upd: api.core.AuthSystemDefault (implemented authentication by token)
This commit is contained in:
xdrm-brackets
parent
e33e6714d7
commit
2c713f48e8
|
|
@ -5,6 +5,7 @@
|
|||
use \error\core\Error;
|
||||
use \error\core\Err;
|
||||
use \api\core\AuthSystem;
|
||||
use \database\core\Repo;
|
||||
|
||||
|
||||
|
||||
|
|
@ -43,12 +44,12 @@
|
|||
/* (3) Gestion de AUTH en fonction des tokens
|
||||
---------------------------------------------------------*/
|
||||
/* (1) Token Authentication: ADMIN */
|
||||
if( preg_match('/^(u[a-f0-9]{128})$/', $AUTH, $match) )
|
||||
$_SESSION['AUTH'] = [ 'token' => $match[1], 'type' => 'user' ];
|
||||
if( preg_match('/^a([a-f0-9]{128})$/', $AUTH, $match) )
|
||||
$_SESSION['AUTH'] = [ 'token' => $match[1], 'type' => 'admin' ];
|
||||
|
||||
/* (2) Token Authentication: USER */
|
||||
elseif( preg_match('/^(a[a-f0-9]{128})$/', $AUTH, $match) )
|
||||
$_SESSION['AUTH'] = [ 'token' => $match[1], 'type' => 'admin' ];
|
||||
elseif( preg_match('/^u([a-f0-9]{128})$/', $AUTH, $match) )
|
||||
$_SESSION['AUTH'] = [ 'token' => $match[1], 'type' => 'user' ];
|
||||
|
||||
/* (2) Aucune authentification */
|
||||
else{
|
||||
|
|
@ -85,9 +86,19 @@
|
|||
=========================================================*/
|
||||
if( self::auth_level() == 2 ){
|
||||
|
||||
// TODO: implement ADMIN database auth. check
|
||||
// + set $_SESSION['ADMIN']
|
||||
// + return FALSE on error
|
||||
/* (1) Fetch admin by token */
|
||||
$fetched_admin = Repo::request('admin', 'getByToken', $_SESSION['AUTH']['token']);
|
||||
|
||||
/* (2) If does not exist -> no auth */
|
||||
if( !is_array($fetched_admin) )
|
||||
return false;
|
||||
|
||||
/* (3) Update global admin informations */
|
||||
$_SESSION['ADMIN'] = [
|
||||
'id' => $fetched_admin['id_admin'],
|
||||
'username' => $fetched_admin['username'],
|
||||
'mail' => $fetched_admin['mail']
|
||||
];
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -96,9 +107,19 @@
|
|||
=========================================================*/
|
||||
if( self::auth_level() == 1 ){
|
||||
|
||||
// TODO: implement USER database auth. check
|
||||
// + set $_SESSION['USER']
|
||||
// + return FALSE on error
|
||||
/* (1) Fetch user by token */
|
||||
$fetched_user = Repo::request('user', 'getByToken', $_SESSION['AUTH']['token']);
|
||||
|
||||
/* (2) If does not exist -> no auth */
|
||||
if( !is_array($fetched_user) )
|
||||
return false;
|
||||
|
||||
/* (3) Update global user informations */
|
||||
$_SESSION['USER'] = [
|
||||
'id' => $fetched_user['id_user'],
|
||||
'username' => $fetched_user['username'],
|
||||
'mail' => $fetched_user['mail']
|
||||
];
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -223,7 +244,7 @@
|
|||
public static function auth_level(){
|
||||
|
||||
/* (1) Not set */
|
||||
if( !is_array($_SESSION['AUTH']) || !isset($_SESSION['AUTH']['type']) )
|
||||
if( !is_array($_SESSION['AUTH']) || !isset($_SESSION['AUTH']['token']) || !isset($_SESSION['AUTH']['type']) )
|
||||
return 0;
|
||||
|
||||
/* (2) Admin / User */
|
||||
|
|
|
|||
Loading…
Reference in New Issue