This class is a transparent base class for Auth and should not be accessed directly.
User authorization library. Handles user login and logout, as well as secure password hashing.
Class declared in MODPATH/auth/classes/Kohana/Auth.php on line 12.
$_configNULL
$_instanceNULL
$_sessionNULL
Loads Session and configuration options.
array
$config
= array(0) - Config Options void
public function __construct($config = [])
{
// Save the config in the object
$this->_config = $config;
$this->_session = Session::instance($this->_config['session_type']);
}
abstract public function check_password($password);
Gets the currently logged in user from the session. Returns null if no user is currently logged in.
mixed
$default
= NULL - Default value to return if the user is currently not logged in. mixed
public function get_user($default = null)
{
return $this->_session->get($this->_config['session_key'], $default);
}
Perform a hmac hash, using the configured method.
string
$str
required - String to hash string
public function hash($str)
{
if (!$this->_config['hash_key'])
throw new Kohana_Exception('A valid hash key must be set in your auth config.');
return hash_hmac($this->_config['hash_method'], $str, $this->_config['hash_key']);
}
Singleton pattern
Auth
public static function instance()
{
if (!isset(Auth::$_instance)) {
// Load the configuration for this type
$config = Kohana::$config->load('auth');
if (!$type = $config->get('driver')) {
$type = 'file';
}
// Set the session class name
$class = 'Auth_' . ucfirst($type);
// Create a new session instance
Auth::$_instance = new $class($config);
}
return Auth::$_instance;
}
Check if there is an active session. Optionally allows checking for a specific role.
string
$role
= NULL - Role name mixed
public function logged_in($role = null)
{
return ($this->get_user() !== null);
}
Attempt to log in a user by using an ORM object and plain-text password.
string
$username
required - Username to log in string
$password
required - Password to check against boolean
$remember
= bool FALSE - Enable autologin boolean
public function login($username, $password, $remember = false)
{
if (empty($password))
return false;
return $this->_login($username, $password, $remember);
}
Log out a user by removing the related session variables.
boolean
$destroy
= bool FALSE - Completely destroy the session boolean
$logout_all
= bool FALSE - Remove all tokens for user boolean
public function logout($destroy = false, $logout_all = false)
{
if ($destroy === true) {
// Destroy the session completely
$this->_session->destroy();
} else {
// Remove the user from the session
$this->_session->delete($this->_config['session_key']);
// Regenerate session_id
$this->_session->regenerate();
}
// Double check
return !$this->logged_in();
}
abstract public function password($username);
abstract protected function _login($username, $password, $remember);
protected function complete_login($user)
{
// Regenerate session_id
$this->_session->regenerate();
// Store username in session
$this->_session->set($this->_config['session_key'], $user);
return true;
}