<?php
/***************************************************************************
- * Copyright (C) 2003-2008 Polytechnique.org *
+ * Copyright (C) 2003-2010 Polytechnique.org *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
***************************************************************************/
+/** Authentication level.
+ * Only AUTH_PUBLIC is mandatory. The others are defined as useful values,
+ * but can be overwritten by others auth levels definitions.
+ */
+define('AUTH_SUID', -1);
+define('AUTH_PUBLIC', 0);
+define('AUTH_COOKIE', 5);
+define('AUTH_MDP', 10);
+
/** The PlSession is a wrapper around the user session management.
*/
*/
public function start($level)
{
- $backup = S::i($level);
if ($this->checkAuth($level)) {
return true;
}
*/
abstract protected function startSessionAs($user, $level);
+ /** Check authentication with the given token.
+ *
+ * Token authentication is a light-weight authentication based on a user-specific token.
+ * This can be used for protocols that requires a 'cookie'-free authentication, such as
+ * RSS, iCal registration...
+ *
+ * This function returns a valid user object if authentication is successful, or null if
+ * token mismatch.
+ */
+ abstract public function tokenAuth($login, $token);
+
+ /** Set the permissions to the given flagset.
+ *
+ * This function sets S::set('perms') with a flagset represeting the combination of
+ * $perms and $is_admin.
+ *
+ * $perms is an abstract object representing the permissions.
+ * $is_admin is a boolean, true if the current user has site-administration rights.
+ */
+ abstract protected function makePerms($perms, $is_admin);
/*** SUID management ***/
/** Start a new SUID session.
*/
- public function startSUID($user)
+ public function startSUID($user, $perms = null)
{
- if (isset($_SESSION['suid'])) {
+ if (S::suid()) {
return false;
}
- $newsession = array();
- $backup =& $_SESSION;
- $_SESSION =& $newsession;
+ $backup = $_SESSION;
+ $_SESSION = array();
$this->fillSession();
S::set('suid', $backup);
- if (!$this->startSessionAs($user, -1)) {
+ if (!$this->startSessionAs($user, AUTH_SUID)) {
$this->stopSUID();
return false;
}
+ S::set('user', $user);
+ if (!is_null($perms)) {
+ $this->makePerms($perms, false);
+ }
return true;
}
*/
public function stopSUID()
{
- if (!isset($_SESSION['suid'])) {
+ if (!S::suid()) {
return false;
}
- $_SESSION =& $_SESSION['suid'];
+ $_SESSION = $_SESSION['suid'];
return true;
}
/*** Thresholds ***/
+ /** Minimum level of authentication that is considered as logged.
+ */
+ abstract public function loggedLevel();
+
/** Minimum level of authentication that is considered as sure.
*/
abstract public function sureLevel();