This class is a transparent base class for Auth_ORM and should not be accessed directly.
ORM Auth driver.
Class declared in MODPATH/orm/classes/Kohana/Auth/ORM.php on line 11.
$_configNULL
$_instanceNULL
$_sessionNULL
Logs a user in, based on the authautologin cookie.
mixed
public function auto_login()
{
if ($token = Cookie::get('authautologin')) {
// Load the token and user
$token = ORM::factory('User_Token', ['token' => $token]);
if ($token->loaded() AND $token->user->loaded()) {
if ($token->user_agent === sha1(Request::$user_agent)) {
// Save the token to create a new unique token
$token->save();
// Set the new token
Cookie::set('authautologin', $token->token, $token->expires - time());
// Complete the login with the found data
$this->complete_login($token->user);
// Automatic login was successful
return $token->user;
}
// Token is invalid
$token->delete();
}
}
return false;
}
Compare password with original (hashed). Works for current (logged in) user
string
$password
required - $password boolean
public function check_password($password)
{
$user = $this->get_user();
if (!$user)
return false;
return ($this->hash($password) === $user->password);
}
Forces a user to be logged in, without specifying a password.
mixed
$user
required - Username string, or user ORM object boolean
$mark_session_as_forced
= bool FALSE - Mark the session as forced boolean
public function force_login($user, $mark_session_as_forced = false)
{
if (!is_object($user)) {
$username = $user;
// Load the user
$user = ORM::factory('User');
$user->where($user->unique_key($username), '=', $username)->find();
}
if ($mark_session_as_forced === true) {
// Mark the session as forced, to prevent users from changing account information
$this->_session->set('auth_forced', true);
}
// Run the standard completion
$this->complete_login($user);
}
Gets the currently logged in user from the session (with auto_login check). Returns $default if no user is currently logged in.
mixed
$default
= NULL - To return in case user isn't logged in mixed
public function get_user($default = null)
{
$user = parent::get_user($default);
if ($user === $default) {
// check for "remembered" login
if (($user = $this->auto_login()) === false)
return $default;
}
return $user;
}
Checks if a session is active.
mixed
$role
= NULL - Role name string, role ORM object, or array with role names boolean
public function logged_in($role = null)
{
// Get the user from the session
$user = $this->get_user();
if (!$user)
return false;
if ($user instanceof Model_User AND $user->loaded()) {
// If we don't have a roll no further checking is needed
if (!$role)
return true;
if (is_array($role)) {
// Get all the roles
$roles = ORM::factory('Role')
->where('name', 'IN', $role)
->find_all()
->as_array(null, 'id');
// Make sure all the roles are valid ones
if (count($roles) !== count($role))
return false;
}
else {
if (!is_object($role)) {
// Load the role
$roles = ORM::factory('Role', ['name' => $role]);
if (!$roles->loaded())
return false;
}
else {
$roles = $role;
}
}
return $user->has('roles', $roles);
}
}
Log a user out and remove any autologin cookies.
boolean
$destroy
= bool FALSE - Completely destroy the session boolean
$logout_all
= bool FALSE - Remove all tokens for user boolean
public function logout($destroy = false, $logout_all = false)
{
// Set by force_login()
$this->_session->delete('auth_forced');
if ($token = Cookie::get('authautologin')) {
// Delete the autologin cookie to prevent re-login
Cookie::delete('authautologin');
// Clear the autologin token from the database
$token = ORM::factory('User_Token', ['token' => $token]);
if ($token->loaded() AND $logout_all) {
// Delete all user tokens. This isn't the most elegant solution but does the job
$tokens = ORM::factory('User_Token')->where('user_id', '=', $token->user_id)->find_all();
foreach ($tokens as $_token) {
$_token->delete();
}
} elseif ($token->loaded()) {
$token->delete();
}
}
return parent::logout($destroy);
}
Get the stored password for a username.
mixed
$user
required - Username string, or user ORM object string
public function password($user)
{
if (!is_object($user)) {
$username = $user;
// Load the user
$user = ORM::factory('User');
$user->where($user->unique_key($username), '=', $username)->find();
}
return $user->password;
}
Loads Session and configuration options.
array
$config
= array(0) - Config Options void
public function __construct($config = [])
{
// Save the config in the object
$this->_config = $config;
$this->_session = Session::instance($this->_config['session_type']);
}
Perform a hmac hash, using the configured method.
string
$str
required - String to hash string
public function hash($str)
{
if (!$this->_config['hash_key'])
throw new Kohana_Exception('A valid hash key must be set in your auth config.');
return hash_hmac($this->_config['hash_method'], $str, $this->_config['hash_key']);
}
Singleton pattern
Auth
public static function instance()
{
if (!isset(Auth::$_instance)) {
// Load the configuration for this type
$config = Kohana::$config->load('auth');
if (!$type = $config->get('driver')) {
$type = 'file';
}
// Set the session class name
$class = 'Auth_' . ucfirst($type);
// Create a new session instance
Auth::$_instance = new $class($config);
}
return Auth::$_instance;
}
Attempt to log in a user by using an ORM object and plain-text password.
string
$username
required - Username to log in string
$password
required - Password to check against boolean
$remember
= bool FALSE - Enable autologin boolean
public function login($username, $password, $remember = false)
{
if (empty($password))
return false;
return $this->_login($username, $password, $remember);
}
Logs a user in.
string
$user
required - Name string
$password
required - $password boolean
$remember
required - Enable autologin boolean
protected function _login($user, $password, $remember)
{
if (!is_object($user)) {
$username = $user;
// Load the user
$user = ORM::factory('User');
$user->where($user->unique_key($username), '=', $username)->find();
}
if (is_string($password)) {
// Create a hashed password
$password = $this->hash($password);
}
// If the passwords match, perform a login
if ($user->has('roles', ORM::factory('Role', ['name' => 'login'])) AND $user->password === $password) {
if ($remember === true) {
// Token data
$data = [
'user_id' => $user->pk(),
'expires' => time() + $this->_config['lifetime'],
'user_agent' => sha1(Request::$user_agent),
];
// Create a new autologin token
$token = ORM::factory('User_Token')
->values($data)
->create();
// Set the autologin cookie
Cookie::set('authautologin', $token->token, $this->_config['lifetime']);
}
// Finish the login
$this->complete_login($user);
return true;
}
// Login failed
return false;
}
Complete the login for a user by incrementing the logins and setting session data: user_id, username, roles.
object
$user
required - User ORM object void
protected function complete_login($user)
{
$user->complete_login();
return parent::complete_login($user);
}