* saving and restoring user data from cookie

4 files changed, 106 insertions, 1 deletions

diff --git a/app/frontend/dto/UserKeyDTO.php b/app/frontend/dto/UserKeyDTO.php
new file mode 100644
index 0000000..1dbca8e
--- /dev/null
+++ b/app/frontend/dto/UserKeyDTO.php
@@ -0,0 +1,26 @@
+<?php
+
+Prado::using('Application.dto.BaseDTO');
+Prado::using('Application.model.UserAuthKey');
+
+class UserKeyDTO extends BaseDTO {
+
+    public $User;
+    public $Key;
+    public $IPAddress;
+
+    public function loadRecord(UserAuthKey $record) {
+        if ($record->User) {
+            $this->User = $record->User->Login;
+        }
+        $this->Key = $record->AuthKey;
+        $this->IPAddress = $record->IPAddress;
+    }
+
+    public static function __compare(UserKeyDTO $dto1, UserKeyDTO $dto2) {
+        return strcmp($dto1->Key, $dto2->Key);
+    }
+
+}
+
+?>
diff --git a/app/frontend/facades/UserFacade.php b/app/frontend/facades/UserFacade.php
index 5c8b6c0..a976af2 100644
--- a/app/frontend/facades/UserFacade.php
+++ b/app/frontend/facades/UserFacade.php
@@ -3,8 +3,10 @@
 Prado::using('Application.facades.Facade');
 Prado::using('Application.user.DbUser');
 Prado::using('Application.model.User');
+Prado::using('Application.model.UserAuthKey');
 Prado::using('Application.dto.TimezoneDTO');
 Prado::using('Application.dto.LanguageDTO');
+Prado::using('Application.dto.UserKeyDTO');
 
 class UserFacade extends Facade {
 
@@ -118,6 +120,46 @@ class UserFacade extends Facade {
         return FALSE;
     }
 
+    public function createUserAuthKey(DbUser $user) {
+        if ($user->IsGuest) {
+            return NULL;
+        }
+        $authKey = new UserAuthKey();
+        $authKey->AuthKey = md5(mt_rand());
+        $authKey->IPAddress = Prado::getApplication()->Request->UserHostAddress;
+        $authKey->UserID = $user->DbRecord->ID;
+        $authKey->save();
+        $dto = new UserKeyDTO();
+        $dto->loadRecord($authKey);
+        return $dto;
+    }
+
+    public function compileCookieData(UserKeyDTO $key) {
+        $data = base64_encode(serialize($key));
+        return Prado::getApplication()->SecurityManager->hashData($data);
+    }
+
+    public function getUserFromCookieData(THttpCookie $cookie) {
+        $application = Prado::getApplication();
+        try {
+            $data = $application->SecurityManager->validateData($cookie->getValue());
+            if ($data) {
+                $data = unserialize(base64_decode($data));
+                if ($data instanceof UserKeyDTO) {
+                    $dataRecord = UserAuthKey::finder()->findByAuthKey($data->Key);
+                    if ($dataRecord
+                        && $data->User === $dataRecord->User->Login
+                        && $data->IPAddress === $application->Request->UserHostAddress) {
+                        return $data;
+                    }
+                }
+            }
+            return NULL;
+        } catch (Exception $e) {
+            return NULL;
+        }
+    }
+
 }
 
 ?>
diff --git a/app/frontend/user/DbUser.php b/app/frontend/user/DbUser.php
index d636e8b..e398cb0 100644
--- a/app/frontend/user/DbUser.php
+++ b/app/frontend/user/DbUser.php
@@ -19,6 +19,16 @@ class DbUser extends TDbUser {
         return $this->_record;
     }
 
+    private $_authKey;
+
+    public function setAuthKey($key) {
+        $this->_authKey = $key;
+    }
+
+    public function getAuthKey() {
+        return $this->_authKey;
+    }
+
     public function createUser($username) {
         $dbUser = UserFacade::getInstance()->findByLogin($username);
         if (!$dbUser) {
@@ -47,6 +57,32 @@ class DbUser extends TDbUser {
         }
     }
 
+    public function createUserFromCookie($cookie) {
+        $userFacade = UserFacade::getInstance();
+        try {
+            $userData = $userFacade->getUserFromCookieData($cookie);
+            if ($userData) {
+                $user = $this->createUser($userData->User);
+                $user->AuthKey = $userData->Key;
+                return $user;
+            }
+            return NULL;
+        } catch (TInvalidDataException $e) {
+            return NULL;
+        }
+        return NULL;
+    }
+
+    public function saveUserToCookie($cookie) {
+        $userFacade = UserFacade::getInstance();
+        $authKey = $userFacade->createUserAuthKey($this);
+        if ($authKey) {
+            $cookieData = $userFacade->compileCookieData($authKey);
+            $cookie->setValue($cookieData);
+            $cookie->setExpire(4294967296); // 2**32
+        }
+    }
+
     public function __call($name, $args) {
         $match = [];
         if (preg_match('/^getIs(.+)$/', $name, $match)) {
diff --git a/app/frontend/user/config.xml b/app/frontend/user/config.xml
index 80027e5..d4ca867 100644
--- a/app/frontend/user/config.xml
+++ b/app/frontend/user/config.xml
@@ -2,7 +2,8 @@
 <configuration>
   <modules>
     <module id="auth" class="System.Security.TAuthManager"
-            UserManager="users" LoginPage="Login" />
+            UserManager="users" LoginPage="Login"
+            AllowAutoLogin="true" />
     <module id="users" class="System.Security.TDbUserManager"
             UserClass="Application.user.DbUser" />
   </modules>