// ---------------- authentication / passwords and keys stuff ----------------
function isAuth()
{
+
+ @session_start();
+
+
$db = $this->getDatabaseConnection();
// we combine db + project names,
// otherwise if projects use different 'auth' objects
$sesPrefix = $ff->appNameShort .'-' .get_class($this) .'-'.$db->dsn['database'] ;
- @session_start();
if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
// in session...
$a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
- $u = DB_DataObject::factory('Person');
+
+ $u = DB_DataObject::factory($this->tableName());
if ($a->id && $u->get($a->id)) { //&& strlen($u->passwd)) {
return $u->verifyAuth();
-
- return true;
+
}
unset($_SESSION[get_class($this)][$sesPrefix .'-auth']);
$ff= HTML_FlexyFramework::get();
$sesPrefix = $ff->appNameShort .'-' .get_class($this) .'-'.$db->dsn['database'] ;
- //var_dump(array(get_class($this),$sesPrefix .'-auth'));
-
+ //var_dump(array(get_class($this),$sesPrefix .'-auth'));
+
if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
$a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
- $u = DB_DataObject::factory($this->getTableName()); // allow extending this ...
- if ($u->get($a->id)) { /// && strlen($u->passwd)) {
+
+ $u = DB_DataObject::factory($this->tableName()); // allow extending this ...
+ $u->autoJoin();
+ if ($u->get($a->id)) { /// && strlen($u->passwd)) { // should work out the pid .. really..
return clone($u);
}
unset($_SESSION[get_class($this)][$sesPrefix .'-auth']);
$ff= HTML_FlexyFramework::get();
$sesPrefix = $ff->appNameShort .'-' .get_class($this) .'-'.$db->dsn['database'] ;
- //@session_start();
+
+ // we should not store the whole data in the session - otherwise it get's huge.
+ $p = DB_DAtaObject::Factory($this->tableName());
+ $p->get($this->pid());
+
//var_dump(array(get_class($this),$sesPrefix .'-auth'));
- $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize($this);
+ $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object)$p->toArray());
+ // ensure it's written so that ajax calls can fetch it..
+
- print_r($_SESSION);
}
function logout()
$db = $this->getDatabaseConnection();
$ff= HTML_FlexyFramework::get();
$sesPrefix = $ff->appNameShort .'-' .get_class($this) .'-'.$db->dsn['database'] ;
- @session_start();
- $_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
-
+ $_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
+
}
function genPassKey ($t)
{
{
if (substr($this->passwd,0,1) == '$') {
+
return crypt($val,$this->passwd) == $this->passwd ;
}
// old style md5 passwords...- cant be used with courier....
return md5($val) == $this->passwd;
}
+
function setPassword($value)
{
$salt='';