/** * Attempts to authorize user, if required by model call, and returns confirmation. * @return boolean TRUE if authorization requirements met, FALSE otherwise. */ public function authorize() { $answer = FALSE; // Determine if authentication already obtained $authenticated_user = $this->user->whoIs(); // Determine if credentials for authenticating have been provided if ($this->requires_authentication && strlen($authenticated_user) == 0) { if ($this->rest->hasKey('user_name') && ($this->rest->hasKey('password') || $this->rest->hasKey('password1'))) { $uname = $this->rest->getValue('user_name'); $pword = $this->rest->hasKey('password') ? $this->rest->getValue('password') : $this->rest->getValue('password1'); // Test credentials $auth_rest = new Rest(['user_name' => $uname]); $authentication = new Authenticate($auth_rest, $user, $view_class, $this->rest->getId(), $this->destination); $db_reply = json_decode($authentication->permeate(), TRUE); if (hash_equals($db_reply[0]->getValue('password_hash'), crypt($pword, $db_reply[0]->getValue('password_salt')))) { $this->rest->setValue('authentication_status', TRUE); $answer = TRUE; // $answer = $this->passToController( // $this->rest, // $this->user, // $this->view_class, // $this->id, // $this->destination, // $this->osmosis_chain // ); } else { $this->rest->setValue('authentication_status', "false"); // $this->rest->setValue('x', $this->id); // $payload = new \Segment\utilities\Record($this->rest->getId()); // $rest = $this->rest->toAssocArray(); // foreach($rest as $column => $values){ // $payload->addend($column, $values); // } // $payload->addend('user', [ // $this->user // ]); // $payload->addend('view_class', [ // $this->view_class // ]); // $payload-> sleep(0.75); // For attacks so failure has similar time to success } } } else { $this->rest->setValue('authentication_status', TRUE); $answer = isset($this->requires_authentication) ? !$this->requires_authentication : FALSE; // $answer = $this->passToController( // $this->rest, // $this->user, // $this->view_class, // $this->id, // $this->destination, // $this->osmosis_chain // ); } }