<?php
//
// +--------------------------------------------------------------------------+
// | |
// | XS PHP Library Generic Classes Library |
// | |
// | Copyright (c) 2001-2002 XSPHPLib Group. |
// | |
// +--------------------------------------------------------------------------+
// | |
// | Distributed under the terms of the GNU Lesser General Public License as |
// | published by the Free Software Foundation version 2.1 |
// | See the GNU Lesser General Public License for more details. You should |
// | have received a copy of the GNU Lesser General Public License along with |
// | this package; if not, write to the Free Software Foundation, Inc., |
// | 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
// | |
// | Authors: Robert Bala <hide@address.com> |
// | |
// +--------------------------------------------------------------------------+
//
// $Id: auth.inc.php,v 1.2 2002/11/28 09:50:30 rbala Exp $
/**
* System defined user permission.
*
* This level of permission doesn't inherit from other permission.
*/
define('AUTH_PERM_USER', 1 | 0);
/**
* System defined editor permission.
*
* This level of permission inherits from user permission.
*/
define('AUTH_PERM_EDITOR', 1 | 2);
/**
* System defined admin permission.
*
* This level of permission inherits from editor permission.
*/
define('AUTH_PERM_ADMIN', 1 | 2 | 4);
/**
* List of system permission indexed by name.
*
* This variable can be modified to customize to specific needs. By default
* basic levels of permissions are defined. Permissions are identified by name
* eg user or admin, not by bit masks. If you plan to define your own permission
* levels you have to create valid bit mask constants and override $auth_perms
* to access permissions by name.
*
* @global string $auth_perms
* @see AUTH_PERM_USER, AUTH_PERM_EDITOR, AUTH_PERM_ADMIN
*
*/
$auth_perms = array(
'user' => AUTH_PERM_USER,
'editor' => AUTH_PERM_EDITOR,
'admin' => AUTH_PERM_ADMIN
);
/**
* Authentication and Permission class.
*
* This is basic class useful to create authentication and permission for
* web system. Before use it there should be defined login and logout functions
* and passed to class construtor to handle user verification.
*
* @author Robert Bala <hide@address.com>
* @access public
* @package core
* @version $Id: auth.inc.php,v 1.2 2002/11/28 09:50:30 rbala Exp $
*/
class Auth extends Object {
/**
* User access permission.
* @access private
* @var string
*/
var $_perms;
/**
* Logged user name.
* @access private
* @var string
*/
var $_username;
/**
* The user session life time.
* @access private
* @var string
*/
var $_lifetime;
/**
* The user session expire time.
* @access private
* @var int
*/
var $_expired;
/**
* Reference name of the login function.
* @access private
* @var string
*/
var $_auth_login;
/**
* Reference name of the logout function.
* @access private
* @var string
*/
var $_auth_logout;
/**
* Auth class constructor.
*
* Creates the new instance of Auth class and sets up basic properties.
*
* @access public
* @param string $login the name of the login function, defaults to null.
* @param string $logout the name of the logout function, defaults to null.
* @return void
*/
function Auth($login=null, $logout=null) {
Object::Object();
$this->_perms = '';
if (isset($login)) {
$this->_auth_login = $login;
} else {
$this->_auth_login = '_auth_login';
}
if (isset($logout)) {
$this->_auth_logout = $logout;
} else {
$this->_auth_logout = '_auth_logout';
}
$this->_username = '';
$this->_lifetime = 15;
$this->_expired = '0';
}
/**
* Gets the logged user name.
*
* Returns the logged user name or empty string.
*
* @access public
* @return string
*/
function getUsername() {
return $this->_username;
}
/**
* Gets the logged user permission name.
*
* Returns the logged user permission name or empty string.
*
* @access public
* @return string
*/
function getPerms() {
return $this->_perms;
}
/**
* Attempt to login user to the system.
*
* Returns true on success or false on any kind of failure.
*
* @access public
* @param string $username the user name.
* @param string $password the user password.
* @return boolean
*/
function login($username, $password) {
$_auth_login = $this->_auth_login;
$params['username'] = $username;
$params['password'] = $password;
$this->logout();
if ($_auth_login($params)) {
$this->_username = $username;
if (isset($params['perms'])) {
$this->_perms = $params['perms'];
}
if (isset($params['lifetime'])) {
$this->_lifetime = $params['lifetime'];
}
$this->_expired = time() + (60 * $this->_lifetime);
} else {
return false;
}
return true;
}
/**
* Attempt to logout user from the system.
*
* Returns true on success or false on any kind of failure.
*
* @access public
* @return boolean
*/
function logout() {
$_auth_logout = $this->_auth_logout;
$params['username'] = $this->_username;
$params['lifetime'] = $this->_lifetime;
if (strlen($this->_username) && $_auth_logout($params)) {
$this->_perms = '';
$this->_expired = '0';
$this->_username = '';
} else {
return false;
}
return true;
}
/**
* Finds whether the user has sufficient permissions.
*
* Returns true if the user has sufficient system permissions, false otherwise.
*
* @access public
* @return boolean
*/
function validPerms($perms) {
if ($this->isLogged()) {
$pageperms = split(",", $perms);
$userperms = split(",", $this->_perms);
list($pageflag, $pagebits) = _auth_parsePerms($pageperms);
list($userflag, $userbits) = _auth_parsePerms($userperms);
$permflag = (($userbits & $pagebits) == $pagebits);
if (!($permflag && $pageflag && $userflag)) {
return false;
} else {
return true;
}
}
return false;
}
/**
* Finds whether the user is logged in the system.
*
* Returns true if the user is logged in the system, false otherwise.
*
* @access public
* @return boolean
*/
function isLogged() {
if (strlen($this->_username)) {
if (($this->_lifetime <= 0) || (time() < $this->_expired)) {
return true;
}
$this->logout();
}
return false;
}
}
/**
* Internal user login function.
*
* Always returns false. This is internal function used by {@link Auth::login()}
* method which should be overrided in class constructor by user defined function.
* The passed params array contains user information like username, lifetime etc.
* If the true is set as a function result it means that user is allowed to
* access the system.
*
* @author Robert Bala <hide@address.com>
* @access private
* @param array $params the user session params.
* @return boolean
*/
function _auth_login(&$params) {
return false;
}
/**
* Internal user logout function.
*
* Always returns true. This is internal function used by {@link Auth::logout()}
* method which should be overrided in class constructor by user defined function.
* The passed params array contains user information like username, lifetime etc.
* If the true is set as a function result it means that user is allowed to
* logout from the system.
*
* @author Robert Bala <hide@address.com>
* @access private
* @param array $params the user session params.
* @return boolean
*/
function _auth_logout($params) {
return true;
}
/**
* Permission parsing and matching.
*
* This is internal function used by {@link Auth::validPerms()} method.
*
* @author Robert Bala <hide@address.com>
* @access private
* @param array $perms the permission name list.
* @return array
*/
function _auth_parsePerms($perms) {
global $auth_perms;
if (is_array($perms) && is_array($auth_perms)) {
$result = 0;
reset($perms);
while(list($index, $value) = each($perms)) {
if (!isset($auth_perms[$value])) {
return array(false, 0);
}
$result |= $auth_perms[$value];
}
return array(true, $result);
}
return array(false, 0);
}
?>