The start of an authentication module. This provides the installation and a basic install test. There is no interface at the moment to do authentication. It is dependent on the install of the user module.

3 files changed, 276 insertions, 0 deletions

diff --git a/modules/auth/libraries/Auth.php b/modules/auth/libraries/Auth.php
new file mode 100644
index 00000000..9bc59ec7
--- /dev/null
+++ b/modules/auth/libraries/Auth.php
@@ -0,0 +1,93 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2008 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+/**
+ * Implement the Authentication.
+ *
+ * This code was heavily influenced by code from:
+ *  - http://code.google.com/p/kohana-mptt/
+ *  - http://code.google.com/p/kohana-mptt/wiki/Documentation
+ *  - http://code.google.com/p/s7ncms/source/browse/trunk/modules/s7ncms/libraries/ORM_MPTT.php
+ *
+ * It was extended to allow configurable drivers
+ */
+class Auth_Core implements Auth_Driver {
+
+  // Session singleton
+  private static $instance;
+
+  // Configuration and driver
+  protected $_config;
+  protected $_driver;
+
+  /**
+   * Singleton instance of Session.
+   */
+  public static function instance($config = array()) { 
+    if (self::$instance == NULL) {
+      // Create a new instance
+      self::$instance = new Auth($config);
+    }
+    
+    return self::$instance;
+  }
+
+  /**
+   * On first instance creation, sets up the driver.
+   */
+  protected function __construct($config = array()) {
+    // Load config
+    $config += Kohana::config('auth');
+
+    //  Set the driver class name
+    $driver = "Auth_{$config['driver']}_Driver";
+    if (!Kohana::auto_load($driver)) {
+      // @todo change to gallery specific exceptions
+      throw new Kohana_Exception("Specified Driver: '{$config['driver']}' has not been defined.");
+    }
+
+    // Load the driver
+    $driver = new $driver();
+
+    if (!($driver instanceof Auth_Driver)) {
+      // @todo change to gallery specific exceptions
+      throw new Kohana_Exception(
+        "Specified Driver: '{$config['driver']}' has not implemented 'Auth_Driver'.");
+    }
+
+    $this->_driver = $driver;
+    $this->_config = $config;
+
+    Kohana::log('debug', 'Auth Library initialized');
+  }
+
+  /**
+   * @see Auth_Driver::set_user_password
+   */
+  public function set_user_password($user_id, $password) {
+    return $this->_driver->set_user_password($user_id, $password);
+  }
+
+  /**
+   * @see Auth_Driver::is_valid_password
+   */
+  public function is_valid_password($user_id, $password) {
+     return $this->_driver->is_valid_password($user_id, $password);
+   }
+}
diff --git a/modules/auth/libraries/drivers/Auth.php b/modules/auth/libraries/drivers/Auth.php
new file mode 100644
index 00000000..6a6d31b6
--- /dev/null
+++ b/modules/auth/libraries/drivers/Auth.php
@@ -0,0 +1,37 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2008 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+interface Auth_Driver {
+  /**
+   * Set the password for the specified user
+   *
+   * @param   int   Gallery User id
+   * @param  string
+   */
+  public function set_user_password($user_id, $password);
+
+  /**
+   * Validates a user id password combination.
+   *
+   * @param   int   user_id
+   * @param   string   password
+   * @return  boolean
+   */
+  public function is_valid_password($user_id, $password);
+}
\ No newline at end of file
diff --git a/modules/auth/libraries/drivers/Auth/Basic.php b/modules/auth/libraries/drivers/Auth/Basic.php
new file mode 100644
index 00000000..2621812a
--- /dev/null
+++ b/modules/auth/libraries/drivers/Auth/Basic.php
@@ -0,0 +1,146 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2008 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Auth_Basic_Driver implements Auth_Driver {
+  // Configuration
+  protected $_config;
+
+  /**
+   * Instantiate the Driver and initialize it's configuration.
+   */
+  public function __construct($config = array()) {
+    // Load config
+    $config +=  Kohana::config('basic_auth');
+
+    // Clean up the salt pattern and split it into an array
+    $config['salt_pattern'] = preg_split('/,\s*/', $config['salt_pattern']);
+    $this->_config = $config;
+
+    Kohana::log('debug', 'Auth_Basic_Driver Library initialized');
+  }
+
+  /**
+   * @see Auth_Driver::set_user_password
+   *
+   * @param int $user_id
+   * @param string $password
+   * @return void
+   */
+  public function set_user_password($user_id, $password_text) {
+    $password = ORM::factory("password")->where('user_id', $user_id)->find();
+    $password->password = $this->_hash_password($password_text);
+    if (empty($password->user_id)) {
+      $password->user_id = $user_id;
+    }
+    $password->save();
+  }
+
+  /**
+   * Validates a user id password combination.
+   *
+   * @param   int   user_id
+   * @param   string   password
+   * @return  boolean
+   */
+  public function is_valid_password($user_id, $password_text) {
+    $password = ORM::factory("password")
+      ->where('user_id', $user_id)
+      ->find();
+    if ($password->loaded != true) {
+      return false;
+    }
+
+    // Get the salt from the stored password
+    $salt = $this->_find_salt($password->password);
+    $hashed = $this->_hash_password($password_text, $salt);
+
+    return $hashed === $password->password;
+  }
+  
+  /**
+   * Creates a hashed password from a plaintext password, inserting salt
+   * based on the configured salt pattern.
+   *
+   * @param   string  plaintext password
+   * @return  string  hashed password string
+   */
+  private function _hash_password($password, $salt = FALSE) {
+    if ($salt === FALSE) {
+      // Create a salt seed, same length as the number of offsets in the pattern
+      $salt = substr($this->_hash(uniqid(NULL, TRUE)), 0, count($this->_config['salt_pattern']));
+    }
+
+    // Password hash that the salt will be inserted into
+    $hash = $this->_hash($salt . $password);
+
+    // Change salt to an array
+    $salt = str_split($salt, 1);
+
+    // Returned password
+    $password = '';
+
+    // Used to calculate the length of splits
+    $last_offset = 0;
+
+    foreach ($this->_config['salt_pattern'] as $offset) {
+      // Split a new part of the hash off
+      $part = substr($hash, 0, $offset - $last_offset);
+
+      // Cut the current part out of the hash
+      $hash = substr($hash, $offset - $last_offset);
+
+      // Add the part to the password, appending the salt character
+      $password .= $part . array_shift($salt);
+
+      // Set the last offset to the current offset
+      $last_offset = $offset;
+    }
+
+    // Return the password, with the remaining hash appended
+    return $password . $hash;
+  }
+
+  /**
+   * Perform a hash, using the configured method.
+   *
+   * @param   string   string to hash
+   * @return  string
+   */
+  private function _hash($str) {
+    return hash($this->_config['hash_method'], $str);
+  }
+
+  /**
+   * Finds the salt from a password, based on the configured salt pattern.
+   *
+   * @param   string  hashed password
+   * @return  string
+   */
+  private function _find_salt($password)   {
+    $salt = '';
+
+    foreach ($this->_config['salt_pattern'] as $i => $offset)     {
+      // Find salt characters... take a good long look..
+      $salt .= substr($password, $offset + $i, 1);
+    }
+
+    return $salt;
+  }
+}
+