PRADO Component Framework for PHP 5
  • Home
  • About
  • Testimonials
  • Demos
  • Download
  • Documentation
  • Forum
  • Development
  • Tutorials
  • Class Docs
  • API Manual
  • Wiki

Packages

  • None
  • System
    • Caching
    • Collections
    • Data
      • ActiveRecord
        • Relations
        • Scaffold
          • InputBuilder
      • Commom
        • Sqlite
      • Common
        • Mssql
        • Mysql
        • Oracle
        • Pgsql
        • Sqlite
      • DataGateway
      • SqlMap
        • Configuration
        • Statements
    • Exceptions
    • I18N
    • IO
    • Security
    • Util
    • Web
      • Javascripts
      • Services
      • UI
        • ActiveControls
        • WebControls
    • Xml
  • Wsat
    • pages
  • Overview
  • Package
  • Class
  • Tree
  • Deprecated
  • Todo

Class TAuthManager

TAuthManager class

TAuthManager performs user authentication and authorization for a Prado application. TAuthManager works together with a IUserManager module that can be specified via the setUserManager UserManager property. If an authorization fails, TAuthManager will try to redirect the client browser to a login page that is specified via the setLoginPage LoginPage. To login or logout a user, call TAuthManager::login() or TAuthManager::logout(), respectively.

The setAuthExpire AuthExpire property can be used to define the time in seconds after which the authentication should expire. setAllowAutoLogin AllowAutoLogin specifies if the login information should be stored in a cookie to perform automatic login. Enabling this feature will cause that setAuthExpire AuthExpire has no effect since the user will be logged in again on authentication expiration.

To load TAuthManager, configure it in application configuration as follows, <module id="auth" class="System.Security.TAuthManager" UserManager="users" LoginPage="login" /> <module id="users" class="System.Security.TUserManager" />

TComponent
Extended by TApplicationComponent
Extended by TModule implements IModule
Extended by TAuthManager
Package: System\Security
Copyright: Copyright © 2005-2014 PradoSoft
License: http://www.pradosoft.com/license/
Author: Qiang Xue <qiang.xue@gmail.com>
Since: 3.0
Located at Security/TAuthManager.php
Methods summary
public
# init( TXmlElement $config )

Initializes this module. This method is required by the IModule interface.

Initializes this module. This method is required by the IModule interface.

Parameters

$config
TXmlElement
configuration for this module, can be null

Throws

TConfigurationException
if user manager does not exist or is not IUserManager

Overrides

TModule::init()
public IUserManager
# getUserManager( )

Returns

IUserManager
user manager instance
public
# setUserManager( string|IUserManager $provider )

Parameters

$provider
string|IUserManager
the user manager module ID or the user manager object

Throws

TInvalidOperationException
if the module has been initialized or the user manager object is not IUserManager
public string
# getLoginPage( )

Returns

string
path of login page should login is required
public
# setLoginPage( string $pagePath )

Sets the login page that the client browser will be redirected to if login is needed. Login page should be specified in the format of page path.

Sets the login page that the client browser will be redirected to if login is needed. Login page should be specified in the format of page path.

Parameters

$pagePath
string
path of login page should login is required

See

TPageService
public
# doAuthentication( mixed $sender, mixed $param )

Performs authentication. This is the event handler attached to application's Authentication event. Do not call this method directly.

Performs authentication. This is the event handler attached to application's Authentication event. Do not call this method directly.

Parameters

$sender
mixed
sender of the Authentication event
$param
mixed
event parameter
public
# doAuthorization( mixed $sender, mixed $param )

Performs authorization. This is the event handler attached to application's Authorization event. Do not call this method directly.

Performs authorization. This is the event handler attached to application's Authorization event. Do not call this method directly.

Parameters

$sender
mixed
sender of the Authorization event
$param
mixed
event parameter
public
# leave( mixed $sender, mixed $param )

Performs login redirect if authorization fails. This is the event handler attached to application's EndRequest event. Do not call this method directly.

Performs login redirect if authorization fails. This is the event handler attached to application's EndRequest event. Do not call this method directly.

Parameters

$sender
mixed
sender of the event
$param
mixed
event parameter
public string
# getReturnUrlVarName( )

Returns

string
the name of the session variable storing return URL. It defaults to 'AppID:ReturnUrl'
public
# setReturnUrlVarName( string $value )

Parameters

$value
string
the name of the session variable storing return URL.
public string
# getReturnUrl( )

Returns

string
URL that the browser should be redirected to when login succeeds.
public
# setReturnUrl( string $value )

Sets the URL that the browser should be redirected to when login succeeds.

Sets the URL that the browser should be redirected to when login succeeds.

Parameters

$value
string
the URL to be redirected to.
public boolean
# getAllowAutoLogin( )

Returns

boolean
whether to allow remembering login so that the user logs on automatically next time. Defaults to false.

Since

3.1.1
public
# setAllowAutoLogin( boolean $value )

Parameters

$value
boolean
whether to allow remembering login so that the user logs on automatically next time. Users have to enable cookie to make use of this feature.

Since

3.1.1
public integer
# getAuthExpire( )

Returns

integer
authentication expiration time in seconds. Defaults to zero (no expiration).

Since

3.1.3
public
# setAuthExpire( integer $value )

Parameters

$value
integer
authentication expiration time in seconds. Defaults to zero (no expiration).

Since

3.1.3
public
# onAuthenticate( mixed $param )

Performs the real authentication work. An OnAuthenticate event will be raised if there is any handler attached to it. If the application already has a non-null user, it will return without further authentication. Otherwise, user information will be restored from session data.

Performs the real authentication work. An OnAuthenticate event will be raised if there is any handler attached to it. If the application already has a non-null user, it will return without further authentication. Otherwise, user information will be restored from session data.

Parameters

$param
mixed
parameter to be passed to OnAuthenticate event

Throws

TConfigurationException
if session module does not exist.
public
# onAuthExpire( mixed $param )

Performs user logout on authentication expiration. An 'OnAuthExpire' event will be raised if there is any handler attached to it.

Performs user logout on authentication expiration. An 'OnAuthExpire' event will be raised if there is any handler attached to it.

Parameters

$param
mixed
parameter to be passed to OnAuthExpire event.
public
# onAuthorize( mixed $param )

Performs the real authorization work. Authorization rules obtained from the application will be used to check if a user is allowed. If authorization fails, the response status code will be set as 401 and the application terminates.

Performs the real authorization work. Authorization rules obtained from the application will be used to check if a user is allowed. If authorization fails, the response status code will be set as 401 and the application terminates.

Parameters

$param
mixed
parameter to be passed to OnAuthorize event
public string
# getUserKey( )

Returns

string
a unique variable name for storing user session/cookie data

Since

3.1.1
protected string
# generateUserKey( )

Returns

string
a key used to store user information in session

Since

3.1.1
public
# updateSessionUser( IUser $user )

Updates the user data stored in session.

Updates the user data stored in session.

Parameters

$user
IUser
user object

Throws

new
TConfigurationException if session module is not loaded.
public boolean
# switchUser( string $username )

Switches to a new user. This method will logout the current user first and login with a new one (without password.)

Switches to a new user. This method will logout the current user first and login with a new one (without password.)

Parameters

$username
string
the new username

Returns

boolean
if the switch is successful
public boolean
# login( string $username, string $password, integer $expire = 0 )

Logs in a user with username and password. The username and password will be used to validate if login is successful. If yes, a user object will be created for the application.

Logs in a user with username and password. The username and password will be used to validate if login is successful. If yes, a user object will be created for the application.

Parameters

$username
string
username
$password
string
password
$expire
integer
number of seconds that automatic login will remain effective. If 0, it means user logs out when session ends. This parameter is added since 3.1.1.

Returns

boolean
if login is successful
public
# logout( )

Logs out a user. User session will be destroyed after this method is called.

Logs out a user. User session will be destroyed after this method is called.

Throws

TConfigurationException
if session module is not loaded.
Methods inherited from TModule
getID(), setID()
Methods inherited from TApplicationComponent
getApplication(), getRequest(), getResponse(), getService(), getSession(), getUser(), publishAsset(), publishFilePath()
Methods inherited from TComponent
__call(), __construct(), __destruct(), __get(), __isset(), __set(), __sleep(), __unset(), __wakeup(), addParsedObject(), asa(), attachBehavior(), attachBehaviors(), attachClassBehavior(), attachEventHandler(), canGetProperty(), canSetProperty(), clearBehaviors(), createdOnTemplate(), detachBehavior(), detachBehaviors(), detachClassBehavior(), detachEventHandler(), disableBehavior(), disableBehaviors(), enableBehavior(), enableBehaviors(), evaluateExpression(), evaluateStatements(), fxAttachClassBehavior(), fxDetachClassBehavior(), getAutoGlobalListen(), getBehaviorsEnabled(), getClassHierarchy(), getEventHandlers(), getListeningToGlobalEvents(), getSubProperty(), hasEvent(), hasEventHandler(), hasProperty(), isa(), listen(), raiseEvent(), setSubProperty(), unlisten()
Constants summary
string RETURN_URL_VAR 'ReturnUrl'
#

GET variable name for return url

GET variable name for return url

Constants inherited from TComponent
GLOBAL_RAISE_EVENT_LISTENER
Terms of Service | Contact Us
PRADO v3.2.4 API Manual API documentation generated by ApiGen 2.8.0
Copyright © 2006-2014 by the PRADO Group.
Powered by PRADO