config/bootstrap/auth.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

<?php
use lithium\storage\Session;
use lithium\security\Auth;
use lithium\util\String;
use app\models\User; 
use lithium\core\Libraries;
use lithium\action\Dispatcher;
use lithium\net\http\Router;
use lithium\action\Response;
use lithium\security\Password;


Session::config(array(
	'cookie' => array('adapter' => 'Cookie'),
    'default' => array('adapter' => 'Php'),
    'flash_message' => array('adapter' => 'Php')
));

Auth::config(array(
    'default' => array(
        'adapter'  => 'Form',
        'model'    => 'User',
        'cookie'   => '',
        'fields'   => array('username', 'password'),
        //'scope'    => array('active' => 'true'), //The active field must be true otherwise they can't auth, though we need
        										//to eventually send them to a page that explains they are banned. 
        'session'  => array('options' => array('name' => 'default')),
        'filters'  => array(
	        'password' => function($password) {
	        		return $password; //prevents li3 from hashing the password before hand. 
	        	},

		        function($data) {
			        if (!empty($data['username'])) {
			        	
			        	//Find the first element record that matches the username in the request and get the salt field
			        	$salt = User::find('first', array('conditions' => array('username' => $data['username'])));
			        	
			        	//The password to query is the password from the request
			        	//hashed with the users stored salt
			        	$data['password'] = Password::hash($data['password'], $salt->salt); 
	        	}
	        	return $data;
	        })
    )
));

$secret = "cake";

// Adds remember feature for form-based authentications.
Auth::applyFilter('check', function($self, $params, $chain) use ($secret) {
	$query = 'first';
	$scope = array();
	extract($self::invokeMethod('_config', array($params['name'])));
	if ($result = $chain->next($self, $params, $chain)) {
		$request = $params['credentials'];
		if ($request && $adapter == 'Form' && !empty($request->data['remember'])) {
			$data = array_intersect_key($result, array_combine($fields, $fields));
			$data = serialize($data);
			Session::write(
				"Auth.{$params['name']}",
				base64_encode($data),
				array('name' => 'cookie')
			);
		}
		return $result;
	}
	if ($adapter == 'Form') {
		$data = Session::read("Auth.{$params['name']}", array('name' => 'cookie'));
		if ($data) {
			$data = base64_decode($data);
			$data = unserialize($data);
			if (array_keys($data) == $fields) {
				$model = Libraries::locate('models', $model);
				$data = array_map('strval', $data);
				$user = $model::$query($scope + $data);
				if ($user) {
					return $self::set($params['name'], $user->data());
				}
			}
		}
	}
	return $result;
});

// Removes remember cookie after sign out.
Auth::applyFilter('clear', function($self, $params, $chain) {
	$config = $self::invokeMethod('_config', array($params['name']));
	if ($config['adapter'] == 'Form') {
		if (Session::read("Auth.{$params['name']}", array('name' => 'cookie'))) {
			Session::delete("Auth.{$params['name']}", array('name' => 'cookie'));
		}
	}
	return $chain->next($self, $params, $chain);
});

//So that we can filter a bunch of methods in one
Dispatcher::applyFilter('_callable', function($self, $params, $chain) {
   
   //Invoke the _callable method, then execute the logic below
    $ctrl = $chain->next($self, $params, $chain);

    //if the user is logged in
    $user = Auth::check('default');
    if($user)
    {
    	//check if they are accessing an admin function
    	if ($ctrl->request->controller == 'admin' && !($user['level'] == 'root' || $user['level'] == 'admin'))
    	{
    		return function() use ($request) {
    				
    				//Users / index isn't public derp.
        			return new Response(compact('request') + array('location' => '/'));
        		};
    	}
    	
    	//If they aren't trying to access admin, return
    	return $ctrl;
    }
    //If they are performing a public action continue,
    if (isset($ctrl->publicActions) && in_array($params['request']->action, $ctrl->publicActions)) {
        return $ctrl;
    }

    //Otherwise, send them to the login page 
    return function() use ($request) {
        return new Response(compact('request') + array('location' => '/login'));
    };


});


?>