Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## app/controllers/components/auth.php
- <?php
- class AuthComponent extends Object
- {
- /* Component config variables */
- var $user_model = "User";
- var $group_model = "Group";
- var $user_fields = array('id' => 'id', 'username' => 'username', 'password' => 'password');
- var $group_fields = array('id' => 'id', 'name' => 'name');
- var $components = array('Session');
- var $login_page = '/users/login'; // login action
- var $logout_page = '/'; // Page to redirect to when user logs out
- var $deny_page = '/users/denied'; // Page to redirect if you deny access but don't want take user to login page
- var $sesskey = "User";
- /* Don't modify these variables */
- var $last_page = null;
- var $user = null;
- var $controller;
- function startup(&$controller)
- {
- $this->controller = $controller;
- if ($this->Session->valid() && $this->Session->check($this->sesskey))
- {
- $this->user = $this->Session->read($this->sesskey);
- }
- $this->controller->set('Auth', $this->user);
- }
- // Method to check if user is logged.
- function login($data)
- {
- $username = $data[$this->user_fields['username']];
- $password = $data[$this->user_fields['password']];
- $conditions = array(
- $this->user_model.".".$this->user_fields['username'] => $username,
- $this->user_model.".".$this->user_fields['password'] => md5($password),
- $this->user_model.".active" => 1
- );
- $user = $this->controller->{$this->user_model}->find($conditions);
- if (empty($user)) {
- return false;
- } else {
- $sessdata["{$this->user_model}"]['id'] = $user["{$this->user_model}"]["{$this->user_fields['id']}"];
- $sessdata["{$this->user_model}"]['username'] = $user["{$this->user_model}"]["{$this->user_fields['username']}"];
- $sessdata["{$this->user_model}"]['password'] = $user["{$this->user_model}"]["{$this->user_fields['password']}"];
- $sessdata["{$this->user_model}"]['groups'] = array();
- if (!empty($user["{$this->group_model}"]))
- {
- foreach($user["{$this->group_model}"] as $group)
- {
- array_push($sessdata["{$this->user_model}"]['groups'], $group['name']);
- }
- }
- $sessdata["{$this->user_model}"]['login_hash'] = md5($this->sesskey . $sessdata["{$this->user_model}"]['username'] . $sessdata["{$this->user_model}"]['password']);
- $this->Session->write($this->sesskey, $sessdata);
- return true;
- }
- }
- // Logout user and destroy cookie
- function logout($redirect=null)
- {
- $this->user = null;
- $this->Session->delete($this->sesskey);
- $page = (!empty($redirect)) ? $redirect : $this->logout_page;
- $this->controller->redirect($page);
- }
- // Check is user is part of usergroup specified
- function permit($groups=null, $redirect=null)
- {
- $hasAccess = false;
- // User page tracker
- if ($this->controller->action != "login")
- {
- $this->last_page = $this->controller->here;
- }
- $sessdata = $this->Session->read($this->sesskey);
- # logged in...
- if (!empty($this->user))
- {
- # you got some groups...
- if (!empty($groups))
- {
- foreach ($groups as $group)
- {
- # and any group name matches the provided name...
- if (array_search($group, $sessdata["{$this->user_model}"]['groups']) === false)
- {
- }
- else
- {
- $hasAccess = true;
- }
- }
- }
- else
- {
- $hasAccess = false;
- }
- }
- if(!$hasAccess)
- {
- $page = (!empty($redirect)) ? $redirect : $this->login_page;
- $this->controller->redirect($page);
- }
- }
- function deny($redirect=null)
- {
- $page = (!empty($redirect)) ? $redirect : $this->deny_page;
- $this->controller->redirect($page);
- }
- }
- ?>
- ## app/views/helpers/auth.php
- <?php
- class AuthHelper extends Helper
- {
- var $helpers = array('Html','Session');
- # Returns true/false if the current user is logged in.
- function loggedIn()
- {
- return $this->Session->read('User') ? true : false;
- }
- # Returns true/false if current user is member of specific group.
- function hasRole($role = '')
- {
- if($user = $this->Session->read('User'))
- {
- return in_array($role, $user['User']['groups']) ? true : false;
- }
- return false;
- }
- }
- ?>
- ## app/views/users/login.ctp
- <h1>Member Login</h1>
- <?php echo $form->create('User', array('action' => 'login')) ?>
- <fieldset>
- <legend>User Login</legend>
- <?php echo $form->input('User.username', array('label' => 'Username: ', 'style' => 'width: 150px'))?><br />
- <label for="password">Password: </label>
- <?php echo $form->password('User.password', array('style' => 'width: 150px'))?><br />
- <label for="submit"> </label><br />
- <?php echo $form->submit('Sign In')?>
- </fieldset>
- </form>
- ## app/controllers/users_controller.php
- <?php
- class UsersController extends AppController {
- var $uses = array('User','Group');
- function login()
- {
- if(isset($this->data['User']))
- {
- if($this->Auth->login($this->data['User']))
- {
- $this->redirect('/');
- }
- $this->flash("Invalid login", 'login');
- }
- }
- function logout()
- {
- $this->Auth->logout();
- $this->flash("You have been logged out.", '/');
- }
- }
- ?>
- ## app/models/user.rb
- <?php
- class User extends AppModel
- {
- var $hasAndBelongsToMany = array(
- 'Group' => array(
- 'className' => 'Group',
- 'joinTable' => 'groups_users',
- 'foreignKey' => 'user_id',
- 'order' => 'Group.name DESC'
- )
- );
- }
- ?>
- ## app/models/group.rb
- <?php
- class Group extends AppModel
- {
- var $hasAndBelongsToMany = array(
- 'User' => array(
- 'className' => 'User',
- 'joinTable' => 'groups_users',
- 'foreignKey' => 'user_id',
- 'uniq' => true,
- 'order' => 'User.username DESC'
- )
- );
- }
- ?>
- ## migrations (SQL)
- CREATE TABLE users (
- id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
- username varchar(50) NOT NULL default '',
- password varchar(32) NOT NULL default '',
- fname varchar(50) NOT NULL,
- lname varchar(50) NOT NULL,
- phone varchar(32) default '',
- email varchar(100) NOT NULL default '',
- active tinyint(1) unsigned NOT NULL default '0',
- created datetime NOT NULL default '0000-00-00 00:00:00',
- modified datetime NOT NULL default '0000-00-00 00:00:00'
- ) ENGINE=InnoDB;
- CREATE TABLE groups (
- id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
- name varchar(50) NOT NULL default '',
- created datetime NOT NULL default '0000-00-00 00:00:00',
- modified datetime NOT NULL default '0000-00-00 00:00:00'
- ) ENGINE=InnoDB;
- CREATE TABLE groups_users (
- user_id INT UNSIGNED NOT NULL,
- group_id INT UNSIGNED NOT NULL,
- created datetime NOT NULL default '0000-00-00 00:00:00',
- modified datetime NOT NULL default '0000-00-00 00:00:00'
- ) ENGINE=InnoDB;
- # passwords are 'test'
- INSERT INTO `users` (`id`, `username`, `password` , `fname`, `lname`, `email`, `active`, `created`, `modified`) VALUES (1, 'admin', '098f6bcd4621d373cade4e832627b4f6', 'System', 'Administrator', 'admin@pitsparanormal.com', 1, '0000-00-00 00:00:00', '0000-00-00 00:00:00');
- INSERT INTO `users` (`id`, `username`, `password` , `fname`, `lname`, `email`, `active`, `created`, `modified`) VALUES (2, 'member', '098f6bcd4621d373cade4e832627b4f6', 'PITS', 'Member', 'member@pitsparanormal.com', 1, '0000-00-00 00:00:00', '0000-00-00 00:00:00');
- INSERT INTO `groups` (`id`, `name`, `created`, `modified`) VALUES (1, 'Member', '0000-00-00 00:00:00', '0000-00-00 00:00:00');
- INSERT INTO `groups` (`id`, `name`, `created`, `modified`) VALUES (2, 'Admin', '0000-00-00 00:00:00', '0000-00-00 00:00:00');
- INSERT INTO `groups_users` (`user_id`, `group_id`) VALUES (1,2);
- INSERT INTO `groups_users` (`user_id`, `group_id`) VALUES (2,1);
Add Comment
Please, Sign In to add comment