Posted By

mladoux on 05/28/12


Tagged

security codeigniter mBlog


Versions (?)

mBlog Authentication Library


 / Published in: PHP
 

URL: http://markladoux.com

mBlog Authentication Library Mark LaDoux http://markladoux.com/

Inspired by the DBlog Authentication Library David Behler http://www.davidbehler.de/

Handles authentication and authorization requests for mBlog.

  1. <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
  2. /**
  3.  * mBlog Authentication Library
  4.  * Mark LaDoux <http://markladoux.com/>
  5.  *
  6.  * Inspired by the DBlog Authentication Library
  7.  * David Behler <http://www.davidbehler.de/>
  8.  *
  9.  * Handles authentication and authorization requests for mBlog.
  10.  *
  11.  * Changes:
  12.  *
  13.  * Change hashing method from md5 to use the PHPass Framework
  14.  * <http://www.openwall.com/phpass/>
  15.  *
  16.  * Removed some unnecessary functions as they are for features that I
  17.  * have not yet implemented.
  18.  *
  19.  * Simplified a few things here and there.
  20.  *
  21.  * Added a registration function
  22.  *
  23.  * @version 1.0.1
  24.  * @author Mark LaDoux <[email protected]>
  25.  * @copyright Copyright (c) 2012, Mark LaDoux
  26.  * @license http://www.gnu.org/licenses/gpl.html
  27.  */
  28. class Auth
  29. {
  30. /**
  31. * CodeIgniter object
  32. *
  33. * @access protected
  34. * @var object
  35. * @since 1.0
  36. */
  37. protected $ci;
  38.  
  39. /**
  40. * User information
  41. *
  42. * @access protected
  43. * @static array
  44. * @since 1.0
  45. */
  46. protected static $user = FALSE; // default to not logged in
  47.  
  48. /**
  49. * User Rights
  50. *
  51. * @access protected
  52. * @static array
  53. * @since 1.0
  54. */
  55. protected static $rights = FALSE; // default to no rights
  56.  
  57. /**
  58. * __construct
  59. *
  60. * Prepares library for use
  61. *
  62. * @access public
  63. * @return void
  64. * @since 1.0
  65. */
  66.  
  67. public function __construct()
  68. {
  69. // Load the CodeIgniter object
  70. $this->ci =& get_instance();
  71.  
  72. // Ensure library requirements are loaded
  73. $this->ci->load->database();
  74. $this->ci->load->library('session');
  75. $this->ci->load->library('PasswordHash');
  76.  
  77. // TODO: Add email verification support
  78. // $this->ci->load->library('email');
  79.  
  80. // Prepare configuration options
  81. $user = $this->ci->session->userdata('user');
  82.  
  83. // get user data
  84. if($user != FALSE)
  85. {
  86. self::$user = $this->get_user($user['user_id']);
  87. }
  88. $this->_get_rights($this->get_user_id());
  89. }
  90.  
  91. /**
  92. * is_logged_in
  93. *
  94. * Reports whether a user is logged in or not.
  95. *
  96. * @access public
  97. * @return bool
  98. * @since 1.0
  99. */
  100.  
  101. public function is_logged_in()
  102. {
  103. return is_array(self::$user);
  104. }
  105.  
  106. /**
  107. * login
  108. *
  109. * Verifies user credentials
  110. *
  111. * @access public
  112. * @param string $username
  113. * @param string $password
  114. * @return bool
  115. * @since 1.0
  116. */
  117.  
  118. public function login($username, $password)
  119. {
  120. // retrieve data for processing.
  121. $this->ci->db->where('username', $username);
  122. $result = $this->ci->db->get('users');
  123.  
  124. // initialize check data as failed
  125. $valid = FALSE;
  126.  
  127. // check user password
  128. if($result->num_rows() ==1)
  129. {
  130. $user = $result->row_array();
  131. if($this->PasswordHash->CheckPassword($password, $user['password']))
  132. {
  133. $valid = TRUE;
  134. }
  135. }
  136.  
  137. // if password checks out, let's get this session started!
  138. if($valid)
  139. {
  140. $this->ci->session->set_userdata('user', $user);
  141. self::$user = $user;
  142. self::$rights = $this->_get_rights();
  143. }
  144.  
  145. // return results
  146. return $valid;
  147. }
  148.  
  149. /**
  150. * register
  151. *
  152. * Registers a new user
  153. *
  154. * @access public
  155. * @param string $username
  156. * @param string $password
  157. * @param string $email
  158. * @return bool
  159. * @since 1.0
  160. */
  161.  
  162. public function register($username, $password, $email)
  163. {
  164. // check if user exists
  165. $this->ci->db->where('username', $username);
  166. $result = $this->ci->db->get('users');
  167. if($result->num_rows() == 1)
  168. {
  169. return FALSE;
  170. }
  171.  
  172. // verify email address
  173. if(! filtervar($email, FILTERVALIDATE_EMAIL))
  174. {
  175. return FALSE;
  176. }
  177.  
  178. // empty query
  179. $result->free_result();
  180.  
  181. // make password hash
  182. $password_hash = $this->PasswordHash->HashPassword($password);
  183.  
  184. // prepare data for insertion
  185. $user['username'] = $username;
  186. $user['password'] = $password_hash;
  187. $user['email'] = $email;
  188.  
  189. // insert data into the database.
  190. $this->ci->db->insert('users', $user);
  191. }
  192.  
  193. /**
  194. * logout
  195. *
  196. * logs a user out and destroys session data
  197. *
  198. * @access public
  199. * @return void
  200. * @since 1.0
  201. */
  202.  
  203. public function logout()
  204. {
  205. self::$user = FALSE; // clear user data
  206. self::$rights = FALSE; // clear user permissions
  207. $this->ci->session->sess_destroy(); // destroy session
  208. }
  209.  
  210. /**
  211. * get_user_name
  212. *
  213. * retrieves the current user name
  214. *
  215. * @access public
  216. * @return string
  217. * @since 1.0
  218. */
  219.  
  220. public function get_user_name()
  221. {
  222. if($this->is_logged_in())
  223. {
  224. return self::$user['username'];
  225. }
  226. return FALSE;
  227. }
  228.  
  229. /**
  230. * get_user_id
  231. *
  232. * retrieves the current user id
  233. *
  234. * @access public
  235. * @return int
  236. * @since 1.0
  237. */
  238.  
  239. public function get_user_id()
  240. {
  241. if($this->logged_in())
  242. {
  243. return self::$user['user_id'];
  244. }
  245. return FALSE;
  246. }
  247.  
  248. /**
  249. * get_user
  250. *
  251. * Retrieves user information from database
  252. *
  253. * @access public
  254. * @param int $user_id
  255. * @return array
  256. * @since 1.0
  257. */
  258.  
  259. public function get_user($user_id = '')
  260. {
  261. // if $user_id not set, assume that we
  262. // are looking for ourselves
  263. if($this->logged_in() && $user_id == '')
  264. {
  265. $user_id = $this->get_user_id();
  266. }
  267.  
  268. // retrieve data
  269. $this->ci->db->where('user_id', $user_id);
  270. $result = $this->ci->db->get('users');
  271.  
  272. // check results
  273. if($result->num_rows() == 1)
  274. {
  275. return $result->row_array();
  276. }
  277.  
  278. return FALSE;
  279. }
  280.  
  281. /**
  282. * _get_rights
  283. *
  284. * Retrieves users permissions from database
  285. *
  286. * @access protected
  287. * @param int $user_id
  288. * @return void
  289. * @since 1.0
  290. */
  291.  
  292. protected function _get_rights($user_id = FALSE)
  293. {
  294. if($this->is_logged_in())
  295. {
  296. $this->ci->db->distinct();
  297. $this->ci->db->where('user_group_user_id', $user_id);
  298. $this->ci->db->from('user_group');
  299. $this->ci->db->join(
  300. 'group_right',
  301. 'group_right_group_id = user_group_group_id'
  302. );
  303. $this->ci->db->join('right', 'right_id = group_right_right_id');
  304. }
  305. else
  306. {
  307. $this->ci->db->distinct();
  308. $this->ci->db->from('config');
  309. $this->ci->db->join(
  310. 'group_right',
  311. 'config_not_logged_in_user_group_id = group_right_group_id'
  312. );
  313. $this->ci->db->join('right', 'right_id = group_right_right_id');
  314. }
  315. $result = $this->ci->db->get();
  316. if($result->num_rows() > 0)
  317. {
  318. self::$rights = array();
  319. foreach($result->result_array() as $right)
  320. {
  321. self::$rights[$right['right_name']] = TRUE;
  322. }
  323. }
  324. else
  325. {
  326. self::$rights = FALSE;
  327. }
  328. }
  329.  
  330. /**
  331.   * has_right
  332.   *
  333.   * reports whether user has permission to view item, or perform
  334.   * an operation
  335.   *
  336.   * @access public
  337.   * @return bool
  338. * @since 1.0
  339.   */
  340.  
  341. public function has_right($right)
  342. {
  343. if(isset(self::$rights[$right]) || isset(self::$rights['admin']))
  344. {
  345. return TRUE;
  346. }
  347. return FALSE;
  348. }
  349. }

Report this snippet  

You need to login to post a comment.