137 lines
4.3 KiB
PHP
Raw Normal View History

2011-01-11 08:43:13 +00:00
<?php
class Application_Controller_Plugin_Auth extends Zend_Controller_Plugin_Abstract
{
/**
* Vérifie les autorisations
* Utilise _request et _response hérités et injectés par le FC
*
* @param Zend_Controller_Request_Abstract $request : non utilisé, mais demandé par l'héritage
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
2011-09-07 12:54:43 +00:00
$checkAuth = true;
2012-08-23 20:19:14 +00:00
if ($request->getControllerName()=='user' && $request->getActionName()=='login') {
$checkAuth = false;
2011-09-07 12:54:43 +00:00
}
if ($request->getControllerName()=='fichier'
&& $request->getClientIp(false)=='78.31.45.206') {
$checkAuth = false;
}
if ($checkAuth)
2011-01-11 08:43:13 +00:00
{
2011-09-07 12:54:43 +00:00
$login = $request->getParam('login');
$pass = $request->getParam('pass', '');
$hach = $request->getParam('hach');
$checkIp = $request->getParam('checkIp');
2011-01-11 08:43:13 +00:00
$auth = Zend_Auth::getInstance();
2011-09-07 12:54:43 +00:00
//Est ce que l'on a checkIp=only lors de la requête
$iponly = false;
if ($checkIp=='only') {
2011-09-07 12:54:43 +00:00
$hach = 'iponly:'.$_SERVER['REMOTE_ADDR'];
$iponly = true;
2011-09-07 12:54:43 +00:00
}
2011-09-07 12:54:43 +00:00
//On vérifie le tout lors d'une connexion par url
2012-04-02 16:01:28 +00:00
if ( !empty($login) && !empty($hach) ) {
2012-04-04 10:12:54 +00:00
$authAdapter = new Scores_AuthAdapter($login, $hach, $iponly);
2011-09-07 12:54:43 +00:00
$result = $auth->authenticate($authAdapter);
2012-06-25 08:53:54 +00:00
if ( $result->isValid() ) {
//Store identity in sesssion
$storage = new Zend_Auth_Storage_Session();
$session = new Zend_Session_Namespace($storage->getNamespace());
$auth->setStorage($storage);
$user = new Scores_Utilisateur();
$info = get_browser();
$isMobile = ($info->ismobiledevice==1) ? 1 : 0;
$user->setBrowserInfo($info->platform, $info->browser, $info->version, $isMobile);
} else {
$messageF = '';
foreach ($result->getMessages() as $message) {
$messageF.= $message."<br/>";
}
$request->setModuleName('default')
->setControllerName('user')
->setActionName('logout')
->setParam('message', $messageF);
}
2011-09-07 12:54:43 +00:00
//Sinon on reste sur le standard
} else {
//Authentifié => on met à jour la session
if ( $auth->hasIdentity() && time() < $auth->getIdentity()->time ) {
$identity = $auth->getIdentity();
$identity->time = time() + $identity->timeout;
$auth->getStorage()->write($identity);
if (Zend_Session::namespaceIsset('login')){
Zend_Session::namespaceUnset('login');
}
//Check CGU
if ( $request->getControllerName()!='aide'
&& $request->getActionName()!='cgu'
&& $request->getControllerName()!='user'
&& $request->getActionName()!='logout') {
if ( empty($identity->acceptationCGU)
|| $identity->acceptationCGU=='0000-00-00 00:00:00' ) {
$request->setModuleName('default')
->setControllerName('aide')
->setActionName('cgu');
}
}
//Temps de connexion dépassé
} elseif ( $auth->hasIdentity() && time() > $auth->getIdentity()->time ) {
2012-08-23 20:19:14 +00:00
$auth->clearIdentity();
2012-08-23 08:04:46 +00:00
$storage = $auth->getStorage();
Zend_Session::namespaceUnset($storage->getNamespace());
if (!$request->isXmlHttpRequest()) {
$session = new Zend_Session_Namespace('login');
$session->url = $_SERVER['REQUEST_URI'];
}
2012-09-04 07:24:28 +00:00
if ( $request->getControllerName()=='index' && $request->getActionName()=='index' ) {
$request->setModuleName('default')
->setControllerName('user')
->setActionName('login');
} else {
$request->setModuleName('default')
->setControllerName('user')
->setActionName('logout')
->setParam('ajax', $request->isXmlHttpRequest());
2012-09-04 07:24:28 +00:00
}
//Pas Authentifié
2011-09-07 12:54:43 +00:00
} else {
2013-05-23 13:42:00 +00:00
if ($request->isXmlHttpRequest()) {
$request->setModuleName('default')
2013-05-23 13:42:00 +00:00
->setControllerName('user')
->setActionName('logout')
->setParam('ajax', 1);
} else {
2013-05-23 13:42:00 +00:00
$session = new Zend_Session_Namespace('login');
$session->url = $_SERVER['REQUEST_URI'];
$request->setModuleName('default')
2013-05-23 13:42:00 +00:00
->setControllerName('user')
->setActionName('login');
}
2011-09-07 12:54:43 +00:00
}
2011-01-11 08:43:13 +00:00
}
}
2011-01-11 08:43:13 +00:00
}
}