|
|
|
File: C:/usr/local/lib/php/blueshoes-4.2/core/auth/cug/Bs_Cug.class.php
BlueShoes Application Framework - auth/cug
Bs_Cug
Bs_Object
|
+-- Bs_Cug
Closed User Group (Cug) Class
|
public class Bs_Cug extends Bs_Object
Closed User Group (Cug) Class
this class is used to manage closed user groups. cug's are secured partsof a website that only some ppl can access, usually based on login (user/pass) information.this class needs a session. it uses the global one if it exists, otherwiseit creates the global one.it also needs the bs form stuff to show and handle the login form.dependencies: Bs_Password, Bs_Form (which starts a chain of includes),HtmlTable, Bs_SessionFile
| Authors | |
| Version | 4.0.$id$ |
| Copyright | blueshoes.org |
|
| |
|
Direct known subclasses: Bs_CugArray, Bs_CugDb
|
|
Methods inherited from Bs_Object |
| isex, isexception, tostring, tohtml, persist, unpersist, bs_object, bbsetoutput, bbawake, bbisawake, bbxmsg, bbxfunctionstart, bbxfunctionend, bbxecho, bbxvar, bbxvardump, bbforcetrace, bbbufferstart, bbbufferget, bbbufferendflush, bbbufferendclean |
|
|
|
|
|
|
|
Private Field Summary |
| array |
$_APPreference to the global settings hash. |
| object [unknown] |
$bsSessionrefenrece to global session object. |
| array |
$_postVarsreference to the HTTP_POST_VARS array. |
| string |
$_cugNamethe cug needs a name. once the user logged in successfully, |
| unknown |
$errorMsg |
|
Private Constant Summary |
| BS_CUG_VERSION |
>>4.0.$x$<< |
Warning: documentation is missing. |
|
Public Method Details |
Bs_Cug |
|
public void Bs_Cug( string $cugName, [ string $postData ] )
|
| |
Constructor.
|
| Parameter |
|
|
|
| string |
$postData |
= >>NULL<< |
|
(default is NULL which means use $_post. only pass something if really needed.)
@2do session handling is to change (use Bs_SimpleSession) --sam |
|
| Returns |
void |
|
letMeIn |
|
public bool letMeIn( )
|
| |
tells if the session is registered, the user is logged in.
if this returns false we need to display the login form to the user.
|
| Returns |
bool |
|
logout |
|
public void logout( )
|
| |
logs out the user from this cug, does *not* kill the session
cause it might be needed for other things.
|
| Returns |
void |
|
getLoginForm |
|
public string getLoginForm( )
|
| |
returns the login form as html code.
|
| Returns |
string |
|
treatLoginForm |
|
public mixed treatLoginForm( )
|
| |
treats the login form.
if there was a successful login, you get bool TRUE back.otherwise (or on the first display) you get an html string back (thehtml login form).in the past this function redirected automatically after a successfullogin. that changed now, cause you may need to do other stuff, egregister some session vars. feel free to use $this->redirect() yourself.2002/04/18 --andrej
|
| Returns |
mixed (see above) |
|
redirect |
|
public void redirect( )
|
| |
redirects to the specified page.
|
| Returns |
void |
|
looksLikeHack |
|
public bool looksLikeHack( string $password, [ string $username ] )
|
| |
let's see if this failed attempt looks like a hack.
uses Bs_Password which might need some mysql db tables.
|
| Parameter |
|
|
|
| string |
$username |
= >>null<< |
|
|
|
| Returns |
bool (also returns FALSE if we don't know.) |
|
|
Private Method Details |
_validateLogin |
|
private void _validateLogin( )
|
| |
overwrite this method.
|
| Returns |
void |
|
_validateLoginData |
|
private mixed _validateLoginData( array $validateData )
|
| |
helper function, gets called from _validateLogin().
param $validateData:has at least the keys:'sentUser''sentPass''user''pass'and may have all these 3 keys (or none of them) for the lifecycle:'isActive' (bool (TRUE/FALE) or int(1/0) (numericthat evaluates to bool))'startDatetime' (eg 2002-12-31, empty = already)'endDatetime' (eg 2002-12-31, empty = never)if the lifecycle is there, it is used.big note: these keys have nothing to do with the $userFieldNames object var; theyare internal here.
|
| Parameter |
|
| array |
$validateData |
|
|
(hash, see above) |
|
| Returns |
mixed (string on failure, bool TRUE on success. on failure $this->errorMsg gets set too.) |
|
_logAttempt |
|
private void _logAttempt( )
|
| |
overwrite this method.
|
| Returns |
void |
|
_prepareLogData |
|
private array _prepareLogData( bool $isOk, [ string $failedReason, string $looksLikeHack, string $realData ] )
|
| |
param $realData:
if set then it is a hash and can have 0-n of the keys 'realUserID', 'realUsername'and 'realPassword'.if the user-given userID matches a real one, then we can log the real user/passto see how much they were different. but you don't need that, maybe you don't wantto log the real user/pass combinations or only the user without real pass.
|
| Parameter |
|
| bool |
$isOk |
|
|
(if the login was ok or not.) |
|
|
| string |
$failedReason |
= >>''<< |
|
(set if login failed. default is ''.) |
|
|
| string |
$looksLikeHack |
= >>FALSE,<< |
|
(TRUE if yes. FALSE if no, unknown or unchecked. default is FALSE.) |
|
|
| string |
$realData |
= >>NULL<< |
|
(hash, see above. default is NULL.) |
|
| Returns |
array |
|
_hackAlert |
|
private void _hackAlert( )
|
| |
alerts the webmaster by email about the hack attempt.
|
| Returns |
void |
|
_timeoutOnLoginFailure |
|
private void _timeoutOnLoginFailure( int $secs )
|
| |
makes the user wait on failed logins.
|
| Parameter |
|
|
| Returns |
void |
|
_loadLoginForm |
|
private void _loadLoginForm( )
|
| |
Warning: documentation is missing.
|
| Returns |
void |
|
|
Public Field Details |
$form |
|
public object [unknown] $form
>>
an instance of bs_form.
|
|
$redirectPage |
|
public string $redirectPage
>>'frameset.php'<<
the page (maybe with directory) to which the user will be redirected
once the login was successful.
|
|
$formTarget |
|
public string $formTarget
>>'_top'<<
the target the login form submits to.
default is '_top'. i think that's a good thing for most forms.if you want no target, unset() this var. empty is not enough.
|
|
$language |
|
public string $language
>>'en'<<
the language used
|
|
$maxNumAttempts |
|
public integer $maxNumAttempts
>>
how many login attempts does the user have?
0 means 'no limit'.
|
|
$checkForHack |
|
public string $checkForHack
>>TRUE<<
if we should check for hack attempts or not.
logins like root/root, guest/guest, letmein etc are considered hacks.the 3rd such login attempt will result in some action.
|
| See Also |
$actionOnHack |
|
$actionOnHack |
|
public unknown $actionOnHack
>>
blockIP
blockCnetblockUsernamealertWebmaster...
|
| See Also |
$checkForHack |
|
$logAttempts |
|
public integer $logAttempts
>>1<<
should we log login attempts?
!!! important !!!:due to the current setup, to be able to determine the number offailed logins in a row or hack attempts, we need to log *all* login attempts,also the good ones. otherwise that "in a row" thing won't work.it could be done differently by saving a counter in the user table, but it'snot. recode it if you feel like doing it, i don't.0 = no1 = yes, all (=default)2 = failed only3 = successful only
|
|
$checkCaseSensitive |
|
public integer $checkCaseSensitive
>>
how should username and password be compared? case sensitive or not?
0 = yes (all case sensitive)1 = only username2 = only password3 = no (all case insensitive)
|
|
$userFieldNames |
|
public array $userFieldNames
>>array(
'user' => 'user',
'pass' => 'pass',
'isActive' => 'isActive',
'startDatetime' => 'startDatetime',
'endDatetime' => 'endDatetime',
'email' => 'email'
)<<
the captions of the keys.
these are the defaults and recommended, you may need to changethem based on your data structure (array or db or file implementation or whatever).var $userFieldNames = array('user' => 'user','pass' => 'pass','isActive' => 'isActive','startDatetime' => 'startDatetime','endDatetime' => 'endDatetime','email' => 'email');user and pass are for authentication, isActive startDatetime and endDatetimefor the lifecycle, email is to automatically send the password to the user.if something is not there, that feature cannot be used (lifecycle/email).note: take care that you don't choose reserved names, eg 'password' for mysql.
|
|
|
Private Field Details |
$_APP |
|
private array $_APP
>>
reference to the global settings hash.
|
|
$bsSession |
|
private object [unknown] $bsSession
>>
refenrece to global session object.
|
|
$_postVars |
|
private array $_postVars
>>
reference to the HTTP_POST_VARS array.
gets set in the constructor.we could just use $_POST, but this way we have the optionto use something different. may be needed.
|
|
$_cugName |
|
private string $_cugName
>>
the cug needs a name. once the user logged in successfully,
a session var with that name will be set to int 1.so this name really should be unique if you run different cug's.this var gets set in the constructor.
|
|
$errorMsg |
|
private unknown $errorMsg
>>
|
|
|
Private Constant Details |
BS_CUG_VERSION
define( BS_CUG_VERSION, >>4.0.$x$<< )
Case: default: case sensitive
|
|
|
|
|
|
| PHPDoc 1.0beta |
