PageRenderTime 49ms CodeModel.GetById 25ms RepoModel.GetById 0ms app.codeStats 0ms

/baser/controllers/components/bc_auth.php

https://github.com/hashing/basercms
PHP | 255 lines | 116 code | 13 blank | 126 comment | 40 complexity | 45d3dcd55666d649a9ad81fdb5277d84 MD5 | raw file
Possible License(s): MIT
  1. <?php
  2. /* SVN FILE: $Id: auth.php 2 2011-07-06 16:11:32Z ryuring $ */
  3. /**
  4. * Authentication component
  5. *
  6. * Manages user logins and permissions.
  7. *
  8. * PHP versions 5
  9. *
  10. * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
  11. * Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
  12. *
  13. * Licensed under The MIT License
  14. * Redistributions of files must retain the above copyright notice.
  15. *
  16. * @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
  17. * @link http://cakephp.org CakePHP(tm) Project
  18. * @package cake
  19. * @subpackage cake.cake.libs.controller.components
  20. * @since CakePHP(tm) v 0.10.0.1076
  21. * @version $Revision: 2 $
  22. * @modifiedby $LastChangedBy: ryuring $
  23. * @lastmodified $Date: 2011-07-07 01:11:32 +0900 (木, 07 7 2011) $
  24. * @license http://www.opensource.org/licenses/mit-license.php The MIT License
  25. */
  26. App::import('Component', 'Auth');
  27. /**
  28. * Authentication control component class
  29. *
  30. * Binds access control with user authentication and session management.
  31. *
  32. * @package cake
  33. * @subpackage cake.cake.libs.controller.components
  34. */
  35. class BcAuthComponent extends AuthComponent {
  36. /**
  37. * 個体識別ID
  38. * @var string
  39. * CUSTOMIZE ADD 2011/09/25 ryuring
  40. */
  41. var $serial = '';
  42. /**
  43. * Identifies a user based on specific criteria.
  44. *
  45. * @param mixed $user Optional. The identity of the user to be validated.
  46. * Uses the current user session if none specified.
  47. * @param array $conditions Optional. Additional conditions to a find.
  48. * @return array User record data, or null, if the user could not be identified.
  49. * @access public
  50. */
  51. function identify($user = null, $conditions = null) {
  52. if ($conditions === false) {
  53. $conditions = null;
  54. } elseif (is_array($conditions)) {
  55. $conditions = array_merge((array)$this->userScope, $conditions);
  56. } else {
  57. $conditions = $this->userScope;
  58. }
  59. if (empty($user)) {
  60. $user = $this->user();
  61. if (empty($user)) {
  62. return null;
  63. }
  64. } elseif (is_object($user) && is_a($user, 'Model')) {
  65. if (!$user->exists()) {
  66. return null;
  67. }
  68. $user = $user->read();
  69. $user = $user[$this->userModel];
  70. } elseif (is_array($user) && isset($user[$this->userModel])) {
  71. $user = $user[$this->userModel];
  72. }
  73. // >>> ADD
  74. $model =& $this->getModel();
  75. $alias = $model->alias;
  76. // <<<
  77. if (is_array($user) && (isset($user[$this->fields['username']]) || isset($user[$this->userModel . '.' . $this->fields['username']]))) {
  78. // >>> MODIFY
  79. /*if (isset($user[$this->fields['username']]) && !empty($user[$this->fields['username']]) && !empty($user[$this->fields['password']])) {
  80. if (trim($user[$this->fields['username']]) == '=' || trim($user[$this->fields['password']]) == '=') {
  81. return false;
  82. }
  83. $find = array(
  84. $this->userModel.'.'.$this->fields['username'] => $user[$this->fields['username']],
  85. $this->userModel.'.'.$this->fields['password'] => $user[$this->fields['password']]
  86. );
  87. } elseif (isset($user[$this->userModel . '.' . $this->fields['username']]) && !empty($user[$this->userModel . '.' . $this->fields['username']])) {
  88. if (trim($user[$this->userModel . '.' . $this->fields['username']]) == '=' || trim($user[$this->userModel . '.' . $this->fields['password']]) == '=') {
  89. return false;
  90. }
  91. $find = array(
  92. $this->userModel.'.'.$this->fields['username'] => $user[$this->userModel . '.' . $this->fields['username']],
  93. $this->userModel.'.'.$this->fields['password'] => $user[$this->userModel . '.' . $this->fields['password']]
  94. );
  95. } else {
  96. return false;
  97. }
  98. $model =& $this->getModel();
  99. $data = $model->find(array_merge($find, $conditions), null, null, 0);
  100. if (empty($data) || empty($data[$this->userModel])) {
  101. return null;
  102. }*/
  103. // ---
  104. if (isset($user[$this->fields['username']]) && !empty($user[$this->fields['username']]) && !empty($user[$this->fields['password']])) {
  105. if (trim($user[$this->fields['username']]) == '=' || trim($user[$this->fields['password']]) == '=') {
  106. return false;
  107. }
  108. $find = array(
  109. $alias.'.'.$this->fields['username'] => $user[$this->fields['username']],
  110. $alias.'.'.$this->fields['password'] => $user[$this->fields['password']]
  111. );
  112. } elseif (isset($user[$this->userModel . '.' . $this->fields['username']]) && !empty($user[$this->userModel . '.' . $this->fields['username']])) {
  113. if (trim($user[$this->userModel . '.' . $this->fields['username']]) == '=' || trim($user[$this->userModel . '.' . $this->fields['password']]) == '=') {
  114. return false;
  115. }
  116. $find = array(
  117. $alias.'.'.$this->fields['username'] => $user[$this->userModel . '.' . $this->fields['username']],
  118. $alias.'.'.$this->fields['password'] => $user[$this->userModel . '.' . $this->fields['password']]
  119. );
  120. } else {
  121. return false;
  122. }
  123. $data = $model->find(array_merge($find, $conditions), null, null, 0);
  124. if (empty($data) || empty($data[$alias])) {
  125. return null;
  126. }
  127. // <<<
  128. } elseif (!empty($user) && is_string($user)) {
  129. $model =& $this->getModel();
  130. $data = $model->find(array_merge(array($model->escapeField() => $user), $conditions));
  131. // >>> MODIFY
  132. /*if (empty($data) || empty($data[$this->userModel])) {
  133. return null;
  134. }*/
  135. // ---
  136. if (empty($data) || empty($data[$alias])) {
  137. return null;
  138. }
  139. // <<<
  140. }
  141. if (!empty($data)) {
  142. // >>> MODIFY
  143. /*if (!empty($data[$alias][$this->fields['password']])) {
  144. unset($data[$alias][$this->fields['password']]);
  145. }
  146. return $data[$this->userModel];*/
  147. // ---
  148. if (!empty($data[$alias][$this->fields['password']])) {
  149. unset($data[$alias][$this->fields['password']]);
  150. }
  151. return $data[$alias];
  152. // <<<
  153. }
  154. return null;
  155. }
  156. /**
  157. * Manually log-in a user with the given parameter data. The $data provided can be any data
  158. * structure used to identify a user in AuthComponent::identify(). If $data is empty or not
  159. * specified, POST data from Controller::$data will be used automatically.
  160. *
  161. * After (if) login is successful, the user record is written to the session key specified in
  162. * AuthComponent::$sessionKey.
  163. *
  164. * @param mixed $data User object
  165. * @return boolean True on login success, false on failure
  166. * @access public
  167. */
  168. function login($data = null) {
  169. // CUSTOMIZE ADD 2011/09/25 ryuring
  170. // 簡単ログイン
  171. // >>>
  172. if(!empty($this->fields['serial']) && !$data) {
  173. $serial = $this->getSerial();
  174. $Model = $model =& $this->getModel();
  175. if($serial) {
  176. $data = $Model->find('first', array('conditions' => array($Model->alias.'.'.$this->fields['serial'] => $serial), 'recursive' => -1));
  177. }
  178. }
  179. // <<<
  180. return parent::login($data);
  181. }
  182. /**
  183. * Logs a user out, and returns the login action to redirect to.
  184. *
  185. * @param mixed $url Optional URL to redirect the user to after logout
  186. * @return string AuthComponent::$loginAction
  187. * @see AuthComponent::$loginAction
  188. * @access public
  189. */
  190. function logout() {
  191. if(!empty($this->fields['serial'])) {
  192. $this->deleteSerial();
  193. }
  194. return parent::logout();
  195. }
  196. /**
  197. * 個体識別IDを保存する
  198. * @return boolean
  199. */
  200. function saveSerial() {
  201. $user = $this->user();
  202. if(!empty($this->fields['serial']) && $user) {
  203. $serial = $this->getSerial();
  204. $Model = $model =& $this->getModel();
  205. if($serial) {
  206. $user[$this->userModel][$this->fields['serial']] = $serial;
  207. $Model->set($user);
  208. return $Model->save();
  209. }
  210. }
  211. }
  212. /**
  213. * 個体識別IDを削除する
  214. *
  215. * @return boolean
  216. */
  217. function deleteSerial() {
  218. $user = $this->user();
  219. if(!empty($this->fields['serial']) && $user) {
  220. $Model = $model =& $this->getModel();
  221. $user[$this->userModel][$this->fields['serial']] = '';
  222. $Model->set($user);
  223. return $Model->save();
  224. }
  225. }
  226. /**
  227. * 個体識別IDを取得
  228. *
  229. * @return string
  230. */
  231. function getSerial() {
  232. if(!empty($_SERVER['HTTP_X_DCMGUID'])) {
  233. return $_SERVER['HTTP_X_DCMGUID'];
  234. } elseif(!empty($_SERVER['HTTP_X_UP_SUBNO'])) {
  235. return $_SERVER['HTTP_X_UP_SUBNO'];
  236. } elseif(!empty($_SERVER['HTTP_X_JPHONE_UID'])) {
  237. return $_SERVER['HTTP_X_JPHONE_UID'];
  238. }
  239. return '';
  240. }
  241. }
  242. ?>