PHP Demo Application - Source Code
/Framework/Model/Libraries/Security.php
<?php
/**
* Script Contents: Apeel_Framework_Model_Libraries_Security Class Library
* @package Apeel_Framework_Model_Libraries
*/
/**
* Library to provide User Login Authentication.
*
* @package Apeel_Framework_Model_Libraries
* @version 1.1.0
* @author John W. King (email: contact@apeelframework.net)
* @copyright City Business Logic Limited 2001-2011
* @license Dual MIT / GNU Lesser General Public License Version 3
*/
class Apeel_Framework_Model_Libraries_Security {
/**
* Validates user credentials passed to the method and returns true/false
* to confirm whether they were successfully validated or not.
*
* It first tries to match them against the Master username/password held in
* APEEL_MASTER_USERNAME and APEEL_MASTER_PASSWORD.
*
* If they do not match, it next tries to authenticate the user against the
* Data Object defined by APEEL_USER_OBJECT.
*
* It supports passwords encrypted using MD5 and SHA1 (selected by
* APEEL_PASSWORD_ENCRYPTION), and can work with both prefix and suffix
* salt values (APEEL_PASSWORD_SALT_PREFIX / APEEL_PASSWORD_SALT_SUFFIX).
*
* If the credentials supplied are not matched, it logs out the existing
* user (if there is one).
*
* If they are successfully validated then the session variables are set:
* APEEL_LOGGED_IN = 1
* APEEL_USER_NAME = $username.
*
* @param string $username
* @param string $password
* @return boolean
*/
public static function validateUserCredentials($username, $password) {
if (strcasecmp($username, APEEL_MASTER_USERNAME) + strcasecmp($password, APEEL_MASTER_PASSWORD) == 0) {
$_SESSION['APEEL_LOGGED_IN'] = '1';
$_SESSION['APEEL_USER_NAME'] = $username;
return true;
}
if (APEEL_PASSWORD_ENCRYPTION == 'MD5') {
$testPassword = md5(APEEL_PASSWORD_SALT_PREFIX . $password . APEEL_PASSWORD_SALT_SUFFIX);
} elseif (APEEL_PASSWORD_ENCRYPTION == 'SHA1') {
$testPassword = sha1(APEEL_PASSWORD_SALT_PREFIX . $password . APEEL_PASSWORD_SALT_SUFFIX);
} else {
$testPassword = $password;
}
if (APEEL_USER_OBJECT != '') {
$userObject = Apeel_Framework_Model_Libraries_Data::getDataObjectByName(APEEL_USER_OBJECT);
$filters = new Apeel_Framework_Model_DataObjects_Parameters_Collections_Filters();
$filters->addFilter(APEEL_USER_NAME, '=', $username);
$filters->addFilter(APEEL_USER_PASSWORD, '=', $testPassword);
$userObject->applyFilters($filters);
$userObject->getRecordset(true);
if ($userObject->getRecordCount() > 0) {
$_SESSION['APEEL_LOGGED_IN'] = '1';
$_SESSION['APEEL_USER_NAME'] = $username;
return true;
} else {
self::logout();
return false;
}
} else {
self::logout();
return false;
}
}
/**
* Clears the Session variables which hold logged in user's details.
*
* @return void
*/
public static function logout() {
$_SESSION['APEEL_LOGGED_IN'] = '0';
$_SESSION['APEEL_USER_NAME'] = '';
}
}
?>
