Class: Phly_Auth

Source Location: /Phly_Auth/Phly/Auth.php

Class Phly_Auth

Class Overview

Authentication class

Pluggable authentication class. Credentials are checked against the provided callback (passed to the constructor), and valid users then receive an authentication session. The authentication session includes the following keys:

authenticated; always set to true
username; set to the username provided at login, unless the validation callback returns a non boolean true value, in which case that value will be used.
loginTime; timestamp of initial login
timeStamp; timestamp of most recent page visit
userData; a second argument to the constructor may be passed, a callback to retrieve user data. If so provided, any return value is stored in this key. This might contain ACL permissions, additional demographic information, etc
sessionData; any extra session data you wish to associate with the authentication session.

The above properties, and all properties in the sessionData array, may be accessed as object properties. (Note: make sure your sessionData keys don't collide with those in the main auth array.)

You may also configure the authentication class. Simply use the config() method, setting one of the $_config keys as desired; see $_config for some sample keys and default values.

Examples:

 class MyAuth
 {
     public static function isValid($username, $password)
     {
         $users = parse_ini_file('./users.ini', true);
         if (isset($users[$username])
             && (md5($password) == $users[$username]['password']))
         {
             return true;
         }
 
         return false;
     }
 
     public static function getUserData($username)
     {
         $users = parse_ini_file('./users.ini', true);
         if (isset($users[$username])) {
             $user = $users[$username];
             unset($user['password']);
             return $user;
         }
 
         return array();
     }
 }
 
 require_once 'Phly/Auth.php';
 $auth = new Phly_Auth(array('MyAuth', 'isValid'), array('MyAuth', 'getUserData'));
 $auth->start();
 
 if (!$auth->isValid) {
     // decide what to do with unauthenticated user
  } else {
     echo 'Welcome back, ' . $auth->username . '!';
 }

Located in /Phly_Auth/Phly/Auth.php [line 103]

Author(s):

Matthew Weier O'Phinney <mweierophinney@gmail.com>

Information Tags:

Version:	@release-version@
Copyright:	2006 - Present, Matthew Weier O'Phinney

[ Top ]

Property Summary

array	$_config	Configuration array, with keys:
mixed	$_getData	getData callback (for retrieving user data)
mixed	$_validator	Authentication validation callback

[ Top ]

Method Summary

void	__construct()	Constructor
mixed	config()	Configuration
false\|array	getSessionData()	Get session data from an authentication session
boolean	isValid()	Checks whether a user has authenticated.
void	logout()	Logout a user
void	start()	Starts session, if not already done, updating auth session timestamp if present.
boolean	_login()	Attempt to login a user
mixed	__get()	Retrieve a value from the session auth array
boolean	__set()	Set data in the sessionData array of the auth session

[ Top ]

Properties

array $_config = array(
'form_username' => 'username',
'form_password' => 'password',
'form_submit' => 'login',
'password_hash' => 'md5',
'session_var' => '_auth',
'session_idle' => null,
'session_length'=> null,
'use_get' => false
) [line 124]

Configuration array, with keys:

form_username (default: username)
form_password (default: password)
form_submit (default: login; a form variable that should be set indicating that the form submitted is a login form)
password_hash (default: md5; callback to use to hash password)
session_var (default: _auth; name of session key holding authentication session)
session_idle (default: null; maximum number of seconds allowed between requests before requiring a new login)
session_length (default: null; maximum number of seconds a session is valid)
use_get (default: false; flag; whether or not to check for login form variables in the $_GET array)

API Tags:

Access:

protected

[ Top ]

mixed $_getData = null [line 147]

getData callback (for retrieving user data)

API Tags:

Access:

protected

[ Top ]

mixed $_validator [line 140]

Authentication validation callback

API Tags:

Access:

protected

[ Top ]

Methods

Constructor __construct [line 161]

void __construct(
mixed
$isValidCallback, [mixed
$getDataCallback = null] 
)

Constructor

Creates authentication object using passed validation callback and optional getData callback (for retrieving user data).

Parameters:

mixed	$isValidCallback:	Authentication callback
mixed	$getDataCallback:	Optional callback for retrieving user data

API Tags:

Access:

public

Information Tags:

Throws:

Phly_Auth_Exception

[ Top ]

config [line 198]

mixed config(
string
$key, mixed
$value 
)

Configuration

Allows storing/retrieving authentication options.

Passing no values returns the entire $_config.

Passing a single string value returns the value associated with that key in $_config.

Passing two values associates the second value with the key specified in the first in $_config.

If all else fails, returns null.

Parameters:

string	$key:	Optional; configuration key
mixed	$value:	Optional; value to store in $key

API Tags:

Access:

public

[ Top ]

getSessionData [line 437]

false|array getSessionData(
)

Get session data from an authentication session

Returns all session data stored in the sessionData array of the auth session.

To access individual values from the array, access them as class properties.

API Tags:

Access:

public

[ Top ]

isValid [line 246]

boolean isValid(
)

Checks whether a user has authenticated.

First checks to see if the user exists in the session; then attempts to log a person in.

API Tags:

Access:

public

[ Top ]

logout [line 366]

void logout(
)

Logout a user

Logs out a user by unsetting the authentication session.

API Tags:

Access:

public

[ Top ]

start [line 232]

void start(
)

Starts session, if not already done, updating auth session timestamp if present.

API Tags:

Access:

public

[ Top ]

_login [line 302]

boolean _login(
)

Attempt to login a user

Attempts to login a user via $_POST (or $_GET if 'use_get' config value is set to true).

Uses the config values:

form_username: username element of form
form_password: password element of form
form_submit: name of submit button of form (or any other key that

should be utilized)

Then applies 'password_hash' config callback to the password, and sends username and password to isValid() method of container.

API Tags:

Access:

protected

Information Tags:

Throws:

Phly_Auth_Exception if unable to populate session data

[ Top ]

__get [line 382]

mixed __get(
string
$key 
)

Retrieve a value from the session auth array

Attempts to retrieve a value from the session auth array or the sessionData array of the session auth array. If the value exists, it is returned; otherwise, false is returned.

Parameters:

string

$key:

API Tags:

Access:

public

[ Top ]

__set [line 407]

boolean __set(
string
$key, mixed
$value 
)

Set data in the sessionData array of the auth session

Parameters:

string	$key:
mixed	$value:

API Tags:

Access:

public

[ Top ]

Phly Documentation	Phly

[ return to channel ] [ class tree: Phly ] [ index: Phly ] [ all elements ]