nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-03-31 11:00:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
davical/docs/api/davical/HTTPAuthSession/HTTPAuthSession.html
Andrew McMillan bb8bf75e8f Release 0.9.9.7
2011-10-24 20:27:43 +13:00

516 lines
18 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- template designed by Marco Von Ballmoos -->
<title>Docs For Class HTTPAuthSession</title>
<link rel="stylesheet" href="../../media/stylesheet.css" />
<meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'/>
</head>
<body>
<div class="page-body">
<h2 class="class-name"><img src="../../media/images/Class_logo.png"
alt=" Class"
title=" Class"
style="vertical-align: middle"> HTTPAuthSession</h2>
<a name="sec-description"></a>
<div class="info-box">
<div class="info-box-title">Description</div>
<div class="nav-bar">
<span class="disabled">Description</span> |
<a href="#sec-var-summary">Vars</a> (<a href="#sec-vars">details</a>)
| <a href="#sec-method-summary">Methods</a> (<a href="#sec-methods">details</a>)
</div>
<div class="info-box-body">
<!-- ========== Info from phpDoc block ========= -->
<p class="short-description">A Class for handling a session using HTTP Basic Authentication</p>
<p class="notes">
Located in <a class="field" href="_inc---HTTPAuthSession.php.html">/inc/HTTPAuthSession.php</a> (line <span class="field">17</span>)
</p>
<pre></pre>
</div>
</div>
<a name="sec-var-summary"></a>
<div class="info-box">
<div class="info-box-title">Variable Summary</span></div>
<div class="nav-bar">
<a href="#sec-description">Description</a> |
<span class="disabled">Vars</span> (<a href="#sec-vars">details</a>)
|
<a href="#sec-method-summary">Methods</a> (<a href="#sec-methods">details</a>)
</div>
<div class="info-box-body">
<div class="var-summary">
<div class="var-title">
<img src="../../media/images/Variable.png" alt=" " />
<span class="var-type">email</span>
<a href="#$email" title="details" class="var-name">$email</a>
</div>
<div class="var-title">
<img src="../../media/images/Variable.png" alt=" " />
<span class="var-type">fullname</span>
<a href="#$fullname" title="details" class="var-name">$fullname</a>
</div>
<div class="var-title">
<img src="../../media/images/Variable.png" alt=" " />
<span class="var-type">groups</span>
<a href="#$groups" title="details" class="var-name">$groups</a>
</div>
<div class="var-title">
<img src="../../media/images/Variable.png" alt=" " />
<span class="var-type">user_no</span>
<a href="#$user_no" title="details" class="var-name">$user_no</a>
</div>
</div>
</div>
</div>
<a name="sec-method-summary"></a>
<div class="info-box">
<div class="info-box-title">Method Summary</span></div>
<div class="nav-bar">
<a href="#sec-description">Description</a> |
<a href="#sec-var-summary">Vars</a> (<a href="#sec-vars">details</a>)
|
<span class="disabled">Methods</span> (<a href="#sec-methods">details</a>)
</div>
<div class="info-box-body">
<div class="method-summary">
<div class="method-definition">
<img src="../../media/images/Constructor.png" alt=" "/>
<span class="method-result">HTTPAuthSession</span>
<a href="#HTTPAuthSession" title="details" class="method-name">HTTPAuthSession</a>
()
</div>
<div class="method-definition">
<img src="../../media/images/Method.png" alt=" "/>
<span class="method-result">boolean</span>
<a href="#AllowedTo" title="details" class="method-name">AllowedTo</a>
(<span class="var-type">string</span>&nbsp;<span class="var-name">$whatever</span>)
</div>
<div class="method-definition">
<img src="../../media/images/Method.png" alt=" "/>
<span class="method-result">void</span>
<a href="#AssignSessionDetails" title="details" class="method-name">AssignSessionDetails</a>
(<span class="var-type"></span>&nbsp;<span class="var-name">$principal</span>, <span class="var-type">object</span>&nbsp;<span class="var-name">$u</span>)
</div>
<div class="method-definition">
<img src="../../media/images/Method.png" alt=" "/>
<span class="method-result">void</span>
<a href="#AuthFailedResponse" title="details" class="method-name">AuthFailedResponse</a>
([<span class="var-type">string</span>&nbsp;<span class="var-name">$auth_header</span> = <span class="var-default">&quot;&quot;</span>])
</div>
<div class="method-definition">
<img src="../../media/images/Method.png" alt=" "/>
<span class="method-result">void</span>
<a href="#BasicAuthSession" title="details" class="method-name">BasicAuthSession</a>
()
</div>
<div class="method-definition">
<img src="../../media/images/Method.png" alt=" "/>
<span class="method-result">void</span>
<a href="#CheckPassword" title="details" class="method-name">CheckPassword</a>
(<span class="var-type"></span>&nbsp;<span class="var-name">$username</span>, <span class="var-type"></span>&nbsp;<span class="var-name">$password</span>)
</div>
<div class="method-definition">
<img src="../../media/images/Method.png" alt=" "/>
<span class="method-result">void</span>
<a href="#DigestAuthSession" title="details" class="method-name">DigestAuthSession</a>
()
</div>
<div class="method-definition">
<img src="../../media/images/Method.png" alt=" "/>
<span class="method-result">void</span>
<a href="#GetRoles" title="details" class="method-name">GetRoles</a>
()
</div>
<div class="method-definition">
<img src="../../media/images/Method.png" alt=" "/>
<span class="method-result">void</span>
<a href="#ParseDigestHeader" title="details" class="method-name">ParseDigestHeader</a>
(<span class="var-type"></span>&nbsp;<span class="var-name">$auth_header</span>)
</div>
</div>
</div>
</div>
<a name="sec-vars"></a>
<div class="info-box">
<div class="info-box-title">Variables</div>
<div class="nav-bar">
<a href="#sec-description">Description</a> |
<a href="#sec-var-summary">Vars</a> (<span class="disabled">details</span>)
|
<a href="#sec-method-summary">Methods</a> (<a href="#sec-methods">details</a>)
</div>
<div class="info-box-body">
<a name="var$email" id="$email"><!-- --></A>
<div class="evenrow">
<div class="var-header">
<img src="../../media/images/Variable.png" />
<span class="var-title">
<span class="var-type">email</span>
<span class="var-name">$email</span>
(line <span class="line-number">32</span>)
</span>
</div>
<!-- ========== Info from phpDoc block ========= -->
<p class="short-description">User e-mail</p>
<ul class="tags">
<li><span class="field">var:</span> string</li>
<li><span class="field">access:</span> public</li>
</ul>
</div>
<a name="var$fullname" id="$fullname"><!-- --></A>
<div class="oddrow">
<div class="var-header">
<img src="../../media/images/Variable.png" />
<span class="var-title">
<span class="var-type">fullname</span>
<span class="var-name">$fullname</span>
(line <span class="line-number">38</span>)
</span>
</div>
<!-- ========== Info from phpDoc block ========= -->
<p class="short-description">User full name</p>
<ul class="tags">
<li><span class="field">var:</span> string</li>
<li><span class="field">access:</span> public</li>
</ul>
</div>
<a name="var$groups" id="$groups"><!-- --></A>
<div class="evenrow">
<div class="var-header">
<img src="../../media/images/Variable.png" />
<span class="var-title">
<span class="var-type">groups</span>
<span class="var-name">$groups</span>
(line <span class="line-number">44</span>)
</span>
</div>
<!-- ========== Info from phpDoc block ========= -->
<p class="short-description">Group rights</p>
<ul class="tags">
<li><span class="field">var:</span> array</li>
<li><span class="field">access:</span> public</li>
</ul>
</div>
<a name="var$user_no" id="$user_no"><!-- --></A>
<div class="oddrow">
<div class="var-header">
<img src="../../media/images/Variable.png" />
<span class="var-title">
<span class="var-type">user_no</span>
<span class="var-name">$user_no</span>
(line <span class="line-number">26</span>)
</span>
</div>
<!-- ========== Info from phpDoc block ========= -->
<p class="short-description">User ID number</p>
<ul class="tags">
<li><span class="field">var:</span> int</li>
<li><span class="field">access:</span> public</li>
</ul>
</div>
</div>
</div>
<a name="sec-methods"></a>
<div class="info-box">
<div class="info-box-title">Methods</div>
<div class="nav-bar">
<a href="#sec-description">Description</a> |
<a href="#sec-var-summary">Vars</a> (<a href="#sec-vars">details</a>)
<a href="#sec-method-summary">Methods</a> (<span class="disabled">details</span>)
</div>
<div class="info-box-body">
<A NAME='method_detail'></A>
<a name="methodHTTPAuthSession" id="HTTPAuthSession"><!-- --></a>
<div class="evenrow">
<div class="method-header">
<img src="../../media/images/Constructor.png" />
<span class="method-title">Constructor HTTPAuthSession</span> (line <span class="line-number">50</span>)
</div>
<!-- ========== Info from phpDoc block ========= -->
<p class="short-description">The constructor, which just calls the type supplied or configured</p>
<div class="method-signature">
<span class="method-result">HTTPAuthSession</span>
<span class="method-name">
HTTPAuthSession
</span>
()
</div>
</div>
<a name="methodAllowedTo" id="AllowedTo"><!-- --></a>
<div class="oddrow">
<div class="method-header">
<img src="../../media/images/Method.png" />
<span class="method-title">AllowedTo</span> (line <span class="line-number">318</span>)
</div>
<!-- ========== Info from phpDoc block ========= -->
<p class="short-description">Checks whether a user is allowed to do something.</p>
<p class="description"><p>The check is performed to see if the user has that role.</p></p>
<ul class="tags">
<li><span class="field">return:</span> Whether or not the user has the specified role.</li>
</ul>
<div class="method-signature">
<span class="method-result">boolean</span>
<span class="method-name">
AllowedTo
</span>
(<span class="var-type">string</span>&nbsp;<span class="var-name">$whatever</span>)
</div>
<ul class="parameters">
<li>
<span class="var-type">string</span>
<span class="var-name">$whatever</span><span class="var-description">: The role we want to know if the user has.</span> </li>
</ul>
</div>
<a name="methodAssignSessionDetails" id="AssignSessionDetails"><!-- --></a>
<div class="evenrow">
<div class="method-header">
<img src="../../media/images/Method.png" />
<span class="method-title">AssignSessionDetails</span> (line <span class="line-number">342</span>)
</div>
<!-- ========== Info from phpDoc block ========= -->
<p class="short-description">Internal function used to assign the session details to a user's new session.</p>
<div class="method-signature">
<span class="method-result">void</span>
<span class="method-name">
AssignSessionDetails
</span>
(<span class="var-type"></span>&nbsp;<span class="var-name">$principal</span>, <span class="var-type">object</span>&nbsp;<span class="var-name">$u</span>)
</div>
<ul class="parameters">
<li>
<span class="var-type">object</span>
<span class="var-name">$u</span><span class="var-description">: The user+session object we (probably) read from the database.</span> </li>
<li>
<span class="var-type"></span>
<span class="var-name">$principal</span> </li>
</ul>
</div>
<a name="methodAuthFailedResponse" id="AuthFailedResponse"><!-- --></a>
<div class="oddrow">
<div class="method-header">
<img src="../../media/images/Method.png" />
<span class="method-title">AuthFailedResponse</span> (line <span class="line-number">72</span>)
</div>
<!-- ========== Info from phpDoc block ========= -->
<p class="short-description">Authorisation failed, so we send some headers to say so.</p>
<div class="method-signature">
<span class="method-result">void</span>
<span class="method-name">
AuthFailedResponse
</span>
([<span class="var-type">string</span>&nbsp;<span class="var-name">$auth_header</span> = <span class="var-default">&quot;&quot;</span>])
</div>
<ul class="parameters">
<li>
<span class="var-type">string</span>
<span class="var-name">$auth_header</span><span class="var-description">: The WWW-Authenticate header details.</span> </li>
</ul>
</div>
<a name="methodBasicAuthSession" id="BasicAuthSession"><!-- --></a>
<div class="evenrow">
<div class="method-header">
<img src="../../media/images/Method.png" />
<span class="method-title">BasicAuthSession</span> (line <span class="line-number">98</span>)
</div>
<!-- ========== Info from phpDoc block ========= -->
<p class="short-description">Handle Basic HTTP Authentication (not secure unless https)</p>
<div class="method-signature">
<span class="method-result">void</span>
<span class="method-name">
BasicAuthSession
</span>
()
</div>
</div>
<a name="methodCheckPassword" id="CheckPassword"><!-- --></a>
<div class="oddrow">
<div class="method-header">
<img src="../../media/images/Method.png" />
<span class="method-title">CheckPassword</span> (line <span class="line-number">273</span>)
</div>
<!-- ========== Info from phpDoc block ========= -->
<p class="short-description">CheckPassword does all of the password checking and returns a user record object, or false if it all ends in tears.</p>
<div class="method-signature">
<span class="method-result">void</span>
<span class="method-name">
CheckPassword
</span>
(<span class="var-type"></span>&nbsp;<span class="var-name">$username</span>, <span class="var-type"></span>&nbsp;<span class="var-name">$password</span>)
</div>
<ul class="parameters">
<li>
<span class="var-type"></span>
<span class="var-name">$username</span> </li>
<li>
<span class="var-type"></span>
<span class="var-name">$password</span> </li>
</ul>
</div>
<a name="methodDigestAuthSession" id="DigestAuthSession"><!-- --></a>
<div class="evenrow">
<div class="method-header">
<img src="../../media/images/Method.png" />
<span class="method-title">DigestAuthSession</span> (line <span class="line-number">178</span>)
</div>
<!-- ========== Info from phpDoc block ========= -->
<p class="short-description">Handle Digest HTTP Authentication (no passwords were harmed in this transaction!)</p>
<p class="description"><p>Note that this will not actually work, unless we can either: (A) store the password plain text in the database (B) store an md5( username || realm || password ) in the database</p><p>The problem is that potentially means that the administrator can collect the sorts of things people use as passwords. I believe this is quite a bad idea. In scenario (B) while they cannot see the password itself, they can see a hash which only varies when the password varies, so can see when two users have the same password, or can use some of the reverse lookup sites to attempt to reverse the hash. I think this is a less bad idea, but not ideal. Probably better than running Basic auth of HTTP though!</p></p>
<div class="method-signature">
<span class="method-result">void</span>
<span class="method-name">
DigestAuthSession
</span>
()
</div>
</div>
<a name="methodGetRoles" id="GetRoles"><!-- --></a>
<div class="oddrow">
<div class="method-header">
<img src="../../media/images/Method.png" />
<span class="method-title">GetRoles</span> (line <span class="line-number">326</span>)
</div>
<!-- ========== Info from phpDoc block ========= -->
<p class="short-description">Internal function used to get the user's roles from the database.</p>
<div class="method-signature">
<span class="method-result">void</span>
<span class="method-name">
GetRoles
</span>
()
</div>
</div>
<a name="methodParseDigestHeader" id="ParseDigestHeader"><!-- --></a>
<div class="evenrow">
<div class="method-header">
<img src="../../media/images/Method.png" />
<span class="method-title">ParseDigestHeader</span> (line <span class="line-number">240</span>)
</div>
<!-- ========== Info from phpDoc block ========= -->
<p class="short-description">Parse the HTTP Digest Auth Header</p>
<p class="description"><p><ul><li>largely sourced from the PHP documentation</li></ul></p></p>
<div class="method-signature">
<span class="method-result">void</span>
<span class="method-name">
ParseDigestHeader
</span>
(<span class="var-type"></span>&nbsp;<span class="var-name">$auth_header</span>)
</div>
<ul class="parameters">
<li>
<span class="var-type"></span>
<span class="var-name">$auth_header</span> </li>
</ul>
</div>
</div>
</div>
<p class="notes" id="credit">
Documentation generated on Mon, 24 Oct 2011 20:09:28 +1300 by <a href="http://www.phpdoc.org" target="_blank">phpDocumentor 1.4.3</a>
</p>
</div></body>
</html>
Reference in New Issue View Git Blame Copy Permalink