/**
* When visiting any page on the site, check if the user is already logged in,
* or they are visiting a page that is allowed when logged out. Otherwise,
* redirect to the login page. If visiting the login page, check the browser
* supports cookies.
*/
public function check()
{
$uri = new URI();
// Skip check when accessing the data services, as it is redundant but would slow the services down.
// Also no need to login when running the scheduled tasks.
if ($uri->segment(1) == 'services' || $uri->segment(1) == 'scheduled_tasks') {
return;
}
// check for setup request
//
if ($uri->segment(1) == 'setup_check') {
// get kohana paths
//
$ipaths = Kohana::include_paths();
// check if indicia_setup module folder exists
//
clearstatcache();
foreach ($ipaths as $path) {
if (preg_match("/indicia_setup/", $path) && file_exists($path)) {
return;
}
}
}
// Always logged in
$auth = new Auth();
if (!$auth->logged_in() and !$auth->auto_login() and $uri->segment(1) != 'login' and $uri->segment(1) != 'logout' and $uri->segment(1) != 'new_password' and $uri->segment(1) != 'forgotten_password') {
$_SESSION['requested_page'] = $uri->string();
url::redirect('login');
} else {
if ($auth->logged_in() and is_null($_SESSION['auth_user']->password) and $uri->segment(1) != 'new_password' and $uri->segment(1) != 'logout' and $uri->segment(1) != 'setup_check') {
$_SESSION['requested_page'] = $uri->string();
url::redirect('new_password');
}
}
}
public function __construct()
{
parent::__construct();
$this->template->links = array('Home' => 'home', 'Browse' => 'folders', 'Search' => 'search', 'About' => 'about', 'Contact' => 'contact');
$this->db = Database::instance();
// makes database object available to all controllers
$this->session = Session::instance();
$authentic = new Auth();
if ($authentic->logged_in() || $authentic->auto_login()) {
$this->user = $authentic->get_user();
} else {
$this->session->set("requested_url", "/" . url::current());
// this will redirect from the login page back to this page
url::redirect('/auth/login');
}
// if ($authentic->auto_login()) {
// $this->user = $authentic->get_user();
// url::redirect('/document/view/1');
// }
// if (!$authentic->logged_in()) {
//
// $this->session->set("requested_url","/".url::current()); // this will redirect from the login page back to this page
// url::redirect('/auth/login');
// } else {
// $this->user = $authentic->get_user(); //now you have access to user information stored in the database
// }
}
/**
* Before a request is accepted, this method ensures that the POST data contains the
* correct digest token so we know the request was from the website.
*
* @param string $mode Whether the authentication token is required to have read or write access.
* Possible values are 'read' and 'write'. Defaults to 'write'.
*/
protected function authenticate($mode = 'write')
{
// Read calls are done using get values, so we merge the two arrays
$array = array_merge($_POST, $_GET);
$authentic = FALSE;
// default
if (array_key_exists('nonce', $array) && array_key_exists('auth_token', $array)) {
$nonce = $array['nonce'];
$this->cache = new Cache();
// get all cache entries that match this nonce
$paths = $this->cache->exists($nonce);
foreach ($paths as $path) {
// Find the parts of each file name, which is the cache entry ID, then the mode.
$tokens = explode('~', basename($path));
// check this cached nonce is for the correct read or write operation.
if ($mode == $tokens[1]) {
$id = $this->cache->get($tokens[0]);
if ($id > 0) {
// normal state, the ID is positive, which means we are authenticating a remote website
$website = ORM::factory('website', $id);
if ($website->id) {
$password = $website->password;
}
} else {
$password = kohana::config('indicia.private_key');
}
// calculate the auth token from the nonce and the password. Does it match the request's auth token?
if (isset($password) && sha1("{$nonce}:{$password}") == $array['auth_token']) {
Kohana::log('info', "Authentication successful.");
// cache website_password for subsequent use by controllers
$this->website_password = $password;
$authentic = true;
}
if ($authentic) {
if ($id > 0) {
$this->website_id = $id;
if (isset($_REQUEST['user_id']) && $_REQUEST['user_id']) {
$this->user_id = $_REQUEST['user_id'];
// if the request included a user ID, put it in the global var so all ORM saves can use it
global $remoteUserId;
$remoteUserId = $this->user_id;
}
} else {
$this->in_warehouse = true;
$this->website_id = 0;
// the Warehouse
$this->user_id = 0 - $id;
// user id was passed as a negative number to differentiate from a website id
// get a list of the websites this user can see
$user = ORM::Factory('user', $this->user_id);
$this->user_is_core_admin = $user->core_role_id === 1;
if (!$this->user_is_core_admin) {
$this->user_websites = array();
$userWebsites = ORM::Factory('users_website')->where(array('user_id' => $this->user_id, 'site_role_id is not' => null, 'banned' => 'f'))->find_all();
foreach ($userWebsites as $userWebsite) {
$this->user_websites[] = $userWebsite->website_id;
}
}
}
// reset the nonce if requested. Doing it here will mean only gets reset if not already timed out.
if (array_key_exists('reset_timeout', $array) && $array['reset_timeout'] == 'true') {
Kohana::log('info', "Nonce timeout reset.");
$this->cache->set($nonce, $id, $mode);
}
}
}
}
} else {
$auth = new Auth();
$authentic = $auth->logged_in() || $auth->auto_login();
$this->in_warehouse = $authentic;
$this->user_is_core_admin = $auth->logged_in('CoreAdmin');
}
if (!$authentic) {
Kohana::log('info', "Unable to authenticate.");
throw new AuthenticationError("unauthorised", 1);
}
}
