phpPeanuts  2.2.0
phpPeanuts framework
 All Data Structures Namespaces Files Functions Variables
Public Member Functions | Data Fields
PntNoAuthenticator Class Reference

Public Member Functions

 __construct ($baseUrl, $tokenSalt)
 
 isAuthenticated ($request, $scout)
 
 authenticate ($username, $password)
 
 userHasCredential ($code)
 
 logOut ($exception=null)
 
 newToken ()
 
 newFootprintId ()
 
 getFootprintsLimit ()
 
 isValidFootprint ($footprintId)
 
 getVarSalt ()
 
 isEntryPage ($handler, $request)
 
 initHsalg ()
 
 getAndCreateNextActionTicket ($footprintId)
 
 isValidActionTicket ($ticket, $footprintId)
 
 removeOutdatedActionFootprints (&$footPrints)
 
sessionVar ($key)
 
 getActionTicketLifeTime ()
 
 getFootprintLifeTime ()
 

Data Fields

 $actionTicketLifeTime = 300
 
 $footprintLifeTime = 1800
 
 $footprintsLimit = 30
 
 $baseUrl
 
 $tokenSalt
 

Constructor & Destructor Documentation

__construct (   $baseUrl,
  $tokenSalt 
)

Member Function Documentation

authenticate (   $username,
  $password 
)

Authenticate the user. If authenticated, register the user session

Parameters
String$usernameThe username
String$passwordThe password
Returns
true if the user could be authenticated.
getActionTicketLifeTime ( )
getAndCreateNextActionTicket (   $footprintId)

To prevent Cross-site request forgery each form has a parameter pntActionTicket that will change each time the form is printed. It is generated here and stored in the session. When an action is invoked, the ticket is checked and removed from the session.

Parameters
string$footprintIdthe token of the page on which the form is situated
Returns
string the ticket value
getFootprintLifeTime ( )
getFootprintsLimit ( )
getVarSalt ( )
initHsalg ( )
isAuthenticated (   $request,
  $scout 
)
Returns
wheather the user is authenticated, or true if authentication is not required (default).
Parameters
PntHttpRequest$request
ScoutInterface$scoutsession has been started
isEntryPage (   $handler,
  $request 
)

To be overridden for LoginPage if used to be the only entry page, PntNoAuthenticator allows urls with no requestData

Parameters
PntRequestHandler$handler
PntHttpRequest$request
Returns
boolean whether $handler is an entry page that does not require a valid pntRef
isValidActionTicket (   $ticket,
  $footprintId 
)

To prevent Cross-site request forgery each form has a parameter pntActionTicket that will change each time the form is printed. It is stored in the session. When an action is invoked, the ticket is checked and removed. All other tickets printed on the page are also removed. Outdated tickets are removed.

Parameters
string$ticketthe ticket to be checked
string$footprintIdthe token of the page on which the form is situated
Returns
boolean wheather the ticket is valid for the page token
Exceptions
PntValidationExceptionif footprint exists but does not have the ticket
isValidFootprint (   $footprintId)
logOut (   $exception = null)

Log out the user. Default implementation is no authentication so logout is ignored

Parameters
Exception$exceptionif security threat, or null if normal logout
newFootprintId ( )
newToken ( )
Returns
string a new token
removeOutdatedActionFootprints ( $footPrints)
& sessionVar (   $key)
Returns
a reference to a session variable for this baseUrl
userHasCredential (   $code)

Default implementation allways returns true.

Parameters
string$codeCode that identifies the credential, or null if only a valid user is required
Returns
boolean Wheather the user has the specified credential

Field Documentation

$actionTicketLifeTime = 300
$baseUrl
$footprintLifeTime = 1800
$footprintsLimit = 30
$tokenSalt
The documentation for this class was generated from the following file:
Generated on Fri May 24 2013 11:25:13 for phpPeanuts by   doxygen 1.8.3.1