auth.php
来自「Cake Framwork , Excellent」· PHP 代码 · 共 825 行 · 第 1/2 页
PHP
825 行
* @access public */ function isAuthorized($type = null, $object = null, $user = null) { if (empty($user) && !$this->user()) { return false; } elseif (empty($user)) { $user = $this->user(); } extract($this->__authType($type)); if (!$object) { $object = $this->object; } $valid = false; switch ($type) { case 'controller': $valid = $object->isAuthorized(); break; case 'actions': $valid = $this->Acl->check($user, $this->action()); break; case 'crud': $this->mapActions(); if (!isset($this->actionMap[$this->params['action']])) { trigger_error(sprintf(__('Auth::startup() - Attempted access of un-mapped action "%1$s" in controller "%2$s"', true), $this->params['action'], $this->params['controller']), E_USER_WARNING); } else { $valid = $this->Acl->check($user, $this->action(':controller'), $this->actionMap[$this->params['action']]); } break; case 'model': $this->mapActions(); $action = $this->params['action']; if(isset($this->actionMap[$action])) { $action = $this->actionMap[$action]; } if (is_string($object)) { $object = $this->getModel($object); } case 'object': if (!isset($action)) { $action = $this->action(':action'); } if (empty($object)) { trigger_error(sprintf(__('Could not find %s. Set AuthComponent::$object in beforeFilter() or pass a valid object', true), get_class($object)), E_USER_WARNING); return; } if (method_exists($object, 'isAuthorized')) { $valid = $object->isAuthorized($user, $this->action(':controller'), $action); } elseif ($object){ trigger_error(sprintf(__('%s::isAuthorized() is not defined.', true), get_class($object)), E_USER_WARNING); } break; case null: case false: return true; break; default: trigger_error(__('Auth::isAuthorized() - $authorize is set to an incorrect value. Allowed settings are: "actions", "crud", "model" or null.', true), E_USER_WARNING); break; } return $valid; }/** * Get authorization type * * @param string $auth Type of authorization * @return array Associative array with: type, object * @access private */ function __authType($auth = null) { if ($auth == null) { $auth = $this->authorize; } $object = null; if (is_array($auth)) { $type = key($auth); $object = $auth[$type]; } else { $type = $auth; return compact('type'); } return compact('type', 'object'); }/** * Takes a list of actions in the current controller for which authentication is not required, or * no parameters to allow all actions. * * @param string $action Controller action name * @param string $action Controller action name * @param string ... etc. * @access public */ function allow() { $args = func_get_args(); if (empty($args)) { $this->allowedActions = array('*'); } else { if (isset($args[0]) && is_array($args[0])) { $args = $args[0]; } $this->allowedActions = array_merge($this->allowedActions, $args); } }/** * Removes items from the list of allowed actions. * * @param string $action Controller action name * @param string $action Controller action name * @param string ... etc. * @see AuthComponent::allow() * @access public */ function deny() { $args = func_get_args(); foreach ($args as $arg) { $i = array_search($arg, $this->allowedActions); if (is_int($i)) { unset($this->allowedActions[$i]); } } $this->allowedActions = array_values($this->allowedActions); }/** * Maps action names to CRUD operations. Used for controller-based authentication. * * @param array $map Actions to map * @access public */ function mapActions($map = array()) { $crud = array('create', 'read', 'update', 'delete'); foreach ($map as $action => $type) { if (in_array($action, $crud) && is_array($type)) { foreach ($type as $typedAction) { $this->actionMap[$typedAction] = $action; } } else { $this->actionMap[$action] = $type; } } }/** * Manually log-in a user with the given parameter data. The $data provided can be any data * structure used to identify a user in AuthComponent::identify(). If $data is empty or not * specified, POST data from Controller::$data will be used automatically. * * After (if) login is successful, the user record is written to the session key specified in * AuthComponent::$sessionKey. * * @param mixed $data User object * @return boolean True on login success, false on failure * @access public */ function login($data = null) { $this->__setDefaults(); $this->_loggedIn = false; if (empty($data)) { $data = $this->data; } if ($user = $this->identify($data)) { $this->Session->write($this->sessionKey, $user); $this->_loggedIn = true; } return $this->_loggedIn; }/** * Logs a user out, and returns the login action to redirect to. * * @param mixed $url Optional URL to redirect the user to after logout * @return string AuthComponent::$loginAction * @see AuthComponent::$loginAction * @access public */ function logout() { $this->__setDefaults(); $this->Session->del($this->sessionKey); $this->Session->del('Auth.redirect'); $this->_loggedIn = false; return Router::normalize($this->logoutRedirect); }/** * Get the current user from the session. * * @return array User record, or null if no user is logged in. * @access public */ function user($key = null) { $this->__setDefaults(); if (!$this->Session->check($this->sessionKey)) { return null; } if ($key == null) { return array($this->userModel => $this->Session->read($this->sessionKey)); } else { $user = $this->Session->read($this->sessionKey); if (isset($user[$key])) { return $user[$key]; } else { return null; } } }/** * If no parameter is passed, gets the authentication redirect URL. * * @param mixed $url Optional URL to write as the login redirect URL. * @return string Redirect URL * @access public */ function redirect($url = null) { if (!is_null($url)) { return $this->Session->write('Auth.redirect', $url); } if ($this->Session->check('Auth.redirect')) { $redir = $this->Session->read('Auth.redirect'); $this->Session->delete('Auth.redirect'); if (Router::normalize($redir) == Router::normalize($this->loginAction)) { $redir = $this->loginRedirect; } } else { $redir = $this->loginRedirect; } return Router::normalize($redir); }/** * Validates a user against an abstract object. * * @param mixed $object The object to validate the user against. * @param mixed $user Optional. The identity of the user to be validated. * Uses the current user session if none specified. For * valid forms of identifying users, see * AuthComponent::identify(). * @param string $action Optional. The action to validate against. * @see AuthComponent::identify() * @return boolean True if the user validates, false otherwise. * @access public */ function validate($object, $user = null, $action = null) { if (empty($user)) { $user = $this->user(); } if (empty($user)) { return false; } return $this->Acl->check($user, $object, $action); }/** * Returns the path to the ACO node bound to a controller/action. * * @param string $action Optional. The controller/action path to validate the * user against. The current request action is used if * none is specified. * @return boolean ACO node path * @access public */ function action($action = ':controller/:action') { return str_replace( array(':controller', ':action'), array(Inflector::camelize($this->params['controller']), $this->params['action']), $this->actionPath . $action ); }/** * Returns a reference to the model object specified, and attempts * to load it if it is not found. * * @param string $name Model name (defaults to AuthComponent::$userModel) * @return object A reference to a model object * @access public */ function &getModel($name = null) { $model = null; if (!$name) { $name = $this->userModel; } if (PHP5) { $model = ClassRegistry::init($name); } else { $model =& ClassRegistry::init($name); } if (empty($model)) { trigger_error(__('Auth::getModel() - Model is not set or could not be found', true), E_USER_WARNING); return null; } return $model; }/** * Identifies a user based on specific criteria. * * @param mixed $user Optional. The identity of the user to be validated. * Uses the current user session if none specified. * @param array $conditions Optional. Additional conditions to a find. * @return array User record data, or null, if the user could not be identified. * @access public */ function identify($user = null, $conditions = null) { if ($conditions === false) { $conditions = null; } elseif (is_array($conditions)) { $conditions = array_merge((array)$this->userScope, $conditions); } else { $conditions = $this->userScope; } if (empty($user)) { $user = $this->user(); if (empty($user)) { return null; } } elseif (is_object($user) && is_a($user, 'Model')) { if (!$user->exists()) { return null; } $user = $user->read(); $user = $user[$this->userModel]; } elseif (is_array($user) && isset($user[$this->userModel])) { $user = $user[$this->userModel]; } if (is_array($user) && (isset($user[$this->fields['username']]) || isset($user[$this->userModel . '.' . $this->fields['username']]))) { if (isset($user[$this->fields['username']]) && !empty($user[$this->fields['username']]) && !empty($user[$this->fields['password']])) { if (trim($user[$this->fields['username']]) == '=' || trim($user[$this->fields['password']]) == '=') { return false; } $find = array( $this->userModel.'.'.$this->fields['username'] => $user[$this->fields['username']], $this->userModel.'.'.$this->fields['password'] => $user[$this->fields['password']] ); } elseif (isset($user[$this->userModel . '.' . $this->fields['username']]) && !empty($user[$this->userModel . '.' . $this->fields['username']])) { if (trim($user[$this->userModel . '.' . $this->fields['username']]) == '=' || trim($user[$this->userModel . '.' . $this->fields['password']]) == '=') { return false; } $find = array( $this->userModel.'.'.$this->fields['username'] => $user[$this->userModel . '.' . $this->fields['username']], $this->userModel.'.'.$this->fields['password'] => $user[$this->userModel . '.' . $this->fields['password']] ); } else { return false; } $model =& $this->getModel(); $data = $model->find(array_merge($find, $conditions), null, null, 0); if (empty($data) || empty($data[$this->userModel])) { return null; } } elseif (is_numeric($user)) { $model =& $this->getModel(); $data = $model->find(array_merge(array($model->escapeField() => $user), $conditions)); if (empty($data) || empty($data[$this->userModel])) { return null; } } if (isset($data) && !empty($data)) { if (!empty($data[$this->userModel][$this->fields['password']])) { unset($data[$this->userModel][$this->fields['password']]); } return $data[$this->userModel]; } else { return null; } }/** * Hash any passwords found in $data using $userModel and $fields['password'] * * @param array $data Set of data to look for passwords * @return array Data with passwords hashed * @access public */ function hashPasswords($data) { if (is_object($this->authenticate) && method_exists($this->authenticate, 'hashPasswords')) { return $this->authenticate->hashPasswords($data); } if (isset($data[$this->userModel])) { if (isset($data[$this->userModel][$this->fields['username']]) && isset($data[$this->userModel][$this->fields['password']])) { $data[$this->userModel][$this->fields['password']] = $this->password($data[$this->userModel][$this->fields['password']]); } } return $data; }/** * Hash a password with the application's salt value (as defined with Configure::write('Security.salt'); * * @param string $password Password to hash * @return string Hashed password * @access public */ function password($password) { return Security::hash($password, null, true); }/** * Component shutdown. If user is logged in, wipe out redirect. * * @param object $controller Instantiating controller * @access public */ function shutdown(&$controller) { if ($this->_loggedIn) { $this->Session->del('Auth.redirect'); } }}?>
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?