/** * Helper function to clear related auto login information * for the currently signed in user. * ;ust be called before session gets invalidated. */ protected function clearInformationForAutoLogin() { /** * @see Zend_Registry */ require_once 'Zend/Registry.php'; /** * @see Conjoon_Keys */ require_once 'Conjoon/Keys.php'; // send the current logged in username with the response $auth = Zend_Registry::get(Conjoon_Keys::REGISTRY_AUTH_OBJECT); if ($auth->getIdentity() && $auth->getIdentity()->getDto()) { $user = $auth->getIdentity()->getDto(); /** * @see Conjoon_Modules_Default_User_Model_User */ require_once 'Conjoon/Modules/Default/User/Model/User.php'; $userTable = new Conjoon_Modules_Default_User_Model_User(); $userTable->clearAutoLoginInformationForUserId($user->id); } $this->setAutoLoginCookies("", "", time() - 3600); }
/** * This emthod will authenticate a user against a database table. * It will also generate a login token that is generated during the * login process and will be stored in the db table. The token should then * be written into the session - before dispatching any request, it is advised * to check whether the session stored token still equals to the token stored * in the database - if not, it is likely that another login occured with * this user credentials. * We assume that the controller set the default adapter * for all database operations, thus is available without futher specifying * it. * * @return Zend_Auth_Result * * @throws Zend_Auth_Adapter_Exception */ public function authenticate() { $cookieName = $this->cookieName; $rememberMeToken = $this->cookieRememberMe; $userName = $this->userName; $password = $this->password; $rememberMe = $this->rememberMe; if ($cookieName == "" && $rememberMeToken == "" && (trim($userName) == null || trim($password) == null)) { // return a general failure if either username or password // equal to <code>null</code> return new Zend_Auth_Result(Zend_Auth_Result::FAILURE, $userName, array('Authentication failed. Invalid data.')); } /** * @see Conjoon_Modules_Default_User_Model_User */ require_once 'Conjoon/Modules/Default/User/Model/User.php'; $userTable = new Conjoon_Modules_Default_User_Model_User(); // check here if the username exists if ($cookieName != "" && $rememberMeToken != "") { $count = $userTable->getUserNameCount($cookieName, true); } else { $count = $userTable->getUserNameCount($userName); } // rowset! check count()... if this is > 1, 1..n users share the same // username, which is a bad thing if ($count > 1) { return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS, $userName, array('More than one record matches the supplied identity.')); } else { if ($count == 0) { return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $userName, array('A record with the supplied identity could not be found.')); } } /** * @see Conjoon_BeanContext_Decorator */ require_once 'Conjoon/BeanContext/Decorator.php'; $decorator = new Conjoon_BeanContext_Decorator($userTable); if ($cookieName != "" && $rememberMeToken != "") { $user = $decorator->getUserForHashedUsernameAndRememberMeTokenAsEntity($cookieName, $rememberMeToken); } else { $user = $decorator->getUserForUserNameCredentialsAsEntity($userName, md5($password)); } // <code>null</code> means, that no user was found with the // username/ password combination if ($user === null) { return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $userName, array('Supplied credential is invalid.')); } // we have a match - generate a token and store it into the database $token = md5(uniqid(rand(), true)); $where = $userTable->getAdapter()->quoteInto('id = ?', $user->getId()); $time = time(); $updData = array('auth_token' => $token, 'last_login' => $time); if ($cookieName == "" && $rememberMeToken == "") { $rememberMeToken = $rememberMe === true ? md5(uniqid(rand(), true)) : null; $updData['remember_me_token'] = $rememberMeToken; $user->setRememberMeToken($rememberMeToken); } $userTable->update($updData, $where); if (!$user->getLastLogin()) { $user->setLastLogin(-1); } $user->setAuthToken($token); // anything else from here on matches. return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $user, array('Authentication successful.')); }