
extends Auth
extends Kohana_Auth

ORM Auth driver.

protected $_config

protected static $_instance


protected $_session


public auto_login( ) (defined in Kohana_Auth_ORM)

Logs a user in, based on the authautologin cookie.

Return Values

  • mixed

Source Code

public function auto_login()
	if ($token = Cookie::get('authautologin'))
		// Load the token and user
		$token = ORM::factory('user_token', array('token' => $token));

		if ($token->loaded() AND $token->user->loaded())
			if ($token->user_agent === sha1(Request::$user_agent))
				// Save the token to create a new unique token

				// Set the new token
				Cookie::set('authautologin', $token->token, $token->expires - time());

				// Complete the login with the found data

				// Automatic login was successful
				return $token->user;

			// Token is invalid

	return FALSE;

public check_password( string $password ) (defined in Kohana_Auth_ORM)

Compare password with original (hashed). Works for current (logged in) user


  • string $password required - $password

Return Values

  • boolean

Source Code

public function check_password($password)
	$user = $this->get_user();

	if ( ! $user)
		return FALSE;

	return ($this->hash($password) === $user->password);

public force_login( mixed $user [, boolean $mark_session_as_forced = bool FALSE ] ) (defined in Kohana_Auth_ORM)

Forces a user to be logged in, without specifying a password.


  • mixed $user required - Username string, or user ORM object
  • boolean $mark_session_as_forced = bool FALSE - Mark the session as forced

Return Values

  • boolean

Source Code

public function force_login($user, $mark_session_as_forced = FALSE)
	if ( ! is_object($user))
		$username = $user;

		// Load the user
		$user = ORM::factory('user');
		$user->where($user->unique_key($username), '=', $username)->find();

	if ($mark_session_as_forced === TRUE)
		// Mark the session as forced, to prevent users from changing account information
		$this->_session->set('auth_forced', TRUE);

	// Run the standard completion

public get_user( [ mixed $default = NULL ] ) (defined in Kohana_Auth_ORM)

Gets the currently logged in user from the session (with auto_login check). Returns $default if no user is currently logged in.


  • mixed $default = NULL - To return in case user isn't logged in

Return Values

  • mixed

Source Code

public function get_user($default = NULL)
	$user = parent::get_user($default);

	if ($user === $default)
		// check for "remembered" login
		if (($user = $this->auto_login()) === FALSE)
			return $default;

	return $user;

public logged_in( [ mixed $role = NULL ] ) (defined in Kohana_Auth_ORM)

Checks if a session is active.


  • mixed $role = NULL - Role name string, role ORM object, or array with role names

Return Values

  • boolean

Source Code

public function logged_in($role = NULL)
	// Get the user from the session
	$user = $this->get_user();

	if ( ! $user)
		return FALSE;

	if ($user instanceof Model_User AND $user->loaded())
		// If we don't have a roll no further checking is needed
		if ( ! $role)
			return TRUE;

		if (is_array($role))
			// Get all the roles
			$roles = ORM::factory('role')
						->where('name', 'IN', $role)
						->as_array(NULL, 'id');

			// Make sure all the roles are valid ones
			if (count($roles) !== count($role))
				return FALSE;
			if ( ! is_object($role))
				// Load the role
				$roles = ORM::factory('role', array('name' => $role));

				if ( ! $roles->loaded())
					return FALSE;

		return $user->has('roles', $roles);

public logout( [ boolean $destroy = bool FALSE , boolean $logout_all = bool FALSE ] ) (defined in Kohana_Auth_ORM)

Log a user out and remove any autologin cookies.


  • boolean $destroy = bool FALSE - Completely destroy the session
  • boolean $logout_all = bool FALSE - Remove all tokens for user

Return Values

  • boolean

Source Code

public function logout($destroy = FALSE, $logout_all = FALSE)
	// Set by force_login()

	if ($token = Cookie::get('authautologin'))
		// Delete the autologin cookie to prevent re-login

		// Clear the autologin token from the database
		$token = ORM::factory('user_token', array('token' => $token));

		if ($token->loaded() AND $logout_all)
			// Delete all user tokens. This isn't the most elegant solution but does the job
			$tokens = ORM::factory('user_token')->where('user_id','=',$token->user_id)->find_all();
			foreach ($tokens as $_token)
		elseif ($token->loaded())

	return parent::logout($destroy);

public password( mixed $user ) (defined in Kohana_Auth_ORM)

Get the stored password for a username.


  • mixed $user required - Username string, or user ORM object

Return Values

  • string

Source Code

public function password($user)
	if ( ! is_object($user))
		$username = $user;

		// Load the user
		$user = ORM::factory('user');
		$user->where($user->unique_key($username), '=', $username)->find();

	return $user->password;

public __construct( [ array $config = array(0) ] ) (defined in Kohana_Auth)

Loads Session and configuration options.


  • array $config = array(0) - Config Options

Return Values

  • void

Source Code

public function __construct($config = array())
	// Save the config in the object
	$this->_config = $config;

	$this->_session = Session::instance($this->_config['session_type']);

public hash( string $str ) (defined in Kohana_Auth)

Perform a hmac hash, using the configured method.


  • string $str required - String to hash

Return Values

  • string

Source Code

public function hash($str)
	if ( ! $this->_config['hash_key'])
		throw new Kohana_Exception('A valid hash key must be set in your auth config.');

	return hash_hmac($this->_config['hash_method'], $str, $this->_config['hash_key']);

public hash_password( string $password ) (defined in Kohana_Auth)

Creates a hashed hmac password from a plaintext password. This method is deprecated, Auth::hash should be used instead.


  • string $password required - Plaintext password


  • Deprecated -

Source Code

public function hash_password($password)
	return $this->hash($password);

public static instance( ) (defined in Kohana_Auth)

Singleton pattern

Return Values

  • Auth

Source Code

public static function instance()
	if ( ! isset(Auth::$_instance))
		// Load the configuration for this type
		$config = Kohana::$config->load('auth');

		if ( ! $type = $config->get('driver'))
			$type = 'file';

		// Set the session class name
		$class = 'Auth_'.ucfirst($type);

		// Create a new session instance
		Auth::$_instance = new $class($config);

	return Auth::$_instance;

public login( string $username , string $password [, boolean $remember = bool FALSE ] ) (defined in Kohana_Auth)

Attempt to log in a user by using an ORM object and plain-text password.


  • string $username required - Username to log in
  • string $password required - Password to check against
  • boolean $remember = bool FALSE - Enable autologin

Return Values

  • boolean

Source Code

public function login($username, $password, $remember = FALSE)
	if (empty($password))
		return FALSE;

	return $this->_login($username, $password, $remember);

protected _login( string $user , string $password , boolean $remember ) (defined in Kohana_Auth_ORM)

Logs a user in.


  • string $user required - Name
  • string $password required - $password
  • boolean $remember required - Enable autologin

Return Values

  • boolean

Source Code

protected function _login($user, $password, $remember)
	if ( ! is_object($user))
		$username = $user;

		// Load the user
		$user = ORM::factory('user');
		$user->where($user->unique_key($username), '=', $username)->find();

	if (is_string($password))
		// Create a hashed password
		$password = $this->hash($password);

	// If the passwords match, perform a login
	if ($user->has('roles', ORM::factory('role', array('name' => 'login'))) AND $user->password === $password)
		if ($remember === TRUE)
			// Token data
			$data = array(
				'user_id'    => $user->pk(),
				'expires'    => time() + $this->_config['lifetime'],
				'user_agent' => sha1(Request::$user_agent),

			// Create a new autologin token
			$token = ORM::factory('user_token')

			// Set the autologin cookie
			Cookie::set('authautologin', $token->token, $this->_config['lifetime']);

		// Finish the login

		return TRUE;

	// Login failed
	return FALSE;

protected complete_login( object $user ) (defined in Kohana_Auth_ORM)

Complete the login for a user by incrementing the logins and setting session data: user_id, username, roles.


  • object $user required - User ORM object

Return Values

  • void

Source Code

protected function complete_login($user)

	return parent::complete_login($user);