2007-01-12 17:49:02 +00:00
< ? php
/* SVN FILE: $Id$ */
/**
* Authentication component
*
* Manages user logins and permissions .
*
* PHP versions 4 and 5
*
2007-02-02 10:39:45 +00:00
* CakePHP ( tm ) : Rapid Development Framework < http :// www . cakephp . org />
* Copyright 2005 - 2007 , Cake Software Foundation , Inc .
2007-01-12 17:49:02 +00:00
* 1785 E . Sahara Avenue , Suite 490 - 204
* Las Vegas , Nevada 89104
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice .
*
* @ filesource
2007-02-02 10:39:45 +00:00
* @ copyright Copyright 2005 - 2007 , Cake Software Foundation , Inc .
* @ link http :// www . cakefoundation . org / projects / info / cakephp CakePHP ( tm ) Project
2007-01-12 17:49:02 +00:00
* @ package cake
* @ subpackage cake . cake . libs . controller . components
2007-02-02 10:39:45 +00:00
* @ since CakePHP ( tm ) v 0.10 . 0.1076
2007-01-12 17:49:02 +00:00
* @ version $Revision $
* @ modifiedby $LastChangedBy $
* @ lastmodified $Date $
* @ license http :// www . opensource . org / licenses / mit - license . php The MIT License
*/
uses ( 'set' , 'security' );
/**
* Authentication control component class
*
* Binds access control with user authentication and session management .
*
* @ package cake
* @ subpackage cake . cake . libs . controller . components
*/
class AuthComponent extends Object {
/**
* Other components utilized by AuthComponent
*
* @ var array
* @ access public
*/
var $components = array ( 'Session' , 'Acl' , 'RequestHandler' );
/**
* The name of an optional view element to render when an Ajax request is made
* with an invalid or expired session
*
* @ var string
* @ access public
*/
var $ajaxLogin = null ;
/**
2007-02-10 22:59:08 +00:00
* The name of the model that represents users which will be authenticated . Defaults to 'User' .
2007-01-12 17:49:02 +00:00
*
* @ var string
* @ access public
*/
2007-02-10 22:59:08 +00:00
var $userModel = 'User' ;
2007-02-11 18:09:27 +00:00
/**
* The name of the model that represents objects which users can be authorized for against .
*
* @ var string
* @ access public
*/
var $objectModel = null ;
2007-01-12 17:49:02 +00:00
/**
* Additional query conditions to use when looking up and authenticating users ,
* i . e . array ( 'User.is_active' => 1 ) .
*
* @ var array
* @ access public
*/
var $userScope = array ();
/**
* Allows you to specify non - default login name and password fields used in
* $userModel , i . e . array ( 'username' => 'login_name' , 'password' => 'passwd' ) .
*
* @ var array
* @ access public
*/
var $fields = array ( 'username' => 'username' , 'password' => 'password' );
/**
* The session key name where the record of the current user is stored . If
* unspecified , it will be " Auth. { $userModel name } " .
*
* @ var string
* @ access public
*/
var $sessionKey = null ;
/**
* If using action - based access control , this defines how the paths to action
* ACO nodes is computed . If , for example , all controller nodes are nested
* under an ACO node named 'Controllers' , $actionPath should be set to
2007-02-10 22:59:08 +00:00
* " Controllers/ " .
2007-01-12 17:49:02 +00:00
*
* @ var string
* @ access public
*/
2007-02-10 22:59:08 +00:00
var $actionPath = null ;
2007-01-12 17:49:02 +00:00
/**
* A URL ( defined as a string or array ) to the controller action that handles
* logins .
*
* @ var mixed
* @ access public
*/
2007-01-22 08:08:34 +00:00
var $loginAction = null ;
2007-01-12 17:49:02 +00:00
/**
* Normally , if a user is redirected to the $loginAction page , the location they
* were redirected from will be stored in the session so that they can be
* redirected back after a successful login . If this session value is not
* set , the user will be redirected to the page specified in $loginRedirect .
*
2007-03-21 05:55:04 +00:00
* @ var mixed
2007-01-12 17:49:02 +00:00
* @ access public
*/
var $loginRedirect = null ;
2007-03-21 05:55:04 +00:00
/**
* The the default action to redirect to after the user is logged out . While AuthComponent does
* not handle post - logout redirection , a redirect URL will be returned from AuthComponent :: logout () .
* Defaults to AuthComponent :: $loginAction .
*
* @ var mixed
* @ access public
* @ see AuthComponent :: $loginAction
* @ see AuthComponent :: logout ()
*/
var $logoutRedirect = null ;
2007-01-12 17:49:02 +00:00
/**
* The type of automatic ACL validation to perform , where 'actions' validates
* the controller action of the current request , 'objects' validates against
* model objects accessed , and null prevents automatic validation .
*
2007-01-22 08:08:34 +00:00
* @ var string
2007-01-12 17:49:02 +00:00
* @ access public
*/
2007-01-22 08:08:34 +00:00
var $validate = 'actions' ;
2007-01-16 12:51:56 +00:00
/**
* Error to display when user login fails . For security purposes , only one error is used for all
* login failures , so as not to expose information on why the login failed .
*
2007-01-22 08:08:34 +00:00
* @ var string
2007-01-16 12:51:56 +00:00
* @ access public
*/
var $loginError = 'Login failed. Invalid username or password.' ;
2007-02-12 05:05:31 +00:00
/**
* Error to display when user attempts to access an object or action to which they do not have
* acccess .
*
* @ var string
* @ access public
*/
2007-02-12 21:56:06 +00:00
var $authError = 'You are not authorized to access that location.' ;
2007-01-23 15:22:23 +00:00
/**
* Maintains current user login state .
*
* @ var boolean
* @ access private
*/
var $_loggedIn = false ;
2007-01-24 02:28:16 +00:00
/**
* Determines whether AuthComponent will automatically redirect and exit if login is successful .
*
* @ var boolean
* @ access public
*/
var $autoRedirect = true ;
2007-01-22 08:08:34 +00:00
/**
* Controller actions for which user validation is not required .
*
* @ var array
* @ access public
* @ see AuthComponent :: allow ()
*/
var $allowedActions = array ();
2007-02-12 05:05:31 +00:00
/**
* Maps actions to CRUD operations . Used for controller - based validation ( $validate = 'controller' ) .
*
* @ var array
* @ access public
* @ see AuthComponent :: mapActions ()
*/
var $actionMap = array (
'index' => 'read' ,
'add' => 'create' ,
'edit' => 'update' ,
'view' => 'read' ,
'remove' => 'delete'
);
2007-02-10 22:59:08 +00:00
/**
* Form data from Controller :: $data
*
* @ var array
* @ access public
*/
var $data = array ();
/**
* Parameter data from Controller :: $params
*
* @ var array
* @ access public
*/
var $params = array ();
2007-02-11 00:29:23 +00:00
/**
* Initializes AuthComponent for use in the controller
*
* @ access public
* @ param object $controller A reference to the instantiating controller object
* @ return void
*/
function initialize ( & $controller ) {
$this -> params = $controller -> params ;
2007-02-12 05:05:31 +00:00
$crud = array ( 'create' , 'read' , 'update' , 'delete' );
$this -> actionMap = am ( $this -> actionMap , array_combine ( $crud , $crud ));
if ( defined ( 'CAKE_ADMIN' )) {
$this -> actionMap = am ( $this -> actionMap , array (
CAKE_ADMIN . '_index' => 'read' ,
CAKE_ADMIN . '_add' => 'create' ,
CAKE_ADMIN . '_edit' => 'update' ,
CAKE_ADMIN . '_view' => 'read' ,
CAKE_ADMIN . '_remove' => 'delete' ,
CAKE_ADMIN . '_create' => 'create' ,
CAKE_ADMIN . '_read' => 'read' ,
CAKE_ADMIN . '_update' => 'update' ,
CAKE_ADMIN . '_delete' => 'delete'
));
}
2007-02-11 00:29:23 +00:00
}
2007-01-12 17:49:02 +00:00
/**
* Main execution method . Handles redirecting of invalid users , and processing
* of login form data .
*
* @ access public
* @ param object $controller A reference to the instantiating controller object
* @ return void
*/
function startup ( & $controller ) {
2007-03-05 15:14:35 +00:00
if ( low ( $controller -> name ) == 'app' || ( low ( $controller -> name ) == 'tests' && Configure :: read () > 0 )) {
2007-01-12 17:49:02 +00:00
return ;
}
2007-02-11 00:29:23 +00:00
if ( ! $this -> _setDefaults ()) {
2007-02-08 22:10:58 +00:00
return ;
}
2007-03-21 15:40:46 +00:00
$this -> data = $controller -> data = $this -> hashPasswords ( $controller -> data );
2007-01-22 08:08:34 +00:00
2007-02-08 22:10:58 +00:00
if ( $this -> allowedActions == array ( '*' ) || in_array ( $controller -> action , $this -> allowedActions )) {
return false ;
2007-01-12 17:49:02 +00:00
}
2007-01-16 12:51:56 +00:00
if ( ! isset ( $controller -> params [ 'url' ][ 'url' ])) {
$url = '' ;
} else {
$url = $controller -> params [ 'url' ][ 'url' ];
}
2007-01-22 08:08:34 +00:00
if ( $this -> _normalizeURL ( $this -> loginAction ) == $this -> _normalizeURL ( $url )) {
2007-01-12 17:49:02 +00:00
// We're already at the login action
2007-01-22 08:08:34 +00:00
if ( empty ( $controller -> data ) || ! isset ( $controller -> data [ $this -> userModel ])) {
2007-02-11 18:09:27 +00:00
if ( ! $this -> Session -> check ( 'Auth.redirect' )) {
$this -> Session -> write ( 'Auth.redirect' , $controller -> referer ());
}
2007-01-12 17:49:02 +00:00
return ;
}
2007-01-22 08:08:34 +00:00
$data = array (
2007-02-05 20:19:34 +00:00
$this -> userModel . '.' . $this -> fields [ 'username' ] => '= ' . $controller -> data [ $this -> userModel ][ $this -> fields [ 'username' ]],
$this -> userModel . '.' . $this -> fields [ 'password' ] => '= ' . $controller -> data [ $this -> userModel ][ $this -> fields [ 'password' ]]
2007-01-22 08:08:34 +00:00
);
2007-02-08 22:25:45 +00:00
if ( $this -> login ( $data ) && $this -> autoRedirect ) {
2007-01-23 15:22:23 +00:00
$controller -> redirect ( $this -> redirect (), null , true );
2007-01-22 08:08:34 +00:00
} else {
2007-01-23 15:22:23 +00:00
$this -> Session -> setFlash ( $this -> loginError , 'default' , array (), 'Auth.login' );
2007-02-05 20:19:34 +00:00
unset ( $controller -> data [ $this -> userModel ][ $this -> fields [ 'password' ]]);
2007-01-12 17:49:02 +00:00
}
return ;
} else {
2007-02-10 22:59:08 +00:00
if ( ! $this -> user ()) {
2007-01-12 17:49:02 +00:00
if ( ! $this -> RequestHandler -> isAjax ()) {
2007-01-16 12:51:56 +00:00
$this -> Session -> write ( 'Auth.redirect' , $url );
2007-03-23 16:46:19 +00:00
$controller -> redirect ( $this -> _normalizeURL ( $this -> loginAction ));
2007-02-10 22:59:08 +00:00
} elseif ( ! empty ( $this -> ajaxLogin )) {
2007-02-11 18:09:27 +00:00
$controller -> viewPath = 'elements' ;
$controller -> render ( $this -> ajaxLogin , 'ajax' );
2007-01-12 17:49:02 +00:00
}
2007-02-10 22:59:08 +00:00
exit ();
2007-01-12 17:49:02 +00:00
}
}
2007-02-12 05:05:31 +00:00
if ( ! $this -> isAuthorized ( $controller )) {
$this -> Session -> setFlash ( $this -> authError );
$controller -> redirect ( $controller -> referer (), null , true );
}
}
/**
* Attempts to introspect the correct values for object properties including
* $userModel and $sessionKey .
*
* @ access private
* @ param object $controller A reference to the instantiating controller object
* @ return void
*/
function _setDefaults () {
if ( empty ( $this -> userModel )) {
trigger_error ( __ ( 'Could not find $userModel. Please set AuthComponent::$userModel in beforeFilter().' ), E_USER_WARNING );
return false ;
}
if ( empty ( $this -> loginAction )) {
$this -> loginAction = Inflector :: underscore ( Inflector :: pluralize ( $this -> userModel )) . '/login' ;
}
if ( empty ( $this -> sessionKey )) {
$this -> sessionKey = 'Auth.' . $this -> userModel ;
}
2007-03-21 05:55:04 +00:00
if ( empty ( $this -> logoutAction )) {
$this -> logoutRedirect = $this -> loginAction ;
}
2007-02-12 05:05:31 +00:00
return true ;
}
/**
* Determines whether the given user is authorized to perform an action . The type of authorization
* used is based on the value of AuthComponent :: $validate .
*
* @ access public
* @ param object $controller
* @ param mixed $user The user to check the authorization of
* @ param string $type
* @ return boolean True if $user is authorized , otherwise false
*/
function isAuthorized ( & $controller , $type = null , $user = null ) {
if ( empty ( $user )) {
$user = $this -> user ();
2007-02-10 22:59:08 +00:00
}
2007-02-12 05:05:31 +00:00
extract ( $this -> __authType ( $type ));
2007-02-10 22:59:08 +00:00
2007-02-11 18:09:27 +00:00
if (( $type == 'objects' || $type == 'association' )) {
if ( ! isset ( $this -> params [ 'id' ])) {
return ;
} elseif ( empty ( $this -> objectModel )) {
if ( isset ( $controller -> { $controller -> modelClass }) && is_object ( $controller -> { $controller -> modelClass })) {
$this -> objectModel = $controller -> modelClass ;
} elseif ( ! empty ( $controller -> uses ) && isset ( $controller -> { $controller -> uses [ 0 ]}) && is_object ( $controller -> { $controller -> uses [ 0 ]})) {
$this -> objectModel = $controller -> uses [ 0 ];
} else {
trigger_error ( __ ( 'Could not find $objectModel. Please set AuthComponent::$objectModel in beforeFilter().' ), E_USER_WARNING );
return ;
}
}
}
2007-02-12 05:05:31 +00:00
$valid = false ;
2007-02-10 22:59:08 +00:00
switch ( $type ) {
2007-01-12 17:49:02 +00:00
case 'actions' :
2007-02-11 18:09:27 +00:00
$valid = $this -> Acl -> check ( $this -> user (), $this -> action ());
2007-01-12 17:49:02 +00:00
break ;
case 'objects' :
2007-02-12 00:57:44 +00:00
2007-02-10 22:59:08 +00:00
break ;
case 'association' :
2007-02-12 00:57:44 +00:00
2007-02-12 05:05:31 +00:00
break ;
case 'controller' :
$this -> mapActions ();
if ( ! isset ( $this -> actionMap [ $this -> params [ 'action' ]])) {
2007-02-14 20:04:00 +00:00
trigger_error ( 'Auth::startup() - Attempted access of un-mapped action "' . $this -> params [ 'action' ] . '" in controller "' . $this -> params [ 'controller' ] . '"' , E_USER_WARNING );
2007-02-12 05:05:31 +00:00
} else {
$valid = $this -> Acl -> check ( $this -> user (), $this -> action ( ':controller' ), $this -> actionMap [ $this -> params [ 'action' ]]);
}
2007-01-12 17:49:02 +00:00
break ;
2007-01-23 15:22:23 +00:00
case null :
case false :
2007-03-14 20:53:14 +00:00
return true ;
2007-01-23 15:22:23 +00:00
break ;
2007-01-12 17:49:02 +00:00
default :
2007-02-12 05:05:31 +00:00
trigger_error ( __ ( 'Auth::startup() - $validate is set to an incorrect value. Allowed settings are: "controller", "actions", "objects", "association" or null.' ), E_USER_WARNING );
2007-01-12 17:49:02 +00:00
break ;
}
2007-02-12 05:05:31 +00:00
return $valid ;
2007-01-12 17:49:02 +00:00
}
2007-02-12 05:05:31 +00:00
function __authType ( $auth = null ) {
if ( empty ( $auth )) {
$auth = $this -> validate ;
2007-01-22 08:08:34 +00:00
}
2007-02-12 05:05:31 +00:00
$object = $assoc = null ;
if ( is_array ( $auth )) {
$type = key ( $auth );
$object = $auth [ $type ];
if ( isset ( $auth [ 0 ])) {
$assoc = $auth [ 0 ];
}
} else {
$type = $auth ;
2007-01-12 17:49:02 +00:00
}
2007-02-12 05:05:31 +00:00
return compact ( 'type' , 'object' , 'assoc' );
2007-01-12 17:49:02 +00:00
}
2007-01-22 08:08:34 +00:00
/**
2007-01-24 04:38:39 +00:00
* Takes a list of actions in the current controller for which authentication is not required , or
2007-01-22 08:08:34 +00:00
* no parameters to allow all actions .
*
* @ access public
2007-01-23 15:22:23 +00:00
* @ param string $action Controller action name
* @ param string $action Controller action name
* @ param string ... etc .
2007-01-22 08:08:34 +00:00
* @ return void
*/
function allow () {
$args = func_get_args ();
if ( empty ( $args )) {
$this -> allowedActions = array ( '*' );
} else {
2007-02-11 18:09:27 +00:00
$this -> allowedActions = am ( $this -> allowedActions , $args );
}
}
/**
* Removes items from the list of allowed actions .
*
* @ access public
* @ param string $action Controller action name
* @ param string $action Controller action name
* @ param string ... etc .
* @ return void
* @ see AuthComponent :: allow ()
*/
function deny () {
$args = func_get_args ();
foreach ( $args as $arg ) {
$i = array_search ( $arg , $this -> allowedActions );
if ( is_int ( $i )) {
unset ( $this -> allowedActions [ $i ]);
}
2007-01-22 08:08:34 +00:00
}
2007-02-11 18:09:27 +00:00
$this -> allowedActions = array_values ( $this -> allowedActions );
2007-01-22 08:08:34 +00:00
}
2007-02-12 05:05:31 +00:00
/**
* Maps action names to CRUD operations . Used for controller - based authentication .
*
* @ param array $map
* @ access public
* @ return void
*/
function mapActions ( $map = array ()) {
2007-02-12 21:56:06 +00:00
$crud = array ( 'create' , 'read' , 'update' , 'delete' );
foreach ( $map as $action => $type ) {
if ( in_array ( $action , $crud ) && is_array ( $type )) {
foreach ( $type as $typedAction ) {
$this -> actionMap [ $typedAction ] = $action ;
}
} else {
$this -> actionMap [ $action ] = $type ;
}
}
2007-02-12 05:05:31 +00:00
}
2007-01-23 15:22:23 +00:00
/**
2007-01-24 04:38:39 +00:00
* Manually log - in a user with the given parameter data . The $data provided can be any data
* structure used to identify a user in AuthComponent :: identify () . If $data is empty or not
* specified , POST data from Controller :: $data will be used automatically .
*
* After ( if ) login is successful , the user record is written to the session key specified in
* AuthComponent :: $sessionKey .
2007-01-23 15:22:23 +00:00
*
* @ access public
* @ param mixed $data User object
* @ return boolean True on login success , false on failure
*/
function login ( $data = null ) {
2007-02-11 00:29:23 +00:00
$this -> _setDefaults ();
2007-01-23 15:22:23 +00:00
$this -> _loggedIn = false ;
if ( empty ( $data )) {
$data = $this -> data ;
}
if ( $user = $this -> identify ( $data )) {
$this -> Session -> write ( $this -> sessionKey , $user );
$this -> _loggedIn = true ;
}
return $this -> _loggedIn ;
}
2007-01-24 02:28:16 +00:00
/**
* Logs a user out , and returns the login action to redirect to .
*
* @ access public
* @ param mixed $url Optional URL to redirect the user to after logout
* @ return string AuthComponent :: $loginAction
2007-01-24 04:38:39 +00:00
* @ see AuthComponent :: $loginAction
2007-01-24 02:28:16 +00:00
*/
function logout () {
2007-02-11 00:29:23 +00:00
$this -> _setDefaults ();
2007-01-24 07:26:52 +00:00
$this -> Session -> del ( $this -> sessionKey );
$this -> Session -> del ( 'Auth.redirect' );
2007-01-24 02:28:16 +00:00
$this -> _loggedIn = false ;
2007-03-21 05:55:04 +00:00
return $this -> _normalizeURL ( $this -> logoutRedirect );
2007-01-24 02:28:16 +00:00
}
2007-01-23 16:27:34 +00:00
/**
* Get the current user from the session .
*
* @ access public
* @ return array User record , or null if no user is logged in .
*/
2007-01-24 07:26:52 +00:00
function user ( $key = null ) {
2007-02-11 00:29:23 +00:00
$this -> _setDefaults ();
2007-01-23 16:27:34 +00:00
if ( ! $this -> Session -> check ( $this -> sessionKey )) {
return null ;
}
2007-01-24 07:26:52 +00:00
if ( $key == null ) {
return array ( $this -> userModel => $this -> Session -> read ( $this -> sessionKey ));
} else {
$user = $this -> Session -> read ( $this -> sessionKey );
if ( isset ( $user [ $key ])) {
return $user [ $key ];
} else {
return null ;
}
}
2007-01-23 16:27:34 +00:00
}
2007-01-23 15:22:23 +00:00
/**
2007-02-11 18:09:27 +00:00
* If no parameter is passed , gets the authentication redirect URL .
2007-01-23 15:22:23 +00:00
*
2007-02-11 18:09:27 +00:00
* @ param mixed $url Optional URL to write as the login redirect URL .
2007-01-23 15:22:23 +00:00
* @ access public
* @ return string Redirect URL
*/
2007-02-11 18:09:27 +00:00
function redirect ( $url = null ) {
if ( ! is_null ( $url )) {
return $this -> Session -> write ( 'Auth.redirect' , $url );
}
2007-01-23 15:22:23 +00:00
if ( $this -> Session -> check ( 'Auth.redirect' )) {
$redir = $this -> Session -> read ( 'Auth.redirect' );
$this -> Session -> delete ( 'Auth.redirect' );
2007-02-20 17:45:41 +00:00
2007-03-23 16:46:19 +00:00
if ( $this -> _normalizeURL ( $redir ) == $this -> _normalizeURL ( $this -> loginAction )) {
2007-02-20 17:45:41 +00:00
$redir = $this -> loginRedirect ;
}
2007-01-23 15:22:23 +00:00
} else {
$redir = $this -> loginRedirect ;
}
2007-03-23 16:46:19 +00:00
return $this -> _normalizeURL ( $redir );
2007-01-23 15:22:23 +00:00
}
2007-01-12 17:49:02 +00:00
/**
* Validates a user against an abstract object .
*
* @ access public
* @ param mixed $object The object to validate the user against .
* @ param mixed $user Optional . The identity of the user to be validated .
* Uses the current user session if none specified . For
* valid forms of identifying users , see
* AuthComponent :: identify () .
* @ see AuthComponent :: identify ()
* @ return boolean True if the user validates , false otherwise .
*/
2007-02-11 00:29:23 +00:00
function validate ( $object , $user = null , $action = null ) {
2007-02-10 22:59:08 +00:00
if ( empty ( $user )) {
2007-02-11 00:29:23 +00:00
$this -> getUserModel ();
2007-02-10 22:59:08 +00:00
$user = $this -> user ();
}
2007-02-08 22:10:58 +00:00
if ( empty ( $user )) {
2007-01-12 17:49:02 +00:00
return false ;
}
2007-02-11 18:09:27 +00:00
return $this -> Acl -> check ( $user , $object , $action );
2007-01-12 17:49:02 +00:00
}
/**
2007-02-11 18:09:27 +00:00
* Returns the path to the ACO node bound to a controller / action .
2007-01-12 17:49:02 +00:00
*
* @ access public
* @ param string $action Optional . The controller / action path to validate the
* user against . The current request action is used if
* none is specified .
2007-02-11 18:09:27 +00:00
* @ return boolean ACO node path
2007-01-12 17:49:02 +00:00
*/
2007-02-11 18:09:27 +00:00
function action ( $action = ':controller/:action' ) {
return r (
2007-01-12 17:49:02 +00:00
array ( ':controller' , ':action' ),
2007-02-10 22:59:08 +00:00
array ( Inflector :: camelize ( $this -> params [ 'controller' ]), $this -> params [ 'action' ]),
2007-02-11 18:09:27 +00:00
$this -> actionPath . $action
2007-01-12 17:49:02 +00:00
);
}
/**
* Returns a reference to the model object specified by $userModel , and attempts
* to load it if it is not found .
*
* @ access public
* @ return object A reference to a model object .
*/
function & getUserModel () {
2007-02-11 00:29:23 +00:00
$user = null ;
2007-01-12 17:49:02 +00:00
if ( ! ClassRegistry :: isKeySet ( $this -> userModel )) {
2007-02-11 00:29:23 +00:00
if ( ! loadModel ( Inflector :: underscore ( $this -> userModel ))) {
2007-01-12 17:49:02 +00:00
trigger_error ( __ ( 'Auth::getUserModel() - $userModel is not set or could not be found' ) . $this -> userModel , E_USER_WARNING );
return null ;
2007-02-11 00:29:23 +00:00
} else {
$model = $this -> userModel ;
$user = new $model ();
2007-01-12 17:49:02 +00:00
}
}
2007-02-12 00:57:44 +00:00
2007-02-11 00:29:23 +00:00
if ( empty ( $user )) {
if ( PHP5 ) {
$user = ClassRegistry :: getObject ( $this -> userModel );
} else {
$user =& ClassRegistry :: getObject ( $this -> userModel );
}
2007-01-12 17:49:02 +00:00
}
2007-02-11 00:29:23 +00:00
2007-01-12 17:49:02 +00:00
if ( empty ( $user )) {
2007-01-22 08:08:34 +00:00
trigger_error ( __ ( 'Auth::getUserModel() - $userModel is not set or could not be found ' ) . $this -> userModel , E_USER_WARNING );
2007-01-12 17:49:02 +00:00
return null ;
}
return $user ;
}
/**
* Identifies a user based on specific criteria .
*
* @ access public
* @ param mixed $user Optional . The identity of the user to be validated .
* Uses the current user session if none specified .
* @ return array User record data , or null , if the user could not be identified .
*/
function identify ( $user = null ) {
2007-02-08 22:10:58 +00:00
if ( empty ( $user )) {
$user = $this -> user ();
if ( empty ( $user )) {
return null ;
}
2007-01-23 15:22:23 +00:00
} else if ( is_object ( $user ) && is_a ( $user , 'Model' )) {
if ( ! $user -> exists ()) {
return null ;
}
$user = $user -> read ();
$user = $user [ $this -> userModel ];
2007-01-12 17:49:02 +00:00
} else if ( is_array ( $user ) && isset ( $user [ $this -> userModel ])) {
$user = $user [ $this -> userModel ];
2007-01-23 15:22:23 +00:00
}
if ( is_array ( $user ) && ( isset ( $user [ $this -> fields [ 'username' ]]) || isset ( $user [ $this -> userModel . '.' . $this -> fields [ 'username' ]]))) {
if ( isset ( $user [ $this -> fields [ 'username' ]])) {
$find = array (
$this -> fields [ 'username' ] => $user [ $this -> fields [ 'username' ]],
$this -> fields [ 'password' ] => $user [ $this -> fields [ 'password' ]]
);
} else {
$find = array (
$this -> fields [ 'username' ] => $user [ $this -> userModel . '.' . $this -> fields [ 'username' ]],
$this -> fields [ 'password' ] => $user [ $this -> userModel . '.' . $this -> fields [ 'password' ]]
);
}
2007-01-12 17:49:02 +00:00
$model =& $this -> getUserModel ();
2007-01-23 15:22:23 +00:00
$data = $model -> find ( am ( $find , $this -> userScope ), null , null , - 1 );
2007-01-12 17:49:02 +00:00
if ( empty ( $data ) || empty ( $data [ $this -> userModel ])) {
return null ;
}
} else if ( is_numeric ( $user )) {
// Assume it's a user's ID
$model =& $this -> getUserModel ();
2007-02-11 18:09:27 +00:00
$data = $model -> find ( am ( array ( $model -> escapeField () => $user ), $this -> userScope ));
2007-01-12 17:49:02 +00:00
if ( empty ( $data ) || empty ( $data [ $this -> userModel ])) {
return null ;
}
2007-02-08 23:44:58 +00:00
}
if ( isset ( $data ) && ! empty ( $data )) {
if ( ! empty ( $data [ $this -> userModel ][ $this -> fields [ 'password' ]])) {
unset ( $data [ $this -> userModel ][ $this -> fields [ 'password' ]]);
}
2007-01-12 17:49:02 +00:00
return $data [ $this -> userModel ];
} else {
return null ;
}
}
2007-02-10 22:59:08 +00:00
/**
* Hash any passwords found in Controller :: $data .
*
* @ access public
* @ param object $controller
* @ return void
*/
2007-03-21 15:40:46 +00:00
function hashPasswords ( $data ) {
if ( isset ( $data [ $this -> userModel ])) {
if ( isset ( $data [ $this -> userModel ][ $this -> fields [ 'username' ]]) && isset ( $data [ $this -> userModel ][ $this -> fields [ 'password' ]])) {
2007-02-10 22:59:08 +00:00
$model =& $this -> getUserModel ();
2007-03-21 15:40:46 +00:00
$data [ $this -> userModel ][ $this -> fields [ 'password' ]] = Security :: hash ( CAKE_SESSION_STRING . $data [ $this -> userModel ][ $this -> fields [ 'password' ]]);
2007-02-10 22:59:08 +00:00
}
}
2007-03-21 15:40:46 +00:00
return $data ;
2007-02-10 22:59:08 +00:00
}
2007-01-23 15:22:23 +00:00
/**
* Component shutdown . If user is logged in , wipe out redirect .
*
* @ access public
* @ param object $controller
* @ return void
*/
function shutdown ( & $controller ) {
if ( $this -> _loggedIn ) {
$this -> Session -> del ( 'Auth.redirect' );
}
}
2007-01-22 08:08:34 +00:00
/**
* @ access private
*/
function _normalizeURL ( $url = '/' ) {
if ( is_array ( $url )) {
$url = Router :: url ( $url );
$paths = Router :: getPaths ();
$url = r ( $paths [ 'base' ], '' , $url );
}
2007-01-24 02:28:16 +00:00
$url = '/' . $url . '/' ;
while ( strpos ( $url , '//' ) !== false ) {
$url = r ( '//' , '/' , $url );
}
return $url ;
2007-01-22 08:08:34 +00:00
}
2007-01-12 17:49:02 +00:00
}
?>