PageRenderTime 46ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 0ms

/protected/application/admin/controllers/AuthController.php

https://github.com/rjdjohnston/core
PHP | 204 lines | 123 code | 37 blank | 44 comment | 17 complexity | e2c1bc20d091d7ec54e8b0eb98d23623 MD5 | raw file
    

  1. <?php
    2. 

  2. /*
    3. 

  3.  *    Copyright 2008-2009 Laurent Eschenauer and Alard Weisscher
    4. 

  4.  *
    5. 

  5.  *  Licensed under the Apache License, Version 2.0 (the "License");
    6. 

  6.  *  you may not use this file except in compliance with the License.
    7. 

  7.  *  You may obtain a copy of the License at
    8. 

  8.  *
    9. 

  9.  *      http://www.apache.org/licenses/LICENSE-2.0
    10. 

  10.  *
    11. 

  11.  *  Unless required by applicable law or agreed to in writing, software
    12. 

  12.  *  distributed under the License is distributed on an "AS IS" BASIS,
    13. 

  13.  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14. 

  14.  *  See the License for the specific language governing permissions and
    15. 

  15.  *  limitations under the License.
    16. 

  16.  *  
    17. 

  17.  */
    18. 

  18. 

  19. class Admin_AuthController extends Zend_Controller_Action
    20. 

  20. {	
    21. 

  21.     protected $_application;
    22. 

  22.     
    23. 

  23.     protected $_bookmarklet = false;
    24. 

  24. 

  25.     public function init()
    26. 

  26.     {
    27. 

  27.         $this->_application = Stuffpress_Application::getInstance();
    28. 

  28.     	// If request is from a bookmarklet, we use another layout
    29. 

  29. 		if ($this->_hasParam('bookmarklet') && $this->_getParam('bookmarklet')) { 
    30. 

  30. 			$this->_helper->layout->setlayout('bookmarklet');
    31. 

  31. 			$this->_bookmarklet = true;
    32. 

  32. 			$this->view->bookmarklet = true;
    33. 

  33. 		}
    34. 

  34.     }
    35. 

  35. 	
    36. 

  36. 	public function indexAction()
    37. 

  37. 	{
    38. 

  38. 		$target = $this->_getParam("target");
    39. 

  39. 		$form   = $this->getForm();
    40. 

  40. 		
    41. 

  41. 		if ($target) {
    42. 

  42. 			$form->getElement('target')->setValue($target);
    43. 

  43. 		}
    44. 

  44. 		
    45. 

  45. 		if (!isset($this->view->form)) {
    46. 

  46. 			$this->view->form = $form;
    47. 

  47. 		}
    48. 

  48. 	}
    49. 

  49. 

  50. 	public function loginAction()
    51. 

  51. 	{
    52. 

  52. 		// This should be a post request
    53. 

  53. 		if (!$this->getRequest()->isPost()) {
    54. 

  54. 			return $this->_forward('index', 'index', 'admin');
    55. 

  55. 		}
    56. 

  56. 		
    57. 

  57. 		// Whatever happens from here, we first clear all identity
    58. 

  58. 		$this->_application->user = false;
    59. 

  59. 		$this->_application->role = 'guest';
    60. 

  60. 		
    61. 

  61. 		// Validate the form
    62. 

  62. 		$form 	= $this->getForm();
    63. 

  63. 		if (!$form->isValid($_POST)) {
    64. 

  64. 			// Failed validation; redisplay form
    65. 

  65. 			$this->view->failedValidation = true;
    66. 

  66. 			$this->view->form = $form;
    67. 

  67. 			return $this->_forward('index');
    68. 

  68. 		}
    69. 

  69. 

  70. 		// Get (and maybe we should also clean) the values
    71. 

  71. 		$values   = $form->getValues();
    72. 

  72. 		$username = $values['username'];
    73. 

  73. 		$password = $values['password'];
    74. 

  74. 		$remember = $values['remember'];
    75. 

  75. 		
    76. 

  76. 		// Get the user 
    77. 

  77. 		$users	= new Users();
    78. 

  78. 		if (!$user = $users->getUserFromUsername($username)) {
    79. 

  79. 			$this->view->failedAuthentication = true;
    80. 

  80. 			$this->view->form = $form;
    81. 

  81. 			return $this->_forward('index');
    82. 

  82. 		}
    83. 

  83. 		
    84. 

  84. 		// Validate the password
    85. 

  85. 		if ($user->password != md5($password)) {
    86. 

  86. 			$this->view->failedAuthentication = true;
    87. 

  87. 			$this->view->form = $form;
    88. 

  88. 			return $this->_forward('index');
    89. 

  89. 		}
    90. 

  90. 		
    91. 

  91. 		// Is the user verified ?
    92. 

  92. 		if (!$user->verified) {
    93. 

  93. 			$this->view->unverified=true;
    94. 

  94. 			$this->view->failedAuthentication = true;
    95. 

  95. 			$this->view->form = $form;
    96. 

  96. 			return $this->_forward('index');
    97. 

  97. 		}
    98. 

  98. 		
    99. 

  99. 		// We assing arole
    100. 

  100. 		$role = 'member';
    101. 

  101. 		
    102. 

  102. 		// Everything ok, we can log in and assign role
    103. 

  103. 		$this->_application->user = $user;
    104. 

  104. 		$this->_application->role = $role;
    105. 

  105. 		
    106. 

  106. 		// We can also hit the login stats
    107. 

  107. 		$users->hitLogin($user->id);
    108. 

  108. 		
    109. 

  109. 		// Send the cookie with the authentication data
    110. 

  110. 		$cookie	= new Stuffpress_Cookie($user->id);
    111. 

  111. 		$cookie->set($remember);
    112. 

  112. 		
    113. 

  113. 		$config = Zend_Registry::get('configuration');
    114. 

  114. 		$domain = trim($config->web->host, " /");
    115. 

  115. 		$path   = trim($config->web->path, " /");
    116. 

  116. 		
    117. 

  117. 		
    118. 

  118. 		// If we have a special target
    119. 

  119. 		if ($values['target'] == 'user_page') {			
    120. 

  120. 			// If single user, we go back to the host
    121. 

  121. 			if (isset($config->app->user)) {
    122. 

  122. 				$url = "http://$domain/$path";
    123. 

  123. 			} else {
    124. 

  124. 				$url	= "http://{$user->username}.$domain/$path";
    125. 

  125. 			};
    126. 

  126. 

  127. 			return $this->_redirect($url);
    128. 

  128. 		}
    129. 

  129. 		else if ($values['target']) {
    130. 

  130. 			$target = trim($values['target'], " /");
    131. 

  131. 			return $this->_redirect("http://$domain/$target");
    132. 

  132. 		} 
    133. 

  133. 

  134. 		// Otherwise we go back to the home page
    135. 

  135. 		return $this->_helper->redirector('index', 'index', 'admin');
    136. 

  136. 	}
    137. 

  137. 	
    138. 

  138. 	public function logoutAction()
    139. 

  139. 	{
    140. 

  140. 		
    141. 

  141. 		// We clear the identity immediately
    142. 

  142. 		$this->_application->user = false;
    143. 

  143. 		$this->_application->role = 'guest';
    144. 

  144. 		
    145. 

  145. 		// Clear the cookie
    146. 

  146. 		$cookie = new Stuffpress_Cookie();
    147. 

  147. 		$cookie->logout();
    148. 

  148. 		
    149. 

  149. 		// Get the request parameters
    150. 

  150. 		$target 	= 	$this->_getParam("target");
    151. 

  151. 		
    152. 

  152. 		// If we have a target, we go there
    153. 

  153. 		if ($target) {
    154. 

  154. 			return $this->_redirect($target);
    155. 

  155. 		}
    156. 

  156. 		
    157. 

  157. 		// Otherwise we go back to the home page
    158. 

  158. 		return $this->_redirect('/');
    159. 

  159. 	}
    160. 

  160. 

  161. 	private function getForm() {
    162. 

  162. 		$form = new Stuffpress_Form();
    163. 

  163.    
    164. 

  164. 		// Add the form element details
    165. 

  165. 		$form->setAction('admin/auth/login');
    166. 

  166. 		$form->setMethod('post');
    167. 

  167. 		$form->setName('formLoginMain');
    168. 

  168. 

  169. 		// Create and configure username element:
    170. 

  170. 		$username = $form->createElement('text', 'username',  array('label' => 'Username:', 'decorators' => $form->noDecorators));
    171. 

  171. 		$username->addValidator('alnum');
    172. 

  172. 		$username->addValidator('stringLength', false, array(4, 20));
    173. 

  173. 		$username->setRequired(true);
    174. 

  174. 		$username->addFilter('StringToLower');
    175. 

  175. 		$form->addElement($username);
    176. 

  176. 		
    177. 

  177. 		// Create and configure password element:
    178. 

  178. 		$password = $form->createElement('password', 'password', array('label' => 'Password:', 'decorators' => $form->noDecorators));
    179. 

  179. 		$password->addValidator('StringLength', false, array(6, 20));
    180. 

  180. 		$password->setRequired(true);
    181. 

  181. 		$form->addElement($password);		
    182. 

  182. 		
    183. 

  183. 		// Remember me
    184. 

  184. 		$element = $form->createElement('checkbox', 'remember',  array('label' => 'Remember:', 'decorators' => $form->noDecorators, 'class' => 'remember'));
    185. 

  185. 		$element->setRequired(true);
    186. 

  186. 		$form->addElement($element);	
    187. 

  187. 

  188. 		// Add a hidden element with a target url
    189. 

  189. 		$target	= $form->createElement('hidden', 'target');
    190. 

  190. 		$target->setDecorators(array(array('ViewHelper')));
    191. 

  191. 

  192. 		// Add a hidden element with a bookmarklet flag
    193. 

  193. 		$bk	= $form->createElement('hidden', 'bookmarklet');
    194. 

  194. 		$bk->setDecorators(array(array('ViewHelper')));		
    195. 

  195. 		$bk->setValue($this->_bookmarklet);
    196. 

  196. 		
    197. 

  197. 		// Add elements to form:
    198. 

  198. 		$form->addElement($target);
    199. 

  199. 		$form->addElement($bk);
    200. 

  200. 		$form->addElement('submit', 'login', array('label' => 'Sign in', 'decorators' => $form->noDecorators));
    201. 

  201. 		
    202. 

  202. 		return $form;
    203. 

  203. 	}
    204. 

  204. }
    205.