contributions/usermanagement/start.inc.php
Go to the documentation of this file.00001 <?php 00002 /** 00003 * @defgroup Usermanagement 00004 * 00005 * A complete role based user management implementation 00006 * 00007 * @section Usage Usage 00008 * 00009 * After enabling user management, check if the UserController is correctly installed at 00010 * /app/controllers/user.controller.php. If not, create your own, and derive it from 00011 * UserBaseController. You can disable or enable features like user registration, login, 00012 * mail on password loss etc. by overloading the function get_features_policy(). 00013 * 00014 * The user management is roled based, whereas roles can be defined in table userroles. By default 00015 * three roles are set: "Admin", "Editor", and "User". There also is a System user role, which however 00016 * should not be assignable to users, so it is not stored in userroles table. 00017 * 00018 * Users can have more than one role. They will always have at least one, though. This role is by default 00019 * "User", you may change it by redefining APP_USER_DEFAULT_ROLE. 00020 * 00021 * @section Routing Routing and Caching 00022 * 00023 * Use AccessRenderDecorator to allow access to a route only for logged in users or users with given roles. 00024 * See UserBaseController for some examples. 00025 * 00026 * The AnonymousCacheManager should be used as default cache. It will disable cache for logged in users. 00027 * Change /app/ww/index.php and replace creating the PageData instance with this code: 00028 * 00029 * @code 00030 * $cache_manager = new AnonymousCacheManager(); 00031 * $page_data = new PageData($cache_manager, $_GET, $_POST); 00032 * @endcode 00033 * 00034 * @attention 00035 * It is a common pitfall to forget this! Your users' data may become public if you do! 00036 * 00037 * @section Views Views 00038 * 00039 * If user management is enabled, all views are extended by two variables: 00040 * 00041 * - $current_user: The current user (DAOUsers) or false, if no user is logged in 00042 * - $is_logged_in: True if user is logged in, false otherwise 00043 * 00044 * @section Hashing Pasword Hashing 00045 * 00046 * The usermanagement offers several different password hashing methods. See ConfigUsermanagement 00047 * for details. Default is "md5". This choice has been made for compatability reasons. Most likely, 00048 * though, salted md5 (portable phpass) will become the default in the near future, since this is 00049 * usually regarded more safe. 00050 * 00051 * You may however want to enable salted md5 right away. Do so by defining APP_USER_HASH_TYPE: 00052 * 00053 * @code 00054 * define('APP_USER_HASH_TYPE', 'pas2p'); 00055 * @endcode 00056 * 00057 * The system will automatically update the password hash on login, if a user's hash type differs from 00058 * the default one. This makes it safe to change the hash type at any time. 00059 * 00060 * @section Update Update from 0.5 to 0.5.1 or later 00061 * 00062 * With 0.5.1 release a "hash_type" field has been added to users table, along with some changes 00063 * regarding DB consistency. If you do not use Systemupdate module, please run the SQL in 00064 * [module]/install/updates/0001_hash_type.sql manually. 00065 * 00066 * Additionally, some changes have been made to the config options. Namely 00067 * 00068 * - Usermanagement config moved to Config class 00069 * - Names of configuration defines have been unified: 00070 * - USER_DEFAULT_ROLE => APP_USER_DEFAULT_ROLE 00071 * - APP_DEFAULT_PAGE_USER => APP_USER_APP_DEFAULT_PAGE 00072 * - APP_DEFAULT_PAGE_ADMIN => has been removed 00073 * 00074 * If you are not sure, if this has consequences for your code, set APP_VERSION_MAX to 0.5: 00075 * 00076 * @code 00077 * define('APP_VERSION_MAX', 0.5); 00078 * @endcode 00079 * 00080 * This will enable a compatibility layer. In most cases, however, transition should be smooth, since 00081 * default values usually don't get modified. 00082 */ 00083 00084 /** 00085 * Usermanagement config options 00086 * 00087 * @since 0.5.1 00088 * 00089 * Every option can be set through the according APP_ constant, e.g. 00090 * to define default role, use constant APP_USER_DEFAULT_ROLE. 00091 * 00092 * @author Gerd Riesselmann 00093 * @ingroup Usermanagement 00094 */ 00095 class ConfigUsermanagement { 00096 /** 00097 * Default role of newly registerd user. Default is "user" 00098 */ 00099 const DEFAULT_ROLE = 'USER_DEFAULT_ROLE'; 00100 const USER_DEFAULT_ROLE = 'USER_DEFAULT_ROLE'; 00101 00102 /** 00103 * The default URL for users logged in 00104 */ 00105 const DEFAULT_PAGE = 'USER_DEFAULT_PAGE'; 00106 const USER_DEFAULT_PAGE = 'USER_DEFAULT_PAGE'; 00107 00108 /** 00109 * Defines how routing should act if an anonymous user hits a page that requires login 00110 * 00111 * Allowed are: 00112 * 00113 * - DENY: (default) Just show a 403 page and message 00114 * - REDIRECT_LOGIN: Redirect to login page 00115 * 00116 * @deprecated Use AccessDeniedRedirectRenderDecorator instead 00117 */ 00118 const BEHAVIOUR_403 = 'USER_403_BEHAVIOUR'; 00119 const USER_403_BEHAVIOUR = 'USER_403_BEHAVIOUR'; 00120 00121 /** 00122 * Defines the hash algorithm to encyrpt the user's password. 00123 * 00124 * @since 0.5.1 00125 * 00126 * Possible values are: 00127 * 00128 * - md5: The MD5 hash 00129 * - sha1: The SHA1 hash 00130 * - pas2f: phpass 0.2 in full mode 00131 * - pas2p: phpass 0.2 in portable mode. This is a kind of salted md5. 00132 * - pas3f: phpass 0.3 in full mode 00133 * - pas3p: phpass 0.3 in portable mode. This is a kind of salted md5. (Default) 00134 * 00135 * @see http://www.openwall.com/phpass/ 00136 * 00137 * Modules or applications may add more algorithms 00138 * 00139 * Regarding the two phppass modes, the full mode may lead to different results based on your system's 00140 * configuration. It should only be used if either PHP 5.3 or the Suhosin Patch is installed. Moving from 00141 * a PHP 5.2/Non Suhosin to a PHP 5.3 or PHP 5.2/Suhosin system (or vice versa) may turn your user's 00142 * passwords unverifyable. 00143 * 00144 * Full mode is generally safer, though. 00145 */ 00146 const HASH_TYPE = 'USER_HASH_TYPE'; 00147 const USER_HASH_TYPE = 'USER_HASH_TYPE'; 00148 00149 /** 00150 * Time in days a permantent login is valid. Default is 14. 00151 * 00152 * @since 0.5.1 00153 */ 00154 const PERMANENT_LOGIN_DURATION = 'USER_PERMANENT_LOGIN_DURATION'; 00155 00156 /** 00157 * CacheHeaderManager policy for logged in users. 00158 * 00159 * Class name without CacheHeaderManager, e.g. NoCache for NoCacheCacheHeaderManager 00160 */ 00161 const CACHEHEADER_CLASS_LOGGEDIN = 'USER_CACHEHEADER_CLASS_LOGGEDIN'; 00162 00163 00164 /** 00165 * Current version of TOS. Only integer values allowed. 00166 * 00167 * 0 means there are no TOS, and this is the default 00168 */ 00169 const TOS_VERSION = 'USER_TOS_VERSION'; 00170 00171 /** 00172 * User receives Mail when user status changes 00173 * Standard is true 00174 */ 00175 const MAIL_STATUSCHANGE = 'USER_MAIL_STATUSCHANGE'; 00176 00177 /** 00178 * Enable Passwordcheck when changing e-mail. Defaults to true 00179 */ 00180 const ENABLE_PWD_ON_EMAILCHANGE = 'USER_ENABLE_PWD_ON_EMAILCHANGE'; 00181 } 00182 00183 00184 if (!defined('USER_ROLE_USER')) define('USER_ROLE_USER', 'user'); 00185 if (!defined('USER_ROLE_EDITOR')) define('USER_ROLE_EDITOR', 'editor'); 00186 if (!defined('USER_ROLE_ADMIN')) define('USER_ROLE_ADMIN', 'admin'); 00187 if (!defined('USER_ROLE_SYSTEM')) define('USER_ROLE_SYSTEM', 'system'); 00188 00189 00190 if (Config::get_value(Config::VERSION_MAX) < 0.6) { 00191 // Allow old constants. 00192 if (!defined('APP_USER_DEFAULT_ROLE')) { 00193 define('APP_USER_DEFAULT_ROLE', Common::constant('USER_DEFAULT_ROLE', USER_ROLE_USER)); 00194 } 00195 if (!defined('APP_USER_DEFAULT_PAGE')) { 00196 define('APP_USER_DEFAULT_PAGE', Common::constant('APP_DEFAULT_PAGE_USER', Config::get_url(Config::URL_BASEURL_SAFE) . 'user')); 00197 } 00198 if (!defined('APP_USER_403_BEHAVIOUR')) define('APP_USER_403_BEHAVIOUR', 'DENY'); 00199 if (!defined('USER_DEFAULT_ROLE')) define('USER_DEFAULT_ROLE', APP_USER_DEFAULT_ROLE); 00200 if (!defined('APP_DEFAULT_PAGE_USER')) define('APP_DEFAULT_PAGE_USER', APP_USER_DEFAULT_PAGE); 00201 if (!defined('APP_DEFAULT_PAGE_ADMIN')) define('APP_DEFAULT_PAGE_ADMIN', APP_USER_DEFAULT_PAGE); 00202 } 00203 00204 Config::set_value_from_constant(ConfigUsermanagement::DEFAULT_PAGE, 'APP_USER_DEFAULT_PAGE', Config::get_url(Config::URL_BASEURL_SAFE) . 'user'); 00205 Config::set_value_from_constant(ConfigUsermanagement::DEFAULT_ROLE, 'APP_USER_DEFAULT_ROLE', USER_ROLE_USER); 00206 Config::set_value_from_constant(ConfigUsermanagement::BEHAVIOUR_403, 'APP_USER_403_BEHAVIOUR', 'DENY'); 00207 Config::set_value_from_constant(ConfigUsermanagement::HASH_TYPE, 'APP_USER_HASH_TYPE', 'pas3p'); 00208 Config::set_value_from_constant(ConfigUsermanagement::PERMANENT_LOGIN_DURATION, 'APP_USER_PERMANENT_LOGIN_DURATION', 14); 00209 Config::set_value_from_constant(ConfigUsermanagement::TOS_VERSION, 'APP_USER_TOS_VERSION', 0); 00210 Config::set_value_from_constant(ConfigUsermanagement::CACHEHEADER_CLASS_LOGGEDIN, 'APP_USER_CACHEHEADER_CLASS_LOGGEDIN', 'PrivateRigidEtagOnly'); 00211 Config::set_feature_from_constant(ConfigUsermanagement::MAIL_STATUSCHANGE, 'APP_USER_MAIL_STATUSCHANGE', true); 00212 Config::set_feature_from_constant(ConfigUsermanagement::ENABLE_PWD_ON_EMAILCHANGE, 'APP_USER_ENABLE_PWD_ON_EMAILCHANGE', true); 00213 00214 // We add new variables to each view... 00215 require_once (dirname(__FILE__)) . '/view/users.vieweventsink.cls.php'; 00216 EventSource::Instance()->register(new UsersViewEventSink()); 00217 00218 Load::models('users'); 00219 Users::initialize();