1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
<?php
use lithium\storage\Session;
use lithium\security\Auth;
use lithium\util\String;
use app\models\User;
use lithium\core\Libraries;
use lithium\action\Dispatcher;
use lithium\net\http\Router;
use lithium\action\Response;
use lithium\security\Password;
Session::config(array(
'cookie' => array('adapter' => 'Cookie'),
'default' => array('adapter' => 'Php'),
'flash_message' => array('adapter' => 'Php')
));
Auth::config(array(
'default' => array(
'adapter' => 'Form',
'model' => 'User',
'cookie' => '',
'fields' => array('username', 'password'),
//'scope' => array('active' => 'true'), //The active field must be true otherwise they can't auth, though we need
//to eventually send them to a page that explains they are banned.
'session' => array('options' => array('name' => 'default')),
'validators' => array(
'password' => function($form, $data) {
return password::check($form, $data);
}))
));
$secret = "cake";
// Adds remember feature for form-based authentications.
Auth::applyFilter('check', function($self, $params, $chain) use ($secret)
{
$query = 'first';
$scope = array();
extract($self::invokeMethod('_config', array($params['name'])));
if ($result = $chain->next($self, $params, $chain))
{
$request = $params['credentials'];
if ($request && $adapter == 'Form' && !empty($request->data['remember']))
{
$data = array_intersect_key($result, array_combine($fields, $fields));
$data = serialize($data);
Session::write(
"Auth.{$params['name']}",
base64_encode($data),
array('name' => 'cookie')
);
}
return $result;
}
if ($adapter == 'Form')
{
$data = Session::read("Auth.{$params['name']}", array('name' => 'cookie'));
if ($data)
{
$data = base64_decode($data);
$data = unserialize($data);
if (array_keys($data) == $fields)
{
$model = Libraries::locate('models', $model);
$data = array_map('strval', $data);
$user = $model::$query($scope + $data);
if ($user) {
return $self::set($params['name'], $user->data());
}
}
}
}
return $result;
});
// Removes remember cookie after sign out.
Auth::applyFilter('clear', function($self, $params, $chain)
{
$config = $self::invokeMethod('_config', array($params['name']));
if ($config['adapter'] == 'Form')
{
if (Session::read("Auth.{$params['name']}", array('name' => 'cookie')))
{
Session::delete("Auth.{$params['name']}", array('name' => 'cookie'));
}
}
return $chain->next($self, $params, $chain);
});
//So that we can filter a bunch of methods in one
Dispatcher::applyFilter('_callable', function($self, $params, $chain)
{
//Invoke the _callable method, then execute the logic below
$ctrl = $chain->next($self, $params, $chain);
//if the user is logged in
$user = Auth::check('default');
if($user)
{
//check if they are accessing an admin function
if ($ctrl->request->controller == 'admin' && !($user['level'] == 'root' || $user['level'] == 'admin'))
{
return function() use ($request)
{
//Users / index isn't public derp.
return new Response(compact('request') + array('location' => '/'));
};
}
//If they aren't trying to access admin, return
return $ctrl;
}
//If they are performing a public action continue,
if (isset($ctrl->publicActions) && in_array($params['request']->action, $ctrl->publicActions))
{
return $ctrl;
}
//Save the location they are going to
$value = array('controller' => $ctrl->request->controller, 'action' => $ctrl->request->action, 'args' => $ctrl->request->args);
Session::write('url', $value);
//Redirect them to the login page
return function() use ($request)
{
return new Response(compact('request') + array('location' => '/login'));
};
});
?>
|
