RememberAuth.class.php (1903B)
1 <?php 2 3 use database\Database; 4 use cms\model\User; 5 6 /** 7 * Authentifizierung mit einem Login-Token. 8 * 9 * @author dankert 10 */ 11 class RememberAuth implements Auth 12 { 13 /** 14 * @return null 15 */ 16 public function username() 17 { 18 // Ermittelt den Benutzernamen aus den Login-Cookies. 19 if ( isset($_COOKIE['or_token' ]) && 20 isset($_COOKIE['or_dbid' ]) ) 21 { 22 try 23 { 24 list( $selector,$token) = array_pad( explode('.',$_COOKIE['or_token']),2,''); 25 $dbid = $_COOKIE['or_dbid']; 26 27 $dbConfig = config()->subset('database'); 28 29 if ( ! $dbConfig->has( $dbid ) ) { 30 31 Logger::info( 'unknown DB-Id for token-login: '.$dbid ); 32 return null; 33 } 34 35 $dbConfig = $dbConfig->subset($dbid ); 36 37 38 $key = 'read'; // Only reading in database. 39 40 $db = new Database( $dbConfig->subset($key)->getConfig() + $dbConfig->getConfig() ); 41 $db->id = $dbid; 42 $db->start(); 43 44 $stmt = $db->sql( <<<SQL 45 SELECT userid,{{user}}.name as username,token,token_algo FROM {{auth}} 46 LEFT JOIN {{user}} ON {{auth}}.userid = {{user}}.id 47 WHERE selector = {selector} AND expires > {now} 48 SQL 49 ); 50 $stmt->setString('selector',$selector); 51 $stmt->setInt ('now' ,time() ); 52 53 $auth = $stmt->getRow(); 54 55 if ( $auth ) 56 { 57 if ( \security\Password::check($token, $auth['token'],$auth['token_algo']) ) 58 return $auth['username']; 59 } 60 61 } 62 catch( ObjectNotFoundException $e ) 63 { 64 // Benutzer nicht gefunden. 65 } 66 } 67 68 return null; 69 } 70 71 72 /** 73 * Ueberpruefen des Kennwortes ist über den Cookie nicht möglich. 74 */ 75 public function login( $user, $password, $token ) 76 { 77 return false; 78 } 79 } 80 81 ?>