2009-12-18 12:56:12 +00:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* Handles authentication and password handling for all city LDAP people.
|
|
|
|
|
*
|
|
|
|
|
* Applications should extend this class for their own users. That way,
|
|
|
|
|
* a city employee will have the same username and password on all applications.
|
|
|
|
|
* Applications should use these public functions for their own users.
|
|
|
|
|
*
|
2012-01-06 15:21:29 +00:00
|
|
|
* @copyright 2006-2012 City of Bloomington, Indiana
|
2011-06-14 13:29:37 +00:00
|
|
|
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
2009-12-18 12:56:12 +00:00
|
|
|
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
|
|
|
|
*/
|
|
|
|
|
abstract class SystemUser
|
|
|
|
|
{
|
|
|
|
|
abstract public function getId();
|
|
|
|
|
abstract public function getUsername();
|
|
|
|
|
abstract public function getAuthenticationMethod();
|
|
|
|
|
abstract public function getRoles();
|
|
|
|
|
|
|
|
|
|
abstract public function hasRole($roles);
|
|
|
|
|
|
|
|
|
|
abstract public function setAuthenticationMethod($method);
|
|
|
|
|
abstract public function setRoles($roles);
|
|
|
|
|
abstract public function setUsername($username);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Passwords are set in clear text. The only times you would want to set a password
|
|
|
|
|
* is when you're adding a new password or changing a person's password.
|
|
|
|
|
* Either way, it's up to the individual save routines to handle encrypting the new password
|
|
|
|
|
* before storing it. Passwords should not be loaded in the constructor - they're
|
|
|
|
|
* supposed to be encrypted, so what's the point?
|
|
|
|
|
*/
|
|
|
|
|
abstract public function setPassword($password);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Used to hand authentication off to the application
|
|
|
|
|
*/
|
|
|
|
|
abstract protected function authenticateDatabase($password);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Used to hand password saving off to the application
|
|
|
|
|
*/
|
|
|
|
|
abstract protected function saveLocalPassword();
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Determines which authentication scheme to use for the user and calls the appropriate method
|
|
|
|
|
*
|
|
|
|
|
* @param string $password
|
|
|
|
|
* @return boolean
|
|
|
|
|
*/
|
|
|
|
|
public function authenticate($password)
|
|
|
|
|
{
|
|
|
|
|
switch($this->getAuthenticationMethod()) {
|
|
|
|
|
case "local":
|
|
|
|
|
return $this->authenticateDatabase($password);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
$type = $this->getAuthenticationMethod();
|
2012-01-06 15:21:29 +00:00
|
|
|
return $type::authenticate($this->getUsername(),$password);
|
2009-12-18 12:56:12 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Establishes a new Session and loads the default information for the user
|
|
|
|
|
*/
|
|
|
|
|
public function startNewSession()
|
|
|
|
|
{
|
|
|
|
|
session_destroy();
|
|
|
|
|
session_start();
|
|
|
|
|
|
|
|
|
|
$_SESSION['USER'] = $this;
|
|
|
|
|
$_SESSION['IP_ADDRESS'] = $_SERVER['REMOTE_ADDR'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2012-01-06 15:21:29 +00:00
|
|
|
* Used to save passwords to the database
|
|
|
|
|
*
|
|
|
|
|
* Only local passwords should be saved. External Identities should have
|
|
|
|
|
* their own methods for users to change passwords
|
2009-12-18 12:56:12 +00:00
|
|
|
*/
|
|
|
|
|
public function savePassword()
|
|
|
|
|
{
|
|
|
|
|
switch($this->getAuthenticationMethod()) {
|
|
|
|
|
case "local":
|
|
|
|
|
$this->saveLocalPassword();
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
