| 1: | <?php |
| 2: | /** |
| 3: | * This file is part of the PHPLucidFrame library. |
| 4: | * Core utility for user authentication system |
| 5: | * |
| 6: | * @package PHPLucidFrame\Core |
| 7: | * @since PHPLucidFrame v 1.0.0 |
| 8: | * @copyright Copyright (c), PHPLucidFrame. |
| 9: | * @link http://phplucidframe.com |
| 10: | * @license http://www.opensource.org/licenses/mit-license.php MIT License |
| 11: | * |
| 12: | * This source file is subject to the MIT license that is bundled |
| 13: | * with this source code in the file LICENSE |
| 14: | */ |
| 15: | |
| 16: | /** |
| 17: | * Check and get the authentication configuration settings |
| 18: | */ |
| 19: | function auth_prerequisite() |
| 20: | { |
| 21: | db_prerequisite(); |
| 22: | |
| 23: | $auth = _cfg('auth'); |
| 24: | |
| 25: | if (isset($auth['table']) && $auth['table'] && |
| 26: | isset($auth['fields']['id']) && $auth['fields']['id'] && |
| 27: | isset($auth['fields']['role']) && $auth['fields']['role']) { |
| 28: | return $auth; |
| 29: | } else { |
| 30: | _header(400); |
| 31: | throw new \InvalidArgumentException('Required to configure <code class="inline">$lc_auth</code> in <code class="inline">/inc/config.php</code>.'); |
| 32: | } |
| 33: | } |
| 34: | |
| 35: | if (!function_exists('auth_create')) { |
| 36: | /** |
| 37: | * Create Authentication object |
| 38: | * This function is overridable from the custom helpers/auth_helper.php |
| 39: | * |
| 40: | * @param string $id PK value |
| 41: | * @param object $data The user data object (optional). If it is not given, auth_create will load it from db |
| 42: | * |
| 43: | * @return object|bool The authenticated user object or FALSE on failure |
| 44: | */ |
| 45: | function auth_create($id, $data = null) |
| 46: | { |
| 47: | $lc_auth = auth_prerequisite(); |
| 48: | $auth = auth_get(); |
| 49: | |
| 50: | if (!$auth) { |
| 51: | $session = is_object($data) ? $data : auth_getUserInfo($id); |
| 52: | if (isset($session)) { |
| 53: | $fieldRole = $lc_auth['fields']['role']; |
| 54: | |
| 55: | // Regenerate session ID to prevent session fixation |
| 56: | if (session_status() === PHP_SESSION_ACTIVE) { |
| 57: | session_regenerate_id(true); |
| 58: | } |
| 59: | |
| 60: | $session->sessId = session_id(); |
| 61: | $session->timestamp = time(); |
| 62: | $session->token = strtoupper(_randomCode(20)); |
| 63: | $session->permissions = auth_permissions($session->$fieldRole); |
| 64: | |
| 65: | auth_set($session); |
| 66: | |
| 67: | return $session; |
| 68: | } |
| 69: | } else { |
| 70: | return $auth; |
| 71: | } |
| 72: | |
| 73: | return false; |
| 74: | } |
| 75: | } |
| 76: | |
| 77: | if (!function_exists('auth_getUserInfo')) { |
| 78: | /** |
| 79: | * Get user record from db to create auth session |
| 80: | * This function is overridable from the custom helpers/auth_helper.php |
| 81: | * @param int $id User ID |
| 82: | * @return mixed |
| 83: | */ |
| 84: | function auth_getUserInfo($id) |
| 85: | { |
| 86: | $auth = _cfg('auth'); |
| 87: | $table = db_table($auth['table']); |
| 88: | $fieldId = $auth['fields']['id']; |
| 89: | |
| 90: | return db_select($table) |
| 91: | ->where()->condition($fieldId, $id) |
| 92: | ->getSingleResult(); |
| 93: | } |
| 94: | } |
| 95: | |
| 96: | /** |
| 97: | * Get the namespace for the authentication object |
| 98: | * The Auth session name can be different upon directory (namespace) |
| 99: | * But it can also be shared according to $lc_sharedNamespaces |
| 100: | * |
| 101: | * @return string |
| 102: | */ |
| 103: | function auth_namespace() |
| 104: | { |
| 105: | $sites = _cfg('sites'); |
| 106: | $namespaces = _cfg('sharedNamespaces'); |
| 107: | |
| 108: | if (LC_NAMESPACE && isset($sites[LC_NAMESPACE]) && isset($namespaces[LC_NAMESPACE])) { |
| 109: | $namespace = $namespaces[LC_NAMESPACE]; |
| 110: | } else { |
| 111: | $namespace = LC_NAMESPACE; |
| 112: | } |
| 113: | |
| 114: | return LC_NAMESPACE ? 'AuthUser.' . $namespace : 'AuthUser.default'; |
| 115: | } |
| 116: | |
| 117: | /** |
| 118: | * Get the authenticated user object from Session |
| 119: | * @return mixed |
| 120: | */ |
| 121: | function auth_get() |
| 122: | { |
| 123: | return session_get(auth_namespace(), true); |
| 124: | } |
| 125: | |
| 126: | /** |
| 127: | * Set the authenticated user object to Session |
| 128: | * @param object $sess The authentication object |
| 129: | */ |
| 130: | function auth_set($sess) |
| 131: | { |
| 132: | _app('auth', $sess); |
| 133: | session_set(auth_namespace(), $sess, true); |
| 134: | } |
| 135: | |
| 136: | /** |
| 137: | * Clear the authenticated user object from session |
| 138: | */ |
| 139: | function auth_clear() |
| 140: | { |
| 141: | session_delete(auth_namespace()); |
| 142: | _app('auth', null); |
| 143: | } |
| 144: | |
| 145: | /** |
| 146: | * Check if a user is not authenticated |
| 147: | * @return bool TRUE if user is not authenticated, otherwise FALSE |
| 148: | */ |
| 149: | function auth_isAnonymous() |
| 150: | { |
| 151: | $auth = auth_prerequisite(); |
| 152: | $field = $auth['fields']['id']; |
| 153: | $session = auth_get(); |
| 154: | |
| 155: | return (is_object($session) && $session->$field > 0) ? false : true; |
| 156: | } |
| 157: | |
| 158: | /** |
| 159: | * Check if a user is authenticated |
| 160: | * @return boolean |
| 161: | */ |
| 162: | function auth_isLoggedIn() |
| 163: | { |
| 164: | return ! auth_isAnonymous(); |
| 165: | } |
| 166: | |
| 167: | if (!function_exists('auth_permissions')) { |
| 168: | /** |
| 169: | * Get the permissions of a particular role |
| 170: | * This function is overridable from the custom helpers/auth_helper.php |
| 171: | * @param string $role The user role name or id |
| 172: | * @return array|null Array of permissions of the role |
| 173: | */ |
| 174: | function auth_permissions($role) |
| 175: | { |
| 176: | $auth = _cfg('auth'); |
| 177: | $perms = isset($auth['permissions']) ? $auth['permissions'] : array(); |
| 178: | |
| 179: | return isset($perms[$role]) ? $perms[$role] : null; |
| 180: | } |
| 181: | } |
| 182: | |
| 183: | if (!function_exists('auth_role')) { |
| 184: | /** |
| 185: | * Check if the authenticated user has the specific user role |
| 186: | * This function is overridable from the custom helpers/auth_helper.php |
| 187: | * @param string $role The user role name or id |
| 188: | * @return boolean |
| 189: | */ |
| 190: | function auth_role($role) |
| 191: | { |
| 192: | if (auth_isAnonymous()) { |
| 193: | return false; |
| 194: | } |
| 195: | |
| 196: | $auth = auth_prerequisite(); |
| 197: | $field = $auth['fields']['role']; |
| 198: | $session = auth_get(); |
| 199: | |
| 200: | return $session->$field == $role; |
| 201: | } |
| 202: | } |
| 203: | |
| 204: | if (!function_exists('auth_roles')) { |
| 205: | /** |
| 206: | * Check if the authenticated user has the specific user role(s) |
| 207: | * This function is overridable from the custom helpers/auth_helper.php |
| 208: | * @param array|string $roles or [$role, ...] Array of role name or The list of user role names |
| 209: | * @return boolean |
| 210: | */ |
| 211: | function auth_roles($roles) |
| 212: | { |
| 213: | if (auth_isAnonymous()) { |
| 214: | return false; |
| 215: | } |
| 216: | |
| 217: | $auth = auth_prerequisite(); |
| 218: | $field = $auth['fields']['role']; |
| 219: | $session = auth_get(); |
| 220: | $roles = is_array($roles) ? $roles : func_get_args(); |
| 221: | |
| 222: | return in_array($session->$field, $roles); |
| 223: | } |
| 224: | } |
| 225: | |
| 226: | if (!function_exists('auth_can')) { |
| 227: | /** |
| 228: | * Check if the authenticated user has a particular permission |
| 229: | * This function is overridable from the custom helpers/auth_helper.php |
| 230: | * @param string $perm The permission name |
| 231: | * @return boolean TRUE if the authenticated user has a particular permission, otherwise FALSE |
| 232: | */ |
| 233: | function auth_can($perm) |
| 234: | { |
| 235: | if (auth_isAnonymous()) { |
| 236: | return false; |
| 237: | } |
| 238: | |
| 239: | $sess = auth_get(); |
| 240: | |
| 241: | if (!is_array($sess->permissions)) { |
| 242: | return false; |
| 243: | } |
| 244: | |
| 245: | if (count($sess->permissions) == 0 || in_array($perm, $sess->permissions)) { |
| 246: | return true; |
| 247: | } |
| 248: | |
| 249: | return false; |
| 250: | } |
| 251: | } |
| 252: |