify email address
  173. 		if(! filtervar($email, FILTERVALIDATE_EMAIL))
  174. 		{
  175. 			return FALSE;
  176. 		}
  177.  
  178. 		// empty query
  179. 		$result->free_result();
  180.  
  181. 		// make password hash
  182. 		$password_hash = $this->PasswordHash->HashPassword($password);
  183.  
  184. 		// prepare data for insertion
  185. 		$user['username']	= $username;
  186. 		$user['password']	= $password_hash;
  187. 		$user['email']		= $email;
  188.  
  189. 		// insert data into the database.
  190. 		$this->ci->db->insert('users', $user);
  191. 	}
  192.  
  193. 	/**
  194. 	 * logout
  195. 	 *
  196. 	 * logs a user out and destroys session data
  197. 	 *
  198. 	 * @access	public
  199. 	 * @return	void 
  200. 	 * @since	1.0
  201. 	 */
  202.  
  203. 	public function logout()
  204. 	{
  205. 		self::$user		= FALSE; 			// clear user data
  206. 		self::$rights	= FALSE; 			// clear user permissions
  207. 		$this->ci->session->sess_destroy();	// destroy session
  208. 	}
  209.  
  210. 	/**
  211. 	 * get_user_name
  212. 	 *
  213. 	 * retrieves the current user name
  214. 	 *
  215. 	 * @access	public
  216. 	 * @return	string
  217. 	 * @since	1.0
  218. 	 */
  219.  
  220. 	public function get_user_name()
  221. 	{
  222. 		if($this->is_logged_in())
  223. 		{
  224. 			return self::$user['username'];
  225. 		}
  226. 		return FALSE;
  227. 	}
  228.  
  229. 	/**
  230. 	 * get_user_id
  231. 	 *
  232. 	 * retrieves the current user id
  233. 	 *
  234. 	 * @access	public
  235. 	 * @return	int
  236. 	 * @since	1.0
  237. 	 */
  238.  
  239. 	public function get_user_id()
  240. 	{
  241. 		if($this->logged_in())
  242. 		{
  243. 			return self::$user['user_id'];
  244. 		}
  245. 		return FALSE;
  246. 	}
  247.  
  248. 	/**
  249. 	 * get_user
  250. 	 *
  251. 	 * Retrieves user information from database
  252. 	 *
  253. 	 * @access	public
  254. 	 * @param	int		$user_id
  255. 	 * @return	array
  256. 	 * @since	1.0
  257. 	 */
  258.  
  259. 	public function get_user($user_id = '')
  260. 	{
  261. 		// if $user_id not set, assume that we
  262. 		// are looking for ourselves
  263. 		if($this->logged_in() && $user_id == '')
  264. 		{
  265. 			$user_id = $this->get_user_id();
  266. 		}
  267.  
  268. 		// retrieve data
  269. 		$this->ci->db->where('user_id', $user_id);
  270. 		$result	= $this->ci->db->get('users');
  271.  
  272. 		// check results
  273. 		if($result->num_rows() == 1)
  274. 		{
  275. 			return $result->row_array();
  276. 		}
  277.  
  278. 		return FALSE;
  279. 	}
  280.  
  281. 	/**
  282. 	 * _get_rights
  283. 	 *
  284. 	 * Retrieves users permissions from database
  285. 	 *
  286. 	 * @access	protected
  287. 	 * @param	int		$user_id
  288. 	 * @return	void
  289. 	 * @since	1.0
  290. 	 */
  291.  
  292. 	protected function _get_rights($user_id = FALSE)
  293.     {
  294.     	if($this->is_logged_in())
  295.     	{
  296. 	    	$this->ci->db->distinct();
  297. 	    	$this->ci->db->where('user_group_user_id', $user_id);
  298. 	    	$this->ci->db->from('user_group');
  299. 	    	$this->ci->db->join(
  300. 	    		'group_right', 
  301. 	    		'group_right_group_id = user_group_group_id'
  302. 	    		);
  303. 	    	$this->ci->db->join('right', 'right_id = group_right_right_id');
  304.     	}
  305.     	else
  306.     	{
  307.     		$this->ci->db->distinct();
  308.     		$this->ci->db->from('config');
  309.     		$this->ci->db->join(
  310.     			'group_right', 
  311.     			'config_not_logged_in_user_group_id = group_right_group_id'
  312.     			);
  313.     		$this->ci->db->join('right', 'right_id = group_right_right_id');
  314.     	}
  315.     	$result = $this->ci->db->get();
  316.     	if($result->num_rows() > 0)
  317.     	{
  318.     		self::$rights = array();
  319. 			foreach($result->result_array() as $right)
  320. 			{
  321. 				self::$rights[$right['right_name']] = TRUE;
  322. 			}
  323.     	}
  324.     	else
  325.     	{
  326.     		self::$rights = FALSE;
  327.     	}
  328.     }
  329.  
  330.     /**
  331.      * has_right
  332.      *
  333.      * reports whether user has permission to view item, or perform
  334.      * an operation
  335.      *
  336.      * @access	public
  337.      * @return	bool
  338. 	 * @since	1.0
  339.      */
  340.  
  341.     public function has_right($right)
  342.     {
  343.  		if(isset(self::$rights[$right]) || isset(self::$rights['admin']))
  344.  		{
  345.  			return TRUE;
  346.  		}
  347.  		return FALSE;
  348.     }
  349. }

Report this snippet  

You need to login to post a comment.