public function __beforeAction() { // User authentication $user_model = new User_Model(); User_Model::$auth_status = User_Model::AUTH_STATUS_NOT_LOGGED; // Authentication by post if (isset($_POST['username']) && isset($_POST['password'])) { $username = $_POST['username']; $password = $_POST['password']; try { if (!preg_match('#^[a-z0-9-]+$#', $username)) { throw new Exception('Invalid username'); } if ($user_model->authenticate($username, $password)) { User_Model::$auth_status = User_Model::AUTH_STATUS_LOGGED; // Write session and cookie to remember sign-in Cookie::write('login', Encryption::encode($username . ':' . $password), 60 * 24 * 3600); Session::write('username', $username); } else { throw new Exception('Bad username or password'); } } catch (Exception $e) { User_Model::$auth_status = User_Model::AUTH_STATUS_BAD_USERNAME_OR_PASSWORD; Cookie::delete('login'); Session::delete('username'); } } else { // Authentication by session if (($username = Session::read('username')) !== null) { try { $user_model->loadUser($username); User_Model::$auth_status = User_Model::AUTH_STATUS_LOGGED; } catch (Exception $e) { Session::delete('username'); Cookie::delete('login'); } // Authentication by cookies } else { if (($login = Cookie::read('login')) !== null) { try { if (isset($login) && ($login = Encryption::decode($login))) { $login = explode(':', $login); $username = $login[0]; if (!preg_match('#^[a-z0-9-]+$#', $username)) { throw new Exception('Invalid username'); } array_splice($login, 0, 1); $password = implode(':', $login); if ($user_model->authenticate($username, $password)) { User_Model::$auth_status = User_Model::AUTH_STATUS_LOGGED; // Write session to remember sign-in Session::write('username', $username); } else { throw new Exception('Bad username or password'); } } else { throw new Exception('Invalid user cookie'); } } catch (Exception $e) { Cookie::delete('login'); } } } } }
} try { // Loading Confeature and User from iseplive require_once '../../confeature/init.php'; require_once '../models/User.php'; $username = $_GET['user']; $pass = $_GET['pass']; // Création du XML $xml = new DOMDocument('1.0', 'utf-8'); $MainNode = $xml->createElement('iseplive'); $plateform = $xml->createElement('plateform', "android"); $MainNode->appendChild($plateform); // // Authentification du membre $user = new User_Model(); if ($user->authenticate($username, $pass) == true) { $user = $xml->createElement('user'); $node = $xml->createElement('nom', User_Model::$auth_data['lastname']); $user->appendChild($node); $node = $xml->createElement('prenom', User_Model::$auth_data['firstname']); $user->appendChild($node); $node = $xml->createElement('student_number', User_Model::$auth_data['student_number']); $user->appendChild($node); $node = $xml->createElement('avatar', User_Model::$auth_data['avatar_url']); $user->appendChild($node); $MainNode->appendChild($user); } else { // Renvoi un login echec $user = $xml->createElement('user'); $node = $xml->createElement('nom', "false"); $user->appendChild($node);
private function authenticate() { $username = $this->input->server('PHP_AUTH_USER'); $password = $this->input->server('PHP_AUTH_PW'); if (isset($username) === FALSE || isset($password) === FALSE) { header('WWW-Authenticate: Basic realm="' . Kohana::config('config.site_domain') . '"'); $this->AutenticationFailed(); exit; } else { $user = new User_Model(); $user->email_address = $username; $user->password = $password; $result = $user->authenticate(); // No user found, send 403 if ($result == FALSE) { $this->AutenticationFailed(); } if (!$user->retrieveFromDB()) { $this->AutenticationFailed(); } $result = $user; // Store username and password to instance properties $username = $result->email_address; $password = $result->password; return $result; } }