1 files changed, 135 insertions, 0 deletions

diff --git a/config/bootstrap/auth.php b/config/bootstrap/auth.php
new file mode 100644
index 0000000..11c963f
--- /dev/null
+++ b/config/bootstrap/auth.php
@@ -0,0 +1,135 @@
+<?php
+use lithium\storage\Session;
+use lithium\security\Auth;
+use lithium\util\String;
+use app\models\User; 
+use lithium\core\Libraries;
+use lithium\action\Dispatcher;
+use lithium\net\http\Router;
+use lithium\action\Response;
+
+
+Session::config(array(
+	'cookie' => array('adapter' => 'Cookie'),
+    'default' => array('adapter' => 'Php'),
+    'flash_message' => array('adapter' => 'Php')
+));
+
+Auth::config(array(
+    'default' => array(
+        'adapter'  => 'Form',
+        'model'    => 'User',
+        'cookie'   => '',
+        'fields'   => array('username', 'password'),
+        //'scope'    => array('active' => 'true'), //The active field must be true otherwise they can't auth, though we need
+        										//to eventually send them to a page that explains they are banned. 
+        'session'  => array('options' => array('name' => 'default')),
+        'filters'  => array(
+	        'password' => function($password) {
+	        		return $password; //prevents li3 from hashing the password before hand. 
+	        	},
+
+		        function($data) {
+			        if (!empty($data['username'])) {
+			        	
+			        	//Find the first element record that matches the username in the request and get the salt field
+			        	$salt = User::find('first', array('conditions' => array('username' => $data['username'])));
+			        	
+			        	//The password to query is the password from the request
+			        	//hashed with the users stored salt
+			        	$data['password'] = String::hashPassword($data['password'], $salt->salt); 
+	        	}
+	        	return $data;
+	        })
+    )
+));
+
+$secret = "cake";
+
+// Adds remember feature for form-based authentications.
+Auth::applyFilter('check', function($self, $params, $chain) use ($secret) {
+	$query = 'first';
+	$scope = array();
+	extract($self::invokeMethod('_config', array($params['name'])));
+	if ($result = $chain->next($self, $params, $chain)) {
+		$request = $params['credentials'];
+		if ($request && $adapter == 'Form' && !empty($request->data['remember'])) {
+			$data = array_intersect_key($result, array_combine($fields, $fields));
+			$data = serialize($data);
+			Session::write(
+				"Auth.{$params['name']}",
+				base64_encode($data),
+				array('name' => 'cookie')
+			);
+		}
+		return $result;
+	}
+	if ($adapter == 'Form') {
+		$data = Session::read("Auth.{$params['name']}", array('name' => 'cookie'));
+		if ($data) {
+			$data = base64_decode($data);
+			$data = unserialize($data);
+			if (array_keys($data) == $fields) {
+				$model = Libraries::locate('models', $model);
+				$data = array_map('strval', $data);
+				$user = $model::$query($scope + $data);
+				if ($user) {
+					return $self::set($params['name'], $user->data());
+				}
+			}
+		}
+	}
+	return $result;
+});
+
+// Removes remember cookie after sign out.
+Auth::applyFilter('clear', function($self, $params, $chain) {
+	$config = $self::invokeMethod('_config', array($params['name']));
+	if ($config['adapter'] == 'Form') {
+		if (Session::read("Auth.{$params['name']}", array('name' => 'cookie'))) {
+			Session::delete("Auth.{$params['name']}", array('name' => 'cookie'));
+		}
+	}
+	return $chain->next($self, $params, $chain);
+});
+
+//So that we can filter a bunch of methods in one
+Dispatcher::applyFilter('_callable', function($self, $params, $chain) {
+   
+   //Invoke the _callable method, then execute the logic below
+    $ctrl = $chain->next($self, $params, $chain);
+
+    //if the user is logged in
+    $user = Auth::check('default');
+    if($user)
+    {
+    	//check if they are accessing an admin function
+    	if ($ctrl->request->controller == 'admin' && !($user['level'] == 'root' || $user['level'] == 'admin'))
+    	{
+    		return function() use ($request) {
+    				
+    				//Users / index isn't public derp.
+        			return new Response(compact('request') + array('location' => '/'));
+        		};
+    	}
+    	
+    	//If they aren't trying to access admin, return
+    	return $ctrl;
+    }
+    //If they are performing a public action continue,
+    if (isset($ctrl->publicActions) && in_array($params['request']->action, $ctrl->publicActions)) {
+        return $ctrl;
+    }
+
+    //Otherwise, send them to the login page 
+    return function() use ($request) {
+        return new Response(compact('request') + array('location' => '/login'));
+    };
+
+
+});
+
+
+
+
+?>
\ No newline at end of file