Auth (A1) and ACL (A2, ACL): Pt 3, the User Controller
Laws control the lesser man… Right conduct controls the greater one. – Mark Twain
Part 1: Introduction
Part 2: The Data Model
Part 3: The Controller
Part 4: It becomes a module
Part 5: Adding ACL
You now need a User Controller
<?php defined('SYSPATH') or die('No direct script access.');</p>
<p>class Controller_User extends Controller_Template implements Acl_Resource_Interface<br />
{<br />
public function before()<br />
{<br />
parent::before();</p>
<p> $this->a2 = A2::instance();</p>
<p> // Returns user currently logged in.<br />
// Does an auto_login (using cookie token) if<br />
// cookie exists and is valid<br />
// Returns FALSE if no-one logged in<br />
$this->user = $this->a2->get_user();</p>
<p> // If NOT Logged on AND Guest NOT ALLOWED throw a 401<br />
// (e.g. In case of Controller_User, guest would<br />
// be allowed access to 'login' action)<br />
if (($this->user === FALSE) AND<br />
(!$this->a2->allowed($this->get_resource_id(),<br />
$this->request->action())))<br />
{<br />
// 401 - NOT AUTHENTICATED, NOT ALLOWED, SO GO TO LOGIN PAGE<br />
throw new HTTP_Exception_401(<br />
'Please login to access :resource',<br />
array(':resource'=>$this->get_resource_id()));<br />
}</p>
<p> // If Logged on AND NOT ALLOWED<br />
// Throw a 403<br />
if (!$this->a2->allowed($this->get_resource_id(),<br />
$this->request->action()))<br />
{<br />
// 403 - AUTHENTICATED, BUT NOT ALLOWED ACCESS<br />
throw new HTTP_Exception_403(<br />
'<b>:user</b> (:roles) is not allowed to <b>:action</b> <b>:resource</b>',<br />
array(':user'=>$this->user->username,<br />
':roles'=>implode(', ',$this->user->get_role_id()),<br />
':action'=>$this->request->action(),<br />
':resource'=>$this->get_resource_id()));<br />
}<br />
}</p>
<p> public function get_resource_id()<br />
{<br />
return 'user';<br />
}</p>
<p> /**<br />
* View: Login form.<br />
*/<br />
public function action_login()<br />
{<br />
if (HTTP_Request::POST == $this->request->method())<br />
{<br />
if ($this->request->post('cancel'))<br />
throw HTTP_Exception::factory(302)<br />
->location('/'); </p>
<p> $post = Validation::factory($this->request->post())<br />
//->filter(TRUE,'trim')<br />
->rule('username', 'not_empty')<br />
->rule('username', 'min_length', array(':username', 4))<br />
->rule('username', 'max_length', array(':username',127))<br />
->rule('password', 'not_empty');</p>
<p> // do we have a username and a password??<br />
if($post->check())<br />
{<br />
if($this->a2<br />
->auth()<br />
->login($post['username'],$post['password'],<br />
isset($post['remember'])<br />
? (bool) $post['remember']<br />
: FALSE))<br />
{<br />
// !!! probably want something more specific here<br />
$this->redirect('/');<br />
}<br />
}<br />
}</p>
<p> $page = $this->request->query('page');<br />
if (isset($_POST['page']))<br />
$page = $_POST['page'];</p>
<p> $this->template->title = "Login";<br />
// --center heading--<br />
$this->template->center_heading = 'L O G I N';</p>
<p> $this->template->content = view::factory('nimda/page/login')<br />
->set('page', $page);<br />
} </p>
<p> /**<br />
* Log the user out.<br />
*/<br />
public function action_logout()<br />
{<br />
// Sign out the user<br />
$this->a2->auth()->logout();<br />
$this->user = NULL;</p>
<p> $page = $this->request->query('page');<br />
if (!empty($page))<br />
$this->redirect($page);<br />
return $this->action_login();<br />
}</p>
<p> /**<br />
* If no users (a virgin setup) then create<br />
* an admin user<br />
*/<br />
public function action_initialise()<br />
{<br />
if (ORM::factory('user')->count_all() == 0)<br />
{<br />
$user = ORM::factory('user');<br />
$user->values(array(<br />
'username' => 'admin',<br />
'email' => 'webmaster@silver-bullet.co.nz',<br />
'password' => 'admin',<br />
'password_confirm' => 'admin',<br />
));<br />
$user->save();</p>
<p> $user->add('roles',<br />
ORM::factory('role')->where('name', '=', 'login')->find());<br />
$user->add('roles',<br />
ORM::factory('role')->where('name', '=', 'admin')->find());<br />
}</p>
<p> $this->redirect('/login');<br />
}<br />
} // End Welcome<br />