From 91ba37e5c91dbe91895de0d254289d18a75d03a7 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Wed, 19 Nov 2008 19:24:25 +0000 Subject: [PATCH] Missing classes for login added --- .gitattributes | 9 + application/blog/main/commands/.htaccess | 1 + application/blog/main/commands/web/.htaccess | 1 + .../web/class_WebBlogGuestLoginCommand.php | 112 ++++++++++++ .../web/class_WebBlogUserLoginCommand.php | 124 ++++++++++++++ application/blog/main/login/.htaccess | 1 + .../blog/main/login/class_BlogGuestLogin.php | 162 ++++++++++++++++++ .../blog/main/login/class_BlogUserLogin.php | 150 ++++++++++++++++ application/blog/main/login/helper/.htaccess | 1 + .../login/helper/class_BlogLoginHelper.php | 114 ++++++++++++ 10 files changed, 675 insertions(+) create mode 100644 application/blog/main/commands/.htaccess create mode 100644 application/blog/main/commands/web/.htaccess create mode 100644 application/blog/main/commands/web/class_WebBlogGuestLoginCommand.php create mode 100644 application/blog/main/commands/web/class_WebBlogUserLoginCommand.php create mode 100644 application/blog/main/login/.htaccess create mode 100644 application/blog/main/login/class_BlogGuestLogin.php create mode 100644 application/blog/main/login/class_BlogUserLogin.php create mode 100644 application/blog/main/login/helper/.htaccess create mode 100644 application/blog/main/login/helper/class_BlogLoginHelper.php diff --git a/.gitattributes b/.gitattributes index 72fea3a..b6ece6d 100644 --- a/.gitattributes +++ b/.gitattributes @@ -71,6 +71,15 @@ application/blog/main/actions/.htaccess -text application/blog/main/actions/web/.htaccess -text application/blog/main/actions/web/class_WebBlogLoginWelcomeAction.php -text application/blog/main/class_ -text +application/blog/main/commands/.htaccess -text +application/blog/main/commands/web/.htaccess -text +application/blog/main/commands/web/class_WebBlogGuestLoginCommand.php -text +application/blog/main/commands/web/class_WebBlogUserLoginCommand.php -text +application/blog/main/login/.htaccess -text +application/blog/main/login/class_BlogGuestLogin.php -text +application/blog/main/login/class_BlogUserLogin.php -text +application/blog/main/login/helper/.htaccess -text +application/blog/main/login/helper/class_BlogLoginHelper.php -text application/blog/starter.php -text application/blog/templates/.htaccess -text application/blog/templates/de/.htaccess -text diff --git a/application/blog/main/commands/.htaccess b/application/blog/main/commands/.htaccess new file mode 100644 index 0000000..3a42882 --- /dev/null +++ b/application/blog/main/commands/.htaccess @@ -0,0 +1 @@ +Deny from all diff --git a/application/blog/main/commands/web/.htaccess b/application/blog/main/commands/web/.htaccess new file mode 100644 index 0000000..3a42882 --- /dev/null +++ b/application/blog/main/commands/web/.htaccess @@ -0,0 +1 @@ +Deny from all diff --git a/application/blog/main/commands/web/class_WebBlogGuestLoginCommand.php b/application/blog/main/commands/web/class_WebBlogGuestLoginCommand.php new file mode 100644 index 0000000..cb6d02c --- /dev/null +++ b/application/blog/main/commands/web/class_WebBlogGuestLoginCommand.php @@ -0,0 +1,112 @@ + + * @version 0.0.0 + * @copyright Copyright (c) 2007, 2008 Roland Haeder, this is free software + * @license GNU GPL 3.0 or any newer version + * @link http://www.ship-simu.org + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +class WebBlogGuestLoginCommand extends BaseCommand implements Commandable { + /** + * Protected constructor + * + * @return void + */ + protected function __construct () { + // Call parent constructor + parent::__construct(__CLASS__); + + // Clean up a little + $this->removeNumberFormaters(); + $this->removeSystemArray(); + } + + /** + * Creates an instance of this command and sets the resolver instance + * + * @param $resolverInstance An instance of a command resolver + * @return $commandInstance The created command instance + */ + public final static function createWebBlogGuestLoginCommand (CommandResolver $resolverInstance) { + // Get a new instance + $commandInstance = new WebBlogGuestLoginCommand(); + + // Set the resolver instance + $commandInstance->setResolverInstance($resolverInstance); + + // Return the prepared instance + return $commandInstance; + } + + /** + * Executes the command with given request and response objects + * + * @param $requestInstance An instance of a class with an Requestable interface + * @param $responseInstance An instance of a class with an Responseable interface + * @return void + */ + public function execute (Requestable $requestInstance, Responseable $responseInstance) { + // First get a GuestLogin instance + $loginInstance = ObjectFactory::createObjectByConfiguredName('guest_login_class'); + + // First set request and response instance + $loginInstance->setRequestInstance($requestInstance); + + // Encrypt the password + $loginInstance->encryptPassword('passwd'); + + // Do the login here + $loginInstance->doLogin($requestInstance, $responseInstance); + + // Was the login fine? Then redirect here + if ($loginInstance->ifLoginWasSuccessfull()) { + // Try to redirect here + try { + $responseInstance->redirectToConfiguredUrl('app_login_url'); + } catch (FrameworkException $e) { + // Something went wrong here! + $responseInstance->addFatalMessage($e->getMessage()); + } + } else { + // Attach error message to the response + $responseInstance->addFatalMessage('failed_user_login'); + } + } + + /** + * Adds extra filters to the given controller instance + * + * @param $controllerInstance A controller instance + * @param $requestInstance An instance of a class with an Requestable interface + * @return void + * @todo Add more filters + */ + public function addExtraFilters (Controller $controllerInstance, Requestable $requestInstance) { + // Add username verifier filter + $controllerInstance->addPreFilter(ObjectFactory::createObjectByConfiguredName('user_guest_verifier_filter')); + + // Add password verifier filter + $controllerInstance->addPreFilter(ObjectFactory::createObjectByConfiguredName('passwd_guest_verifier_filter')); + + // Add CAPTCHA verifier code + $controllerInstance->addPreFilter(ObjectFactory::createObjectByConfiguredName('captcha_guest_verifier_filter')); + } +} + +// [EOF] +?> diff --git a/application/blog/main/commands/web/class_WebBlogUserLoginCommand.php b/application/blog/main/commands/web/class_WebBlogUserLoginCommand.php new file mode 100644 index 0000000..d9ccdaf --- /dev/null +++ b/application/blog/main/commands/web/class_WebBlogUserLoginCommand.php @@ -0,0 +1,124 @@ + + * @version 0.0.0 + * @copyright Copyright (c) 2007, 2008 Roland Haeder, this is free software + * @license GNU GPL 3.0 or any newer version + * @link http://www.ship-simu.org + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +class WebBlogUserLoginCommand extends BaseCommand implements Commandable { + /** + * Protected constructor + * + * @return void + */ + protected function __construct () { + // Call parent constructor + parent::__construct(__CLASS__); + + // Clean up a little + $this->removeNumberFormaters(); + $this->removeSystemArray(); + } + + /** + * Creates an instance of this command and sets the resolver instance + * + * @param $resolverInstance An instance of a command resolver + * @return $commandInstance The created command instance + */ + public final static function createWebBlogUserLoginCommand (CommandResolver $resolverInstance) { + // Get a new instance + $commandInstance = new WebBlogUserLoginCommand(); + + // Set the resolver instance + $commandInstance->setResolverInstance($resolverInstance); + + // Return the prepared instance + return $commandInstance; + } + + /** + * Executes the command with given request and response objects + * + * @param $requestInstance An instance of a class with an Requestable interface + * @param $responseInstance An instance of a class with an Responseable interface + * @return void + */ + public function execute (Requestable $requestInstance, Responseable $responseInstance) { + // First get a UserLogin instance + $loginInstance = ObjectFactory::createObjectByConfiguredName('user_login_class'); + + // First set request and response instance + $loginInstance->setRequestInstance($requestInstance); + + // Encrypt the password + $loginInstance->encryptPassword('pass'); + + // Do the login here + $loginInstance->doLogin($requestInstance, $responseInstance); + + // Was the login fine? Then redirect here + if ($loginInstance->ifLoginWasSuccessfull()) { + // Try to redirect here + try { + $responseInstance->redirectToConfiguredUrl('app_login_url'); + } catch (FrameworkException $e) { + // Something went wrong here! + $responseInstance->addFatalMessage($e->getMessage()); + } + } else { + // Attach error message to the response + $responseInstance->addFatalMessage('failed_user_login'); + } + } + + /** + * Adds extra filters to the given controller instance + * + * @param $controllerInstance A controller instance + * @param $requestInstance An instance of a class with an Requestable interface + * @return void + * @todo Add more filters + */ + public function addExtraFilters (Controller $controllerInstance, Requestable $requestInstance) { + // Which login type do we have? + switch ($this->getConfigInstance()->readConfig('login_type')) { + case "username": // Login via username + $controllerInstance->addPreFilter(ObjectFactory::createObjectByConfiguredName('username_verifier_filter')); + break; + + case "email": // Login via email + $controllerInstance->addPreFilter(ObjectFactory::createObjectByConfiguredName('email_verifier_filter')); + break; + + default: // Wether username or email is set + $controllerInstance->addPreFilter(ObjectFactory::createObjectByConfiguredName('username_email_verifier_filter')); + break; + } + + // Password verifier filter + $controllerInstance->addPreFilter(ObjectFactory::createObjectByConfiguredName('password_verifier_filter')); + + // Add filter for CAPTCHA + $controllerInstance->addPreFilter(ObjectFactory::createObjectByConfiguredName('captcha_user_verifier_filter')); + } +} + +// [EOF] +?> diff --git a/application/blog/main/login/.htaccess b/application/blog/main/login/.htaccess new file mode 100644 index 0000000..3a42882 --- /dev/null +++ b/application/blog/main/login/.htaccess @@ -0,0 +1 @@ +Deny from all diff --git a/application/blog/main/login/class_BlogGuestLogin.php b/application/blog/main/login/class_BlogGuestLogin.php new file mode 100644 index 0000000..ea6e784 --- /dev/null +++ b/application/blog/main/login/class_BlogGuestLogin.php @@ -0,0 +1,162 @@ + + * @version 0.0.0 + * @copyright Copyright (c) 2007, 2008 Roland Haeder, this is free software + * @license GNU GPL 3.0 or any newer version + * @link http://www.ship-simu.org + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +class BlogGuestLogin extends BaseFrameworkSystem implements LoginableUser { + /** + * The hashed password + */ + private $hashedPassword = ""; + + /** + * Protected constructor + * + * @return void + */ + protected function __construct () { + // Call parent constructor + parent::__construct(__CLASS__); + + // Clean up a little + $this->removeNumberFormaters(); + $this->removeSystemArray(); + } + + /** + * Creates an instance of this login class + * + * @return $loginInstance An instance of this login class + */ + public final static function createBlogGuestLogin () { + // Get a new instance + $loginInstance = new BlogGuestLogin(); + + // Return the instance + return $loginInstance; + } + + /** + * Logins the user with the given request containing the credential. The + * result of the login can be thrown by exception or, if prefered stored + * in a boolean attribute which is then readable by a matching getter. + * + * @param $requestInstance An instance of a Requestable class + * @param $responseInstance An instance of a Responseable class + * @return void + * @throws UserAuthMethodException If wether username nor email login + * was detected + * @throws MissingMethodException If a method was not found in the + * User class + * @throws UserPasswordMismatchException If the supplied password did not + * match with the stored password + */ + public function doLogin (Requestable $requestInstance, Responseable $responseInstance) { + // By default no method is selected + $method = null; + $data = ""; + + // Detect login method (username or email) and try to get a userinstance + if (!is_null($requestInstance->getRequestElement('user'))) { + // Username found! + $method = 'createGuestByUsername'; + $data = $requestInstance->getRequestElement('user'); + } // END - if + + // Is a method detected? + if (is_null($method)) { + // Then abort here + throw new UserAuthMethodException($this, self::EXCEPTION_MISSING_METHOD); + } elseif (!method_exists($this->getConfigInstance()->readConfig('guest_class'), $method)) { + // The method is invalid! + throw new MissingMethodException(array($this, $method), self::EXCEPTION_MISSING_METHOD); + } + + // Get a instance of the registry + $userInstance = Registry::getRegistry()->getInstance('user'); + + // Is there an instance? + if (is_null($userInstance)) { + // Get a user instance + $userInstance = call_user_func_array(array($this->getConfigInstance()->readConfig('guest_class'), $method), array($data)); + + // Remember this new instance in registry + Registry::getRegistry()->addInstance($userInstance); + } // END - if + + // Is the password correct? + if ($userInstance->ifPasswordHashMatches($requestInstance) === false) { + // Mismatching password + throw new UserPasswordMismatchException(array($this, $userInstance), BaseUser::EXCEPTION_USER_PASS_MISMATCH); + } // END - if + + // Now do the real login. This can be cookie- or session-based login + // which depends on the admins setting then on the user's taste. + // 1) Get a login helper instance + $helperInstance = ObjectFactory::createObjectByConfiguredName('login_helper_class', array($requestInstance)); + + // 2) Execute the login. This will now login... + $helperInstance->executeLogin($responseInstance); + } + + /** + * Determines wether the login was fine. This is done by checking if 'login' instance is in registry + * + * @return $loginDone Wether the login was fine or not + */ + public function ifLoginWasSuccessfull () { + // Is the registry key there? + $loginDone = (Registry::getRegistry()->getInstance('login') instanceof Registerable); + + // Return the result + return $loginDone; + } + + /** + * Encrypt given request key or throw an exception if key was not found in + * request + * + * @param $requestKey Key in request class + * @return void + */ + public function encryptPassword ($requestKey) { + // Check if password is found in request + if ($this->getRequestInstance()->isRequestElementSet($requestKey)) { + // So encrypt the password and store it for later usage in + // the request: + + // Get the plain password + $plainPassword = $this->getRequestInstance()->getRequestElement($requestKey); + + // Get user instance + $userInstance = Registry::getRegistry()->getInstance('user'); + + // Get a crypto helper and hash the password + $this->hashedPassword = ObjectFactory::createObjectByConfiguredName('crypto_class')->hashString($plainPassword, $userInstance->getPasswordHash()); + + // Store the hash back in request + $this->getRequestInstance()->setRequestElement('pass_hash', $this->hashedPassword); + } // END - if + } +} + +// [EOF] +?> diff --git a/application/blog/main/login/class_BlogUserLogin.php b/application/blog/main/login/class_BlogUserLogin.php new file mode 100644 index 0000000..1c28494 --- /dev/null +++ b/application/blog/main/login/class_BlogUserLogin.php @@ -0,0 +1,150 @@ + + * @version 0.0.0 + * @copyright Copyright (c) 2007, 2008 Roland Haeder, this is free software + * @license GNU GPL 3.0 or any newer version + * @link http://www.ship-simu.org + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +class BlogUserLogin extends BaseFrameworkSystem implements LoginableUser { + /** + * The hashed password + */ + private $hashedPassword = ""; + + /** + * Protected constructor + * + * @return void + */ + protected function __construct () { + // Call parent constructor + parent::__construct(__CLASS__); + + // Clean up a little + $this->removeNumberFormaters(); + $this->removeSystemArray(); + } + + /** + * Creates an instance of this login class + * + * @return $loginInstance An instance of this login class + */ + public final static function createBlogUserLogin () { + // Get a new instance + $loginInstance = new BlogUserLogin(); + + // Return the instance + return $loginInstance; + } + + /** + * Logins the user with the given request containing the credential. The + * result of the login can be thrown by exception or, if prefered stored + * in a boolean attribute which is then readable by a matching getter. + * + * @param $requestInstance An instance of a Requestable class + * @param $responseInstance An instance of a Responseable class + * @return void + * @throws UserPasswordMismatchException If the supplied password did not + * match with the stored password + * @todo We need to add something here which will make more than one + * @todo guest logins, users who are online but based on the same + * @todo user account. + */ + public function doLogin (Requestable $requestInstance, Responseable $responseInstance) { + // By default no method is selected + $method = null; + $data = ""; + + // Get a instance of the registry + $userInstance = Registry::getRegistry()->getInstance('user'); + + // Is there an instance? + if (is_null($userInstance)) { + // Get member class + $userClass = $this->getConfigInstance()->readConfig('user_class'); + + // Get a user instance + $userInstance = call_user_func_array(array($userClass, 'createMemberByRequest'), array($requestInstance)); + + // Remember this new instance in registry + Registry::getRegistry()->addInstance($userInstance); + } // END - if + + // Is the password correct? + if ($userInstance->ifPasswordHashMatches($requestInstance) === false) { + // Mismatching password + throw new UserPasswordMismatchException(array($this, $userInstance), BaseUser::EXCEPTION_USER_PASS_MISMATCH); + } // END - if + + // ToDo place + + // Now do the real login. This can be cookie- or session-based login + // which depends on the admins setting then on the user's taste. + // 1) Get a login helper instance + $helperInstance = ObjectFactory::createObjectByConfiguredName('login_helper_class', array($requestInstance)); + + // 2) Execute the login. This will now login... + $helperInstance->executeLogin($responseInstance); + } + + /** + * Determines wether the login was fine. This is done by checking if 'login' instance is in registry + * + * @return $loginDone Wether the login was fine or not + */ + public function ifLoginWasSuccessfull () { + // Is the registry key there? + $loginDone = (Registry::getRegistry()->getInstance('login') instanceof Registerable); + + // Return the result + return $loginDone; + } + + /** + * Encrypt given request key or throw an exception if key was not found in + * request + * + * @param $requestKey Key in request class + * @return void + */ + public function encryptPassword ($requestKey) { + // Check if password is found in request + if ($this->getRequestInstance()->isRequestElementSet($requestKey)) { + // So encrypt the password and store it for later usage in + // the request: + + // Get the plain password + $plainPassword = $this->getRequestInstance()->getRequestElement($requestKey); + + // Get user instance + $userInstance = Registry::getRegistry()->getInstance('user'); + + // Get a crypto helper and hash the password + $this->hashedPassword = ObjectFactory::createObjectByConfiguredName('crypto_class')->hashString($plainPassword, $userInstance->getPasswordHash()); + + // Store the hash back in request + $this->getRequestInstance()->setRequestElement('pass_hash', $this->hashedPassword); + } // END - if + } +} + +// [EOF] +?> diff --git a/application/blog/main/login/helper/.htaccess b/application/blog/main/login/helper/.htaccess new file mode 100644 index 0000000..3a42882 --- /dev/null +++ b/application/blog/main/login/helper/.htaccess @@ -0,0 +1 @@ +Deny from all diff --git a/application/blog/main/login/helper/class_BlogLoginHelper.php b/application/blog/main/login/helper/class_BlogLoginHelper.php new file mode 100644 index 0000000..8cb22bf --- /dev/null +++ b/application/blog/main/login/helper/class_BlogLoginHelper.php @@ -0,0 +1,114 @@ + + * @version 0.0.0 + * @copyright Copyright (c) 2007, 2008 Roland Haeder, this is free software + * @license GNU GPL 3.0 or any newer version + * @link http://www.ship-simu.org + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +class BlogLoginHelper extends BaseLoginHelper implements HelpableLogin { + /** + * The login method we shall choose + */ + private $authMethod = ""; + + // Exception constants + const EXCEPTION_INVALID_USER_INSTANCE = 0x190; + + /** + * Protected constructor + * + * @return void + */ + protected function __construct () { + // Call parent constructor + parent::__construct(__CLASS__); + } + + /** + * Creates an instance of this class by given request instance + * + * @param $requestInstance An instance of a Requestable class + * @return $helperInstance An instance of this helper class + * @throws UserInstanceMissingException If the user instance in registry + * is missing or invalid + */ + public final static function createBlogLoginHelper (Requestable $requestInstance) { + // Get a new instance first + $helperInstance = new BlogLoginHelper(); + + // Get a user instance from registry + $userInstance = Registry::getRegistry()->getInstance('user'); + + // Is this instance valid? + if (!$userInstance instanceof ManageableAccount) { + // Thrown an exception here + throw new UserInstanceMissingException (array($helperInstance, 'user'), self::EXCEPTION_INVALID_USER_INSTANCE); + } // END - if + + // Set default login method from config + $helperInstance->setDefaultAuthMethod(); + + // Set request instance + $helperInstance->setRequestInstance($requestInstance); + + // Return the prepared instance + return $helperInstance; + } + + /** + * Setter for default login method from config + * + * @return void + */ + protected function setDefaultAuthMethod () { + $this->authMethod = $this->getConfigInstance()->readConfig('auth_method_class'); + } + + /** + * Execute the login request by given response instance. This instance can + * be used for sending cookies or at least the session id out. + * + * @param $responseInstance An instance of a Responseable class + * @return void + */ + public function executeLogin (Responseable $responseInstance) { + // Get an instance from the login method + $loginInstance = ObjectFactory::createObjectByName($this->authMethod, array($responseInstance)); + + // Set user cookie + $loginInstance->setUserAuth($this->getRequestInstance()->getRequestElement('username')); + + // Set password cookie + $loginInstance->setPasswordAuth($this->getRequestInstance()->getRequestElement('pass_hash')); + + // Remember this login instance for later usage + Registry::getRegistry()->addInstance('login', $loginInstance); + } +} + +// +?> -- 2.39.5