public static $session
Session object for storing session IDs and expiry times,
when multi_login
is enabled.
public $_extended_field = 'userdata'
Tell the ExtendedModel which field should contain the extended properties.
public static generate_pass ($length = 8)
Takes a length and returns a random string of characters of that length for use in passwords. String may contain any number, lower or uppercase letters, or common symbols.
public static init_session ($name = false, $duration = false, $path = '/', $domain = false, $secure = false, $httponly = true)
Initializes the PHP session with the right settings and save handler.
public static verifier ($user, $pass)
Verifies a username/password combo against the database. Username is matched to the email field. If things check out, a session_id is generated and initialized in the database and for the user. Also creates the global $user object as well, since we have the data (no sense requesting it twice).
public static method ($callback)
A custom handler for simple_auth()
. Note: Calls session_start()
for you, and creates the global $user
object if a session is
valid, since we have the data already.
public static require_login ()
Simplifies authorization down to:
<?php
if (! User::require_login ()) {
// unauthorized
}
?>
public static require_verification ()
Alternative to require_login()
that also checks that their
account has been verified via email.
public static require_admin ()
Alias of require_acl('admin')
. Simplifies authorization
for general admin access down to:
<?php
if (! User::require_admin ()) {
// unauthorized
}
?>
public static require_acl ($resource)
Determine whether the current user is allowed to access a given resource.
public static access ($access)
Alias of require_acl('content/' . $access)
, prepending the
content/
string to the resource name before comparing it.
Where User::require_acl('resource')
is good for validating
access to any resource type, User::access('member')
is used
for content access levels.
Can also be called via User::access()
and it will return an
array of the access values which the current user may access,
for example:
array ('public' => 'Public', 'member' => 'Member')
public static access_list ()
Returns the list of access levels for content. This is a list
of resources that begin with content/
e.g., content/private
,
with keys as the resource and values as a display name for that
resource:
array (
'public' => 'Public',
'member' => 'Member',
'private' => 'Private'
)
Note: Public is hard-coded, since there's no need to verify access to public resources, but you still need an access level to specify it.
This is the default user authentication source for Elefant. Provides the basic
User::require_login()
andUser::require_admin()
methods, as well asUser::is_valid()
andUser::logout()
. If a user is logged in, the first call to any validation method will initialize the$user
property to contain the static User object.Note that this class extends ExtendedModel, so all of the ExtendedModel and Model methods are available for querying the user list, and for user management, as well.
Fields:
Basic usage of additional methods: