Flourish PHP Unframework

fAuthorization

Class Resources

Static Methods

Uses

static class, v1.0.0b6

Allows defining and checking user authentication via ACLs, authorization levels or a simple logged in/not logged in scheme

Changes:
1.0.0b6Fixed checkIP() to not trigger a notice when $_SERVER['REMOTE_ADDR'] is not set 5/10/11
1.0.0b5Added getLoginPage() 3/9/10
1.0.0b4Updated class to use new fSession API 10/23/09
1.0.0b3Updated class to use new fSession API 5/8/09
1.0.0b2Fixed a bug with using named IP ranges in checkIP() 1/10/09
1.0.0bThe initial implementation 6/14/07

Static Methods

::addNamedIPRange() public

Adds a named IP address or range, or array of addresses and/or ranges

This method allows checkIP() to be called with a name instead of the actual IPs.

Signature

void addNamedIPRange( string $name, mixed $ip_ranges )

Parameters

string $name The name to give the IP addresses/ranges
mixed $ip_ranges This can be string (or array of strings) of the IPs or IP ranges to restrict to - please see checkIP() for format details

::checkACL() public

Checks to see if the logged in user meets the requirements of the ACL specified

Signature

boolean checkACL( string $resource, string $permission )

Parameters

string $resource The resource we are checking permissions for
string $permission The permission to require from the user

Returns

If the user has the required permissions

::checkAuthLevel() public

Checks to see if the logged in user has the specified auth level

Signature

boolean checkAuthLevel( string $level )

Parameters

string $level The level to check against the logged in user's level

Returns

If the user has the required auth level

::checkIP() public

Checks to see if the user is from the IPs or IP ranges specified

The $ip_ranges parameter can be either a single string, or an array of strings, each of which should be in one of the following formats:

  • A single IP address:
    • 192.168.1.1
    • 208.77.188.166
  • A CIDR range
    • 192.168.1.0/24
    • 208.77.188.160/28
  • An IP/subnet mask combination
    • 192.168.1.0/255.255.255.0
    • 208.77.188.160/255.255.255.240

Signature

boolean checkIP( mixed $ip_ranges )

Parameters

mixed $ip_ranges A string (or array of strings) of the IPs or IP ranges to restrict to - see method description for details

Returns

If the user is coming from (one of) the IPs or ranges specified

::checkLoggedIn() public

Checks to see if the user has an auth level or ACLs defined

Signature

boolean checkLoggedIn( )

Returns

If the user is logged in

::destroyUserInfo() public

Destroys the user's auth level and/or ACLs

Signature

void destroyUserInfo( )

::getLoginPage() public

Returns the login page set via setLoginPage()

Signature

string getLoginPage( )

Returns

The login page users are redirected to if they don't have the required authorization

::getRequestedURL() public

Returns the URL requested before the user was redirected to the login page

Signature

string getRequestedURL( boolean $clear, string $default_url=NULL )

Parameters

boolean $clear If the requested url should be cleared from the session after it is retrieved
string $default_url The default URL to return if the user was not redirected

Returns

The URL that was requested before they were redirected to the login page

::getUserACLs() public

Gets the ACLs for the logged in user

Signature

array getUserACLs( )

Returns

The logged in user's ACLs

::getUserAuthLevel() public

Gets the authorization level for the logged in user

Signature

string getUserAuthLevel( )

Returns

The logged in user's auth level

::getUserToken() public

Gets the value that was set as the user token, NULL if no token has been set

Signature

mixed getUserToken( )

Returns

The user token that had been set, NULL if none

::requireACL() public

Redirect the user to the login page if they do not have the permissions required

Signature

void requireACL( string $resource, string $permission )

Parameters

string $resource The resource we are checking permissions for
string $permission The permission to require from the user

::requireAuthLevel() public

Redirect the user to the login page if they do not have the auth level required

Signature

void requireAuthLevel( string $level )

Parameters

string $level The level to check against the logged in user's level

::requireLoggedIn() public

Redirect the user to the login page if they do not have an auth level or ACLs

Signature

void requireLoggedIn( )

::reset() internal public

Please note: this method is public, however it is primarily intended for internal use by Flourish and will normally not be useful in site/application code

Resets the configuration of the class

Signature

void reset( )

::setAuthLevels() public

Sets the authorization levels to use for level checking

Signature

void setAuthLevels( array $levels )

Parameters

array $levels An associative array of (string) {level} => (integer) {value}, for each level

::setLoginPage() public

Sets the login page to redirect users to

Signature

void setLoginPage( string $url )

Parameters

string $url The URL of the login page

::setRequestedURL() public

Sets the restricted URL requested by the user

Signature

void setRequestedURL( string $url )

Parameters

string $url The URL to save as the requested URL

::setUserACLs() public

Sets the ACLs for the logged in user.

Array should be formatted like:

array (
    (string) {resource name} => array(
        (mixed) {permission}, ...
    ), ...
)

The resource name or the permission may be the single character '*' which acts as a wildcard.

Signature

void setUserACLs( array $acls )

Parameters

array $acls The logged in user's ACLs - see method description for format

::setUserAuthLevel() public

Sets the authorization level for the logged in user

Signature

void setUserAuthLevel( string $level )

Parameters

string $level The logged in user's auth level

::setUserToken() public

Sets some piece of information to use to identify the current user

Signature

void setUserToken( mixed $token )

Parameters

mixed $token The user's token. This could be a user id, an email address, a user object, etc.