af3e883681d1b66214e4fa3904f7eeb726b6bb4f
2 /***************************************************************************
3 * Copyright (C) 2003-2008 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
23 /** The PlSession is a wrapper around the user session management.
25 abstract class PlSession
27 /** Build a new session object.
28 * If a session is already started, this just wraps the session... if no
29 * session is currently started, this set the base session variables.
30 * * auth contains the current authentication level. The level is
31 * an integer that grows with the security of the authentication
33 * * perms contains the current permission flags of the user. This flags
34 * depends on the category of the user.
35 * * challenge contains a random uniq id for authentication.
36 * * xsrf_token contains a random uniq id for xsrf prevention.
37 * * user contains a reference to the current user.
39 public function __construct()
45 /** Build the session structure with system fields.
47 private function fillSession()
49 S
::bootstrap('user', null
);
50 S
::bootstrap('auth', AUTH_PUBLIC
);
51 S
::bootstrap('challenge', sha1(uniqid(rand(), true
)));
52 S
::bootstrap('xsrf_token', rand_url_id());
53 S
::bootstrap('perms', new PlFlagSet());
56 /** Write current session and close it.
58 public function close()
60 session_write_close();
63 /** Kill the current session.
65 public function destroy()
71 /** Check if the user has at least the given authentication level.
73 public function checkAuth($level)
75 return S
::i('auth') >= $level;
78 /** Check if the user has the given permissions.
80 public function checkPerms($perms)
82 return S
::v('perms')->hasFlagCombination($perms);
85 /** Run authentication procedure to reach at least the given level.
87 public function start($level)
89 if ($this->checkAuth($level)) {
92 $user = $this->doAuth($level);
93 if (is_null($user) ||
!$this->checkAuth($level)) {
96 if ($this->startSessionAs($user, $level)) {
97 if (is_null(S
::v('user'))) {
98 S
::set('user', $user);
108 /*** Abstract methods ***/
110 /** Run the effectively authentication procedure to reach the given user.
111 * This method must return a user object (that will be used to fill the
112 * $_SESSION['user'] field).
114 * If auth failed, the function MUST return null. If auth succeed, the
115 * field $_SESSION['auth'] MUST be filled to the current effective level.
117 abstract protected function doAuth($level);
119 /** Set the session environment to the given user and authentication level.
120 * This function MUST return false if a session is already started and the
123 * On succes, this function MUST return true.
124 * If $level is set to -1, this means you are building a new SUID session.
126 abstract protected function startSessionAs($user, $level);
129 /*** SUID management ***/
131 /** Start a new SUID session.
133 public function startSUID($user)
135 if (isset($_SESSION['suid'])) {
138 $newsession = array();
139 $backup =& $_SESSION;
140 $_SESSION =& $newsession;
141 $this->fillSession();
142 S
::set('suid', $backup);
143 if (!$this->startSessionAs($user, -1)) {
150 /** Stop a SUID session
152 public function stopSUID()
154 if (!isset($_SESSION['suid'])) {
157 $_SESSION =& $_SESSION['suid'];
164 /** Minimum level of authentication that is considered as sure.
166 abstract public function sureLevel();
169 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: