Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class Application_Plugin_Auth_AccessControl extends Zend_Controller_Plugin_Abstract
- {
- /**
- * Zend_Auth-Object
- * @var Zend_Auth
- */
- protected $_Auth;
- /**
- * The Acl-Object
- * @var Application_Plugin_Auth_Acl
- */
- protected $_Acl;
- /**
- * Failure-Message
- * @todo Delegate the Message to View
- * @var string
- */
- protected $_FailureMessage = null;
- public function __construct( Zend_Auth $Auth ){
- $this->_Auth = $Auth;
- }
- /**
- * Login-Check
- */
- public function routeShutdown(Zend_Controller_Request_Abstract $request)
- {
- $Username = $request->getPost('username');
- $Password = $request->getPost('password');
- $Security = $request->getPost('security');
- $SecurityAuthPlugin = Application_Plugin_Auth_Security::getInstance();
- if ( null !== $Username && null !== $Password && null !== $Security ){
- // POST-Daten bereinigen
- $filter = new Zend_Filter_StripTags();
- $Username = $filter->filter($Username);
- $Password = $filter->filter($Password);
- $SecurityHash = $SecurityAuthPlugin->getSecurityHash();
- $SecurityAuthPlugin->generateSecurityHash();
- if ( empty($Username) ){
- $message = 'LOGIN_EMPTY_USERNAME';
- }else if ( empty($Password) ){
- $message = 'LOGIN_EMPTY_PASSWORD';
- }else if( empty($Security) ){
- $message = 'LOGIN_EMPTY_SECURITY_HASH';
- }else if( $SecurityHash != $Security ){
- $message = 'LOGIN_WRONG_SECURITY_HASH';
- } else {
- if( !$this->authUser( $Username, $Password ) ){
- $this->authUser( 'anonymous', 'guest' );
- }
- }
- }else if( !$this->_Auth->hasIdentity() ){
- $this->authUser( 'anonymous', 'guest' );
- $SecurityAuthPlugin->generateSecurityHash();
- }
- // For the Login-Form
- Zend_Layout::getMvcInstance()->getView()->security_hash = $SecurityAuthPlugin->getSecurityHash();
- }
- /**
- * Check allowed
- */
- public function preDispatch(Zend_Controller_Request_Abstract $request)
- {
- // No identity? No Page!
- if( !$this->_Auth->hasIdentity() ){
- // No Identity
- $request->setModuleName('default');
- $request->setControllerName('error');
- $request->setActionName('missing-identity');
- }
- // Get Identity and Role
- $Identity = $this->_Auth->getIdentity();
- $role = $Identity->getRole();
- // Create reqeusted Resource
- $module = $request->getModuleName();
- $controller = $request->getControllerName();
- $action = $request->getActionName();
- $resource = array(
- 'module' => $module,
- 'controller' => $controller,
- 'action' => $action
- );
- // Privilege from Http-Method
- $privilege = $request->getMethod();
- try {
- $this->_Acl = new Application_Plugin_Auth_Acl(
- $resource,
- $role
- );
- }catch( Zend_Acl_Exception $zae ){
- /**
- * @todo Print the Error to the Page
- */
- $request->setModuleName('default');
- $request->setControllerName('error');
- $request->setActionName('unregistered-ressource');
- return;
- }
- // If there's no Resource, redirect
- if ( !$this->_Acl->has( implode(".",$resource) ) ) {
- // Resource not registered!
- $request->setModuleName('default');
- $request->setControllerName('error');
- $request->setActionName('unregistered-ressource');
- }else if ( !$this->_Acl->isAllowed($role, implode(".",$resource), $privilege) ) {
- // No Rights!
- $request->setModuleName('default');
- $request->setControllerName('error');
- $request->setActionName('noaccess');
- }
- }
- /**
- * Set LoginError
- * @param $Msg
- * @return void
- */
- protected function setFailureMessage( $Msg ){ $this->_FailureMessage = $Msg; }
- /**
- * User Auth
- * @param $Username
- * @param $Password
- * @return boolean
- */
- public function authUser( $Username, $Password ){
- // Plugin-Adaper
- $authAdapter = new Application_Plugin_Auth_Adapter();
- $authAdapter->setIdentity( $Username );
- $authAdapter->setCredential( $Password );
- // Result
- $AuthResult = $this->_Auth->authenticate( &$authAdapter );
- if( !$AuthResult->isValid() ){
- // if setted, return
- if( !is_null($this->_FailureMessage) ) return false;
- // if no Message set, also no misstake, set Message
- $this->setFailureMessage( $this->getTranslateableMessage( $AuthResult ) );
- return false;
- }else{
- $Identity = $authAdapter->getResultRowObject(null, 'password');
- $UserModel = new Codejumper_Resource_User_Model( (array) $Identity );
- // Save UserModel as Identity
- $storage = $this->_Auth->getStorage();
- $storage->write( $UserModel );
- return true;
- }
- }
- /**
- * Translate-Able Messages
- * @param $AuthResult
- * @return string
- */
- public function getTranslateableMessage($AuthResult){
- switch( $AuthResult->getCode() )
- {
- case Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID:
- $message = 'LOGIN_FAILURE_INVALID_PASSWORD';
- break;
- case Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS:
- $message = 'LOGIN_FAILURE_INVALID_USERNAME';
- break;
- case Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND:
- $message = 'LOGIN_FAILURE_USERNAME_NOT_FOUND';
- break;
- case Zend_Auth_Result::FAILURE_UNCATEGORIZED:
- case Zend_Auth_Result::FAILURE:
- default:
- $message = 'LOGIN_FAILURE';
- }
- return $message;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement