*/ /** User authentication against SESSION */ class authsession extends auth { /** Check if there is already a session or the user can not be authenticated */ function __construct () { if (!isset ($_SESSION)) throw new Exception ("No session previously opened", 401); } /** No connection to session */ public function connect () { return TRUE; } /** Try to authenticate the email/password of the user * @param string $email Email to authenticate * @param string $password Password to authenticate */ public function authentication ($email, $password) { if (!isset ($_SESSION["domframework"]["auth"]["email"]) || !isset ($_SESSION["domframework"]["auth"]["password"])) throw new Exception ("No previous email in session", 401); if ($_SESSION["domframework"]["auth"]["email"] !== $email) throw new Exception ("Unable to authenticate user '$email'", 401); if ($_SESSION["domframework"]["auth"]["password"] !== $password) throw new Exception ("Bad password for '$email'", 401); } /** Return all the parameters recorded for the authenticate user */ public function getdetails () { if (! isset ($_SESSION["domframework"]["auth"]["email"])) return array ("lastname"=>"anonymous", "firstname"=>"", "email"=>"anonymous"); return array ("lastname"=>$_SESSION["domframework"]["auth"]["lastname"], "firstname"=>$_SESSION["domframework"]["auth"]["firstname"], "email"=>$_SESSION["domframework"]["auth"]["email"]); } /** Method to change the password : unavailable in SESSION auth * @param string $oldpassword The old password (to check if the user have the * rights to change the password) * @param string $newpassword The new password to be recorded */ public function changepassword ($oldpassword, $newpassword) { throw new Exception (dgettext("domframework", "The password can't be change for SESSION users"), 405); } /** Method to overwrite the password (without oldpassword check) * Must be reserved to the administrators. For the users, use changepassword * method * @param string $email the user identifier to select * @param string $newpassword The new password to be recorded */ public function overwritepassword ($email, $newpassword) { throw new exception (dgettext("domframework", "The password can't be overwrite for SESSION users"), 405); } /** Save the data in session * @param string $email The email to store in the session * @param string $password The password to store in the session * @param string $lastname The lastname to store in the session * @param string $firstname The firstname to store in the session * @deprecated 0.23 */ public function savedatas ($email, $password, $lastname, $firstname) { return $this->savedata ($email, $password, $lastname, $firstname); } /** Save the data in session * @param string $email The email to store in the session * @param string $password The password to store in the session * @param string $lastname The lastname to store in the session * @param string $firstname The firstname to store in the session */ public function savedata ($email, $password, $lastname, $firstname) { $_SESSION["domframework"]["auth"]["lastname"] = $lastname; $_SESSION["domframework"]["auth"]["firstname"] = $firstname; $_SESSION["domframework"]["auth"]["email"] = $email; $_SESSION["domframework"]["auth"]["password"] = $password; } /** Remove the information from the session */ public function logout () { if (isset ($_SESSION["domframework"]["auth"]["lastname"])) unset ($_SESSION["domframework"]["auth"]["lastname"]); if (isset ($_SESSION["domframework"]["auth"]["firstname"])) unset ($_SESSION["domframework"]["auth"]["firstname"]); if (isset ($_SESSION["domframework"]["auth"]["email"])) unset ($_SESSION["domframework"]["auth"]["email"]); if (isset ($_SESSION["domframework"]["auth"]["password"])) unset ($_SESSION["domframework"]["auth"]["password"]); } }