<?php namespace Laravel;
// 路径 laravel/auth.php
// 授权类
class Auth {
/**
* The current user of the application.
* 应用的当前用户
* @var object
*/
public static $user;
/**
* The key used when storing the user ID in the session.
* 在会话中存储用户ID使用的key
* @var string
*/
const user_key = 'laravel_user_id';
/**
* Determine if the user of the application is not logged in.
* 确定应用的用户是否没有登录
* This method is the inverse of the "check" method.
* 这个方法与check方法相反
* @return bool
*/
public static function guest()
{
return ! static::check();
}
/**
* Determine if the user of the application is logged in.
* 确定应用的用户已经登录
* @return bool
*/
public static function check()
{
return ! is_null(static::user());
}
/**
* Get the current user of the application.
* 获取应用当前的用户
* <code>
* // Get the current user of the application
* $user = Auth::user();
*
* // Access a property on the current user of the application
* // 访问应用当前用户的属性,获取用户邮箱
* $email = Auth::user()->email;
* </code>
*
* @return object|null
*/
public static function user()
{
if ( ! is_null(static::$user)) return static::$user;
$id = Session::get(Auth::user_key);
// To retrieve the user, we'll first attempt to use the "user" Closure
// defined in the auth configuration file, passing in the ID. The user
// Closure gives the developer a ton of freedom surrounding how the
// user is actually retrieved.
// 要检索用户,我们首先尝试使用auth配置文件中定义的“用户”闭包,并传入ID。
// 用户关闭功能为开发人员提供了围绕用户实际检索方式的大量自由度。
$config = Config::get('auth');
static::$user = call_user_func($config['user'], $id);
// If the user wasn't found in the database but a "remember me" cookie
// exists, we'll attempt to recall the user based on the cookie value.
// Since all cookies contain a fingerprint hash verifying that they
// haven't changed, we can trust it.
// 如果在数据库中找不到该用户,但是存在“记住我” cookie,我们将尝试根据cookie值来重新调用该用户。
// 由于所有cookie均包含指纹哈希,以验证它们没有更改,因此我们可以信任它。
$recaller = Cookie::get($config['cookie']);
if (is_null(static::$user) and ! is_null($recaller))
{
static::$user = static::recall($recaller);
}
return static::$user;
}
/**
* Attempt to login a user based on a long-lived "remember me" cookie.
* 尝试基于长期存在的“记住我” cookie登录用户。
* @param string $recaller
* @return mixed
*/
protected static function recall($recaller)
{
$recaller = explode('|', Crypter::decrypt($recaller));
// We'll pass the ID that was stored in the cookie into the same user
// Closure that is used by the "user" method. If the method returns
// a user, we will log them into the application.
// 我们会将存储在cookie中的ID传递给“user”方法所使用的同一个user闭包。
// 如果该方法返回了一个用户,我们将把他们记录到应用程序中。
// 获取用户
$user = call_user_func(Config::get('auth.user'), $recaller[0]);
if ( ! is_null($user))
{
static::login($user);
return $user;
}
}
/**
* Attempt to log a user into the application.
* 用户尝试登录到应用。
* <code>
* // Attempt to log a user into the application
* // 通过用户名和密码尝试登录
* $success = Auth::attempt('username', 'password');
*
* // Attempt to login a user and set the "remember me" cookie
* // 通过用户名、密码和记住我尝试登录
* Auth::attempt('username', 'password', true);
* </code>
*
* @param string $username
* @param string $password
* @param bool $remember
* @return bool
*/
public static function attempt($username, $password = null, $remember = false)
{
$config = Config::get('auth');
// When attempting to login the user, we will call the "attempt" closure
// from the configuration file. This gives the developer the freedom to
// authenticate based on the needs of their application, even allowing
// the user of third-party providers.
// 尝试登录用户时,我们将从配置文件中调用“attempt”闭包。
// 这使开发人员可以自由地根据其应用程序的需求进行身份验证,甚至允许第三方提供程序的用户使用。
$user = call_user_func($config['attempt'], $username, $password);
if (is_null($user)) return false;
static::login($user, $remember);
return true;
}
/**
* Log a user into the application.
* 用户登录应用
* <code>
* // Login the user with an ID of 15
* // 指定id为15的用户登录
* Auth::login(15);
*
* // Login a user by passing a user object
* // 通过传递user对象登录
* Auth::login($user);
*
* // Login a user and set a "remember me" cookie
* // 登录而且设置记住我
* Auth::login($user, true);
* </code>
*
* @param object|int $user
* @param bool $remember
* @return void
*/
public static function login($user, $remember = false)
{
// 是对象则获取id,否则转为int型
$id = (is_object($user)) ? $user->id : (int) $user;
if ($remember) static::remember($id);
// 写入session
Session::put(Auth::user_key, $id);
}
/**
* Set a cookie so that the user is "remembered".
* 设置一个cookie,以便“记住”用户。
* @param string $id
* @return void
*/
protected static function remember($id)
{
$recaller = Crypter::encrypt($id.'|'.Str::random(40));
// This method assumes the "remember me" cookie should have the same
// configuration as the session cookie. Since this cookie, like the
// session cookie, should be kept very secure, it's probably safe.
// to assume the cookie settings are the same.
// 此方法假定“记住我” cookie应具有与会话cookie相同的配置。
// 由于此cookie(如会话cookie)应保持非常安全,因此可以假设cookie设置相同是安全的。
$config = Config::get('session');
// extract — 从数组中将变量导入到当前的符号表, EXTR_SKIP-如果有冲突,不覆盖已有的变量
extract($config, EXTR_SKIP);
// 获取cookie配置
$cookie = Config::get('auth.cookie');
// 永久写入cookie 此处存在bug
Cookie::forever($cookie, $recaller, $path, $domain, $secure);
}
/**
* Log the current user out of the application.
* 将当前用户退出应用
* @return void
*/
public static function logout()
{
// We will call the "logout" closure first, which gives the developer
// the chance to do any clean-up or before the user is logged out of
// the application. No action is taken by default.
// 我们将首先调用“logout”闭包,这将使开发人员有机会进行清理或在用户退出应用程序之前进行清理。 默认情况下不执行任何操作。
call_user_func(Config::get('auth.logout'), static::user());
static::$user = null;
// 获取session配置
$config = Config::get('session');
// extract — 从数组中将变量导入到当前的符号表, EXTR_SKIP-如果有冲突,不覆盖已有的变量
extract($config, EXTR_SKIP);
// When forgetting the cookie, we need to also pass in the path and
// domain that would have been used when the cookie was originally
// set by the framework, otherwise it will not be deleted.
// 忘记Cookie时,我们还需要传递最初使用Cookie时使用的路径和域由框架设置,否则将不会被删除。
$cookie = Config::get('auth.cookie');
// 清除cookie,此处存在bug
Cookie::forget($cookie, $path, $domain, $secure);
// 清除session
Session::forget(Auth::user_key);
}
}
github地址: https://github.com/liu-shilong/laravel3-scr
