rosehill/libraries/framework/classes/SystemUser.php

91 lines
2.6 KiB
PHP

<?php
/**
* Handles authentication and password handling for all city LDAP people.
*
* Applications should extend this class for their own users. That way,
* a city employee will have the same username and password on all applications.
* Applications should use these public functions for their own users.
*
* @copyright 2006-2012 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
* @author Cliff Ingham <inghamn@bloomington.in.gov>
*/
abstract class SystemUser
{
abstract public function getId();
abstract public function getUsername();
abstract public function getAuthenticationMethod();
abstract public function getRoles();
abstract public function hasRole($roles);
abstract public function setAuthenticationMethod($method);
abstract public function setRoles($roles);
abstract public function setUsername($username);
/**
* Passwords are set in clear text. The only times you would want to set a password
* is when you're adding a new password or changing a person's password.
* Either way, it's up to the individual save routines to handle encrypting the new password
* before storing it. Passwords should not be loaded in the constructor - they're
* supposed to be encrypted, so what's the point?
*/
abstract public function setPassword($password);
/**
* Used to hand authentication off to the application
*/
abstract protected function authenticateDatabase($password);
/**
* Used to hand password saving off to the application
*/
abstract protected function saveLocalPassword();
/**
* Determines which authentication scheme to use for the user and calls the appropriate method
*
* @param string $password
* @return boolean
*/
public function authenticate($password)
{
switch($this->getAuthenticationMethod()) {
case "local":
return $this->authenticateDatabase($password);
break;
default:
$type = $this->getAuthenticationMethod();
return $type::authenticate($this->getUsername(),$password);
}
}
/**
* Establishes a new Session and loads the default information for the user
*/
public function startNewSession()
{
session_destroy();
session_start();
$_SESSION['USER'] = $this;
$_SESSION['IP_ADDRESS'] = $_SERVER['REMOTE_ADDR'];
}
/**
* Used to save passwords to the database
*
* Only local passwords should be saved. External Identities should have
* their own methods for users to change passwords
*/
public function savePassword()
{
switch($this->getAuthenticationMethod()) {
case "local":
$this->saveLocalPassword();
break;
}
}
}