openrat-cms

# OpenRat Content Management System
git clone http://git.code.weiherhei.de/openrat-cms.git
Log | Files | Refs

RememberAuth.class.php (1903B)


      1 <?php
      2 
      3 use database\Database;
      4 use cms\model\User;
      5 
      6 /**
      7  * Authentifizierung mit einem Login-Token.
      8  *  
      9  * @author dankert
     10  */
     11 class RememberAuth implements Auth
     12 {
     13     /**
     14      * @return null
     15      */
     16     public function username()
     17 	{
     18 		// Ermittelt den Benutzernamen aus den Login-Cookies.
     19 		if	( isset($_COOKIE['or_token'   ]) &&
     20 			  isset($_COOKIE['or_dbid'    ])    )
     21 		{
     22 			try
     23 			{
     24 			    list( $selector,$token) = array_pad( explode('.',$_COOKIE['or_token']),2,'');
     25 				$dbid = $_COOKIE['or_dbid'];
     26 				
     27                 $dbConfig = config()->subset('database');
     28 
     29                 if	( ! $dbConfig->has( $dbid ) ) {
     30 
     31                     Logger::info( 'unknown DB-Id for token-login: '.$dbid );
     32                     return null;
     33                 }
     34 
     35                 $dbConfig = $dbConfig->subset($dbid );
     36 
     37 
     38                 $key = 'read'; // Only reading in database.
     39 
     40                 $db = new Database( $dbConfig->subset($key)->getConfig() + $dbConfig->getConfig() );
     41                 $db->id = $dbid;
     42 				$db->start();
     43 
     44 				$stmt = $db->sql( <<<SQL
     45                     SELECT userid,{{user}}.name as username,token,token_algo FROM {{auth}}
     46                        LEFT JOIN {{user}} ON {{auth}}.userid = {{user}}.id
     47                     WHERE selector = {selector} AND expires > {now}
     48 SQL
     49                 );
     50 				$stmt->setString('selector',$selector);
     51 				$stmt->setInt   ('now'     ,time()   );
     52 
     53 				$auth = $stmt->getRow();
     54 
     55 				if  ( $auth )
     56                 {
     57                     if   ( \security\Password::check($token, $auth['token'],$auth['token_algo']) )
     58                         return $auth['username'];
     59                 }
     60 
     61 			}
     62 			catch( ObjectNotFoundException $e )
     63 			{
     64 				// Benutzer nicht gefunden.
     65 			}
     66 		}
     67 		
     68 		return null;
     69 	}
     70 	
     71 	
     72 	/**
     73 	 * Ueberpruefen des Kennwortes ist über den Cookie nicht möglich.
     74 	 */
     75 	public function login( $user, $password, $token )
     76 	{
     77 		return false;
     78 	}
     79 }
     80 
     81 ?>