1: | <?php |
2: | /** |
3: | * This file is part of the PHPLucidFrame library. |
4: | * Core utility for user authentication system |
5: | * |
6: | * @package PHPLucidFrame\Core |
7: | * @since PHPLucidFrame v 1.0.0 |
8: | * @copyright Copyright (c), PHPLucidFrame. |
9: | * @link http://phplucidframe.com |
10: | * @license http://www.opensource.org/licenses/mit-license.php MIT License |
11: | * |
12: | * This source file is subject to the MIT license that is bundled |
13: | * with this source code in the file LICENSE |
14: | */ |
15: | |
16: | /** |
17: | * Check and get the authentication configuration settings |
18: | */ |
19: | function auth_prerequisite() |
20: | { |
21: | db_prerequisite(); |
22: | |
23: | $auth = _cfg('auth'); |
24: | |
25: | if (isset($auth['table']) && $auth['table'] && |
26: | isset($auth['fields']['id']) && $auth['fields']['id'] && |
27: | isset($auth['fields']['role']) && $auth['fields']['role']) { |
28: | return $auth; |
29: | } else { |
30: | _header(400); |
31: | throw new \InvalidArgumentException('Required to configure <code class="inline">$lc_auth</code> in <code class="inline">/inc/config.php</code>.'); |
32: | } |
33: | } |
34: | |
35: | if (!function_exists('auth_create')) { |
36: | /** |
37: | * Create Authentication object |
38: | * This function is overridable from the custom helpers/auth_helper.php |
39: | * |
40: | * @param string $id PK value |
41: | * @param object $data The user data object (optional). If it is not given, auth_create will load it from db |
42: | * |
43: | * @return object|bool The authenticated user object or FALSE on failure |
44: | */ |
45: | function auth_create($id, $data = null) |
46: | { |
47: | $lc_auth = auth_prerequisite(); |
48: | $auth = auth_get(); |
49: | |
50: | if (!$auth) { |
51: | $session = is_object($data) ? $data : auth_getUserInfo($id); |
52: | if (isset($session)) { |
53: | $fieldRole = $lc_auth['fields']['role']; |
54: | |
55: | $session->sessId = session_id(); |
56: | $session->timestamp = time(); |
57: | $session->token = strtoupper(_randomCode(20)); |
58: | $session->permissions = auth_permissions($session->$fieldRole); |
59: | |
60: | auth_set($session); |
61: | |
62: | return $session; |
63: | } |
64: | } else { |
65: | return $auth; |
66: | } |
67: | |
68: | return false; |
69: | } |
70: | } |
71: | |
72: | if (!function_exists('auth_getUserInfo')) { |
73: | /** |
74: | * Get user record from db to create auth session |
75: | * This function is overridable from the custom helpers/auth_helper.php |
76: | * @param int $id User ID |
77: | * @return mixed |
78: | */ |
79: | function auth_getUserInfo($id) |
80: | { |
81: | $auth = _cfg('auth'); |
82: | $table = db_table($auth['table']); |
83: | $fieldId = $auth['fields']['id']; |
84: | |
85: | return db_select($table) |
86: | ->where()->condition($fieldId, $id) |
87: | ->getSingleResult(); |
88: | } |
89: | } |
90: | |
91: | /** |
92: | * Get the namespace for the authentication object |
93: | * Sometimes, the Auth session name should be different upon directory (namespace) |
94: | * |
95: | * @return string |
96: | */ |
97: | function auth_namespace() |
98: | { |
99: | return LC_NAMESPACE ? 'AuthUser.' . LC_NAMESPACE : 'AuthUser.default'; |
100: | } |
101: | |
102: | /** |
103: | * Get the authenticated user object from Session |
104: | * @return mixed |
105: | */ |
106: | function auth_get() |
107: | { |
108: | return session_get(auth_namespace(), true); |
109: | } |
110: | |
111: | /** |
112: | * Set the authenticated user object to Session |
113: | * @param object $sess The authentication object |
114: | */ |
115: | function auth_set($sess) |
116: | { |
117: | _app('auth', $sess); |
118: | session_set(auth_namespace(), $sess, true); |
119: | } |
120: | |
121: | /** |
122: | * Clear the authenticated user object from session |
123: | */ |
124: | function auth_clear() |
125: | { |
126: | session_delete(auth_namespace()); |
127: | _app('auth', null); |
128: | } |
129: | |
130: | /** |
131: | * Check if a user is not authenticated |
132: | * @return bool TRUE if user is not authenticated, otherwise FALSE |
133: | */ |
134: | function auth_isAnonymous() |
135: | { |
136: | $auth = auth_prerequisite(); |
137: | $field = $auth['fields']['id']; |
138: | $session = auth_get(); |
139: | |
140: | return (is_object($session) && $session->$field > 0) ? false : true; |
141: | } |
142: | |
143: | /** |
144: | * Check if a user is authenticated |
145: | * @return boolean |
146: | */ |
147: | function auth_isLoggedIn() |
148: | { |
149: | return ! auth_isAnonymous(); |
150: | } |
151: | |
152: | if (!function_exists('auth_permissions')) { |
153: | /** |
154: | * Get the permissions of a particular role |
155: | * This function is overridable from the custom helpers/auth_helper.php |
156: | * @param string $role The user role name or id |
157: | * @return array|null Array of permissions of the role |
158: | */ |
159: | function auth_permissions($role) |
160: | { |
161: | $auth = _cfg('auth'); |
162: | $perms = isset($auth['permissions']) ? $auth['permissions'] : array(); |
163: | |
164: | return isset($perms[$role]) ? $perms[$role] : null; |
165: | } |
166: | } |
167: | |
168: | if (!function_exists('auth_role')) { |
169: | /** |
170: | * Check if the authenticated user has the specific user role |
171: | * This function is overridable from the custom helpers/auth_helper.php |
172: | * @param string $role The user role name or id |
173: | * @return boolean |
174: | */ |
175: | function auth_role($role) |
176: | { |
177: | if (auth_isAnonymous()) { |
178: | return false; |
179: | } |
180: | |
181: | $auth = auth_prerequisite(); |
182: | $field = $auth['fields']['role']; |
183: | $session = auth_get(); |
184: | |
185: | return $session->$field == $role; |
186: | } |
187: | } |
188: | |
189: | if (!function_exists('auth_roles')) { |
190: | /** |
191: | * Check if the authenticated user has the specific user role(s) |
192: | * This function is overridable from the custom helpers/auth_helper.php |
193: | * @param string [$role, ...] The list of user role names |
194: | * @return boolean |
195: | */ |
196: | function auth_roles() |
197: | { |
198: | if (auth_isAnonymous()) { |
199: | return false; |
200: | } |
201: | |
202: | $auth = auth_prerequisite(); |
203: | $field = $auth['fields']['role']; |
204: | $session = auth_get(); |
205: | $roles = func_get_args(); |
206: | |
207: | return in_array($session->$field, $roles); |
208: | } |
209: | } |
210: | |
211: | if (!function_exists('auth_can')) { |
212: | /** |
213: | * Check if the authenticated user has a particular permission |
214: | * This function is overridable from the custom helpers/auth_helper.php |
215: | * @param string $perm The permission name |
216: | * @return boolean TRUE if the authenticated user has a particular permission, otherwise FALSE |
217: | */ |
218: | function auth_can($perm) |
219: | { |
220: | if (auth_isAnonymous()) { |
221: | return false; |
222: | } |
223: | |
224: | $sess = auth_get(); |
225: | |
226: | if (!is_array($sess->permissions)) { |
227: | return false; |
228: | } |
229: | |
230: | if (count($sess->permissions) == 0 || in_array($perm, $sess->permissions)) { |
231: | return true; |
232: | } |
233: | |
234: | return false; |
235: | } |
236: | } |
237: |