summaryrefslogtreecommitdiff
path: root/app/frontend
diff options
context:
space:
mode:
Diffstat (limited to 'app/frontend')
-rw-r--r--app/frontend/dto/UserKeyDTO.php26
-rw-r--r--app/frontend/facades/UserFacade.php42
-rw-r--r--app/frontend/user/DbUser.php36
-rw-r--r--app/frontend/user/config.xml3
4 files changed, 106 insertions, 1 deletions
diff --git a/app/frontend/dto/UserKeyDTO.php b/app/frontend/dto/UserKeyDTO.php
new file mode 100644
index 0000000..1dbca8e
--- /dev/null
+++ b/app/frontend/dto/UserKeyDTO.php
@@ -0,0 +1,26 @@
+<?php
+
+Prado::using('Application.dto.BaseDTO');
+Prado::using('Application.model.UserAuthKey');
+
+class UserKeyDTO extends BaseDTO {
+
+ public $User;
+ public $Key;
+ public $IPAddress;
+
+ public function loadRecord(UserAuthKey $record) {
+ if ($record->User) {
+ $this->User = $record->User->Login;
+ }
+ $this->Key = $record->AuthKey;
+ $this->IPAddress = $record->IPAddress;
+ }
+
+ public static function __compare(UserKeyDTO $dto1, UserKeyDTO $dto2) {
+ return strcmp($dto1->Key, $dto2->Key);
+ }
+
+}
+
+?>
diff --git a/app/frontend/facades/UserFacade.php b/app/frontend/facades/UserFacade.php
index 5c8b6c0..a976af2 100644
--- a/app/frontend/facades/UserFacade.php
+++ b/app/frontend/facades/UserFacade.php
@@ -3,8 +3,10 @@
Prado::using('Application.facades.Facade');
Prado::using('Application.user.DbUser');
Prado::using('Application.model.User');
+Prado::using('Application.model.UserAuthKey');
Prado::using('Application.dto.TimezoneDTO');
Prado::using('Application.dto.LanguageDTO');
+Prado::using('Application.dto.UserKeyDTO');
class UserFacade extends Facade {
@@ -118,6 +120,46 @@ class UserFacade extends Facade {
return FALSE;
}
+ public function createUserAuthKey(DbUser $user) {
+ if ($user->IsGuest) {
+ return NULL;
+ }
+ $authKey = new UserAuthKey();
+ $authKey->AuthKey = md5(mt_rand());
+ $authKey->IPAddress = Prado::getApplication()->Request->UserHostAddress;
+ $authKey->UserID = $user->DbRecord->ID;
+ $authKey->save();
+ $dto = new UserKeyDTO();
+ $dto->loadRecord($authKey);
+ return $dto;
+ }
+
+ public function compileCookieData(UserKeyDTO $key) {
+ $data = base64_encode(serialize($key));
+ return Prado::getApplication()->SecurityManager->hashData($data);
+ }
+
+ public function getUserFromCookieData(THttpCookie $cookie) {
+ $application = Prado::getApplication();
+ try {
+ $data = $application->SecurityManager->validateData($cookie->getValue());
+ if ($data) {
+ $data = unserialize(base64_decode($data));
+ if ($data instanceof UserKeyDTO) {
+ $dataRecord = UserAuthKey::finder()->findByAuthKey($data->Key);
+ if ($dataRecord
+ && $data->User === $dataRecord->User->Login
+ && $data->IPAddress === $application->Request->UserHostAddress) {
+ return $data;
+ }
+ }
+ }
+ return NULL;
+ } catch (Exception $e) {
+ return NULL;
+ }
+ }
+
}
?>
diff --git a/app/frontend/user/DbUser.php b/app/frontend/user/DbUser.php
index d636e8b..e398cb0 100644
--- a/app/frontend/user/DbUser.php
+++ b/app/frontend/user/DbUser.php
@@ -19,6 +19,16 @@ class DbUser extends TDbUser {
return $this->_record;
}
+ private $_authKey;
+
+ public function setAuthKey($key) {
+ $this->_authKey = $key;
+ }
+
+ public function getAuthKey() {
+ return $this->_authKey;
+ }
+
public function createUser($username) {
$dbUser = UserFacade::getInstance()->findByLogin($username);
if (!$dbUser) {
@@ -47,6 +57,32 @@ class DbUser extends TDbUser {
}
}
+ public function createUserFromCookie($cookie) {
+ $userFacade = UserFacade::getInstance();
+ try {
+ $userData = $userFacade->getUserFromCookieData($cookie);
+ if ($userData) {
+ $user = $this->createUser($userData->User);
+ $user->AuthKey = $userData->Key;
+ return $user;
+ }
+ return NULL;
+ } catch (TInvalidDataException $e) {
+ return NULL;
+ }
+ return NULL;
+ }
+
+ public function saveUserToCookie($cookie) {
+ $userFacade = UserFacade::getInstance();
+ $authKey = $userFacade->createUserAuthKey($this);
+ if ($authKey) {
+ $cookieData = $userFacade->compileCookieData($authKey);
+ $cookie->setValue($cookieData);
+ $cookie->setExpire(4294967296); // 2**32
+ }
+ }
+
public function __call($name, $args) {
$match = [];
if (preg_match('/^getIs(.+)$/', $name, $match)) {
diff --git a/app/frontend/user/config.xml b/app/frontend/user/config.xml
index 80027e5..d4ca867 100644
--- a/app/frontend/user/config.xml
+++ b/app/frontend/user/config.xml
@@ -2,7 +2,8 @@
<configuration>
<modules>
<module id="auth" class="System.Security.TAuthManager"
- UserManager="users" LoginPage="Login" />
+ UserManager="users" LoginPage="Login"
+ AllowAutoLogin="true" />
<module id="users" class="System.Security.TDbUserManager"
UserClass="Application.user.DbUser" />
</modules>