diff options
Diffstat (limited to 'app/frontend')
-rw-r--r-- | app/frontend/dto/UserKeyDTO.php | 26 | ||||
-rw-r--r-- | app/frontend/facades/UserFacade.php | 42 | ||||
-rw-r--r-- | app/frontend/user/DbUser.php | 36 | ||||
-rw-r--r-- | app/frontend/user/config.xml | 3 |
4 files changed, 106 insertions, 1 deletions
diff --git a/app/frontend/dto/UserKeyDTO.php b/app/frontend/dto/UserKeyDTO.php new file mode 100644 index 0000000..1dbca8e --- /dev/null +++ b/app/frontend/dto/UserKeyDTO.php @@ -0,0 +1,26 @@ +<?php + +Prado::using('Application.dto.BaseDTO'); +Prado::using('Application.model.UserAuthKey'); + +class UserKeyDTO extends BaseDTO { + + public $User; + public $Key; + public $IPAddress; + + public function loadRecord(UserAuthKey $record) { + if ($record->User) { + $this->User = $record->User->Login; + } + $this->Key = $record->AuthKey; + $this->IPAddress = $record->IPAddress; + } + + public static function __compare(UserKeyDTO $dto1, UserKeyDTO $dto2) { + return strcmp($dto1->Key, $dto2->Key); + } + +} + +?> diff --git a/app/frontend/facades/UserFacade.php b/app/frontend/facades/UserFacade.php index 5c8b6c0..a976af2 100644 --- a/app/frontend/facades/UserFacade.php +++ b/app/frontend/facades/UserFacade.php @@ -3,8 +3,10 @@ Prado::using('Application.facades.Facade'); Prado::using('Application.user.DbUser'); Prado::using('Application.model.User'); +Prado::using('Application.model.UserAuthKey'); Prado::using('Application.dto.TimezoneDTO'); Prado::using('Application.dto.LanguageDTO'); +Prado::using('Application.dto.UserKeyDTO'); class UserFacade extends Facade { @@ -118,6 +120,46 @@ class UserFacade extends Facade { return FALSE; } + public function createUserAuthKey(DbUser $user) { + if ($user->IsGuest) { + return NULL; + } + $authKey = new UserAuthKey(); + $authKey->AuthKey = md5(mt_rand()); + $authKey->IPAddress = Prado::getApplication()->Request->UserHostAddress; + $authKey->UserID = $user->DbRecord->ID; + $authKey->save(); + $dto = new UserKeyDTO(); + $dto->loadRecord($authKey); + return $dto; + } + + public function compileCookieData(UserKeyDTO $key) { + $data = base64_encode(serialize($key)); + return Prado::getApplication()->SecurityManager->hashData($data); + } + + public function getUserFromCookieData(THttpCookie $cookie) { + $application = Prado::getApplication(); + try { + $data = $application->SecurityManager->validateData($cookie->getValue()); + if ($data) { + $data = unserialize(base64_decode($data)); + if ($data instanceof UserKeyDTO) { + $dataRecord = UserAuthKey::finder()->findByAuthKey($data->Key); + if ($dataRecord + && $data->User === $dataRecord->User->Login + && $data->IPAddress === $application->Request->UserHostAddress) { + return $data; + } + } + } + return NULL; + } catch (Exception $e) { + return NULL; + } + } + } ?> diff --git a/app/frontend/user/DbUser.php b/app/frontend/user/DbUser.php index d636e8b..e398cb0 100644 --- a/app/frontend/user/DbUser.php +++ b/app/frontend/user/DbUser.php @@ -19,6 +19,16 @@ class DbUser extends TDbUser { return $this->_record; } + private $_authKey; + + public function setAuthKey($key) { + $this->_authKey = $key; + } + + public function getAuthKey() { + return $this->_authKey; + } + public function createUser($username) { $dbUser = UserFacade::getInstance()->findByLogin($username); if (!$dbUser) { @@ -47,6 +57,32 @@ class DbUser extends TDbUser { } } + public function createUserFromCookie($cookie) { + $userFacade = UserFacade::getInstance(); + try { + $userData = $userFacade->getUserFromCookieData($cookie); + if ($userData) { + $user = $this->createUser($userData->User); + $user->AuthKey = $userData->Key; + return $user; + } + return NULL; + } catch (TInvalidDataException $e) { + return NULL; + } + return NULL; + } + + public function saveUserToCookie($cookie) { + $userFacade = UserFacade::getInstance(); + $authKey = $userFacade->createUserAuthKey($this); + if ($authKey) { + $cookieData = $userFacade->compileCookieData($authKey); + $cookie->setValue($cookieData); + $cookie->setExpire(4294967296); // 2**32 + } + } + public function __call($name, $args) { $match = []; if (preg_match('/^getIs(.+)$/', $name, $match)) { diff --git a/app/frontend/user/config.xml b/app/frontend/user/config.xml index 80027e5..d4ca867 100644 --- a/app/frontend/user/config.xml +++ b/app/frontend/user/config.xml @@ -2,7 +2,8 @@ <configuration> <modules> <module id="auth" class="System.Security.TAuthManager" - UserManager="users" LoginPage="Login" /> + UserManager="users" LoginPage="Login" + AllowAutoLogin="true" /> <module id="users" class="System.Security.TDbUserManager" UserClass="Application.user.DbUser" /> </modules> |