config/bootstrap/auth.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

<?php
use lithium\storage\Session;
use lithium\security\Auth;
use lithium\util\String;
use app\models\User; 
use lithium\core\Libraries;
use lithium\action\Dispatcher;
use lithium\net\http\Router;
use lithium\action\Response;
use lithium\security\Password;


Session::config(array(
	'cookie' => array('adapter' => 'Cookie'),
    'default' => array('adapter' => 'Php'),
    'flash_message' => array('adapter' => 'Php')
));

Auth::config(array(
    'default' => array(
        'adapter'  => 'Form',
        'model'    => 'User',
        'cookie'   => '',
        'fields'   => array('username', 'password'),
        //'scope'    => array('active' => 'true'), //The active field must be true otherwise they can't auth, though we need
        										//to eventually send them to a page that explains they are banned. 
        'session'  => array('options' => array('name' => 'default')),
        'filters'  => array(
	        'password' => function($password) {
	        		return $password; //prevents li3 from hashing the password before hand. 
	        	},

		        function($data) {
		        	if(isset($data['username'])) 
		        	{
		        		//Gett the user from the database 
		        		$user = User::find('first', array('conditions' => array('username' => $data['username'])));

		        		//Hash the submitted password with the stored salt. 
		        		$data['password'] = Password::hash($data['password'], $user->salt);
		        	
		        	}
		        	return $data;
		        	
	        })
    )
));

$secret = "cake";

// Adds remember feature for form-based authentications.
Auth::applyFilter('check', function($self, $params, $chain) use ($secret) {
	$query = 'first';
	$scope = array();
	extract($self::invokeMethod('_config', array($params['name'])));
	if ($result = $chain->next($self, $params, $chain)) {
		$request = $params['credentials'];
		if ($request && $adapter == 'Form' && !empty($request->data['remember'])) {
			$data = array_intersect_key($result, array_combine($fields, $fields));
			$data = serialize($data);
			Session::write(
				"Auth.{$params['name']}",
				base64_encode($data),
				array('name' => 'cookie')
			);
		}
		return $result;
	}
	if ($adapter == 'Form') {
		$data = Session::read("Auth.{$params['name']}", array('name' => 'cookie'));
		if ($data) {
			$data = base64_decode($data);
			$data = unserialize($data);
			if (array_keys($data) == $fields) {
				$model = Libraries::locate('models', $model);
				$data = array_map('strval', $data);
				$user = $model::$query($scope + $data);
				if ($user) {
					return $self::set($params['name'], $user->data());
				}
			}
		}
	}
	return $result;
});

// Removes remember cookie after sign out.
Auth::applyFilter('clear', function($self, $params, $chain) {
	$config = $self::invokeMethod('_config', array($params['name']));
	if ($config['adapter'] == 'Form') {
		if (Session::read("Auth.{$params['name']}", array('name' => 'cookie'))) {
			Session::delete("Auth.{$params['name']}", array('name' => 'cookie'));
		}
	}
	return $chain->next($self, $params, $chain);
});

//So that we can filter a bunch of methods in one
Dispatcher::applyFilter('_callable', function($self, $params, $chain) {
   
   //Invoke the _callable method, then execute the logic below
    $ctrl = $chain->next($self, $params, $chain);

    //if the user is logged in
    $user = Auth::check('default');
    if($user)
    {
    	//check if they are accessing an admin function
    	if ($ctrl->request->controller == 'admin' && !($user['level'] == 'root' || $user['level'] == 'admin'))
    	{
    		return function() use ($request) {
    				
    				//Users / index isn't public derp.
        			return new Response(compact('request') + array('location' => '/'));
        		};
    	}
    	
    	//If they aren't trying to access admin, return
    	return $ctrl;
    }
    //If they are performing a public action continue,
    if (isset($ctrl->publicActions) && in_array($params['request']->action, $ctrl->publicActions)) {
        return $ctrl;
    }

    //Save the location they are going to
	$value = array('controller' => $ctrl->request->controller, 'action' => $ctrl->request->action, 'args' => $ctrl->request->args);
	Session::write('url', $value);
    //Redirect them to the login page 
    return function() use ($request) {
        return new Response(compact('request') + array('location' => '/login'));
    };


});


?>