Validation Class Reference
[Security]

Class providing user validation/authentication operations. More...

List of all members.

Public Member Functions

 canAdminister ($journalId, $userId)
 checkCredentials ($username, $password)
 encryptCredentials ($username, $password, $encryption=false)
 generatePassword ($length=8)
 generatePasswordResetHash ($userId)
 isAuthor ($journalId=-1)
 isAuthorized ($roleId, $journalId=0)
 isCopyeditor ($journalId=-1)
 isEditor ($journalId=-1)
 isJournalManager ($journalId=-1)
 isLayoutEditor ($journalId=-1)
 isLoggedIn ()
 isProofreader ($journalId=-1)
 isReader ($journalId=-1)
 isReviewer ($journalId=-1)
 isSectionEditor ($journalId=-1)
 isSiteAdmin ()
 isSubscriptionManager ($journalId=-1)
login ($username, $password, &$reason, $remember=false)
 logout ()
 redirectLogin ($message=null)
 suggestUsername ($firstName, $lastName)

Detailed Description

Class providing user validation/authentication operations.

Definition at line 20 of file Validation.inc.php.

Member Function Documentation

Validation.canAdminister ( journalId,
userId 
)

Check whether a user is allowed to administer another user.

Parameters:
$journalId int
$userId int
Returns:
boolean

Definition at line 394 of file Validation.inc.php.

References DAORegistry.getDAO(), isJournalManager(), and isSiteAdmin().

Referenced by PeopleHandler.disableUser(), PeopleHandler.editUser(), PeopleHandler.mergeUsers(), PeopleHandler.signInAsUser(), and PeopleHandler.updateUser().

Validation.checkCredentials ( username,
password 
)

Check if a user's credentials are valid.

Parameters:
$username string username
$password string unencrypted password
Returns:
boolean

Definition at line 161 of file Validation.inc.php.

References encryptCredentials(), and DAORegistry.getDAO().

Validation.encryptCredentials ( username,
password,
encryption = false 
)

Encrypt user passwords for database storage. The username is used as a unique salt to make dictionary attacks against a compromised database more difficult.

Parameters:
$username string username
$password string unencrypted password
$encryption string optional encryption algorithm to use, defaulting to the value from the site configuration
Returns:
string encrypted password

Definition at line 216 of file Validation.inc.php.

References Config.getVar().

Referenced by checkCredentials(), Install.createData(), RegistrationForm.execute(), LoginChangePasswordForm.execute(), ChangePasswordForm.execute(), CreateReviewerForm.execute(), UserManagementForm.execute(), UserXMLParser.generatePassword(), UserXMLParser.importUsers(), ImportOJS1.importUsers(), login(), and LoginHandler.resetPassword().

Validation.generatePassword ( length = 8  ) 

Generate a random password. Assumes the random number generator has already been seeded.

Parameters:
$length int the length of the password to generate (default 8)
Returns:
string

Definition at line 240 of file Validation.inc.php.

Referenced by AccessKeyManager.createKey(), LoginChangePasswordForm.execute(), ChangePasswordForm.execute(), CreateReviewerForm.execute(), UserManagementForm.execute(), UserXMLParser.generatePassword(), and LoginHandler.resetPassword().

Validation.generatePasswordResetHash ( userId  ) 

Generate a hash value to use for confirmation to reset a password.

Parameters:
$userId int
Returns:
string (boolean false if user is invalid)

Definition at line 256 of file Validation.inc.php.

References DAORegistry.getDAO().

Referenced by SectionEditorAction.notifyReviewer(), SectionEditorAction.remindReviewer(), LoginHandler.requestResetPassword(), and LoginHandler.resetPassword().

Validation.isAuthor ( journalId = -1  ) 

Shortcut for checking authorization as author.

Parameters:
$journalId int
Returns:
boolean

Definition at line 366 of file Validation.inc.php.

References isAuthorized().

Referenced by ProfileForm.execute(), ProfileForm.initData(), and AuthorHandler.validate().

Validation.isAuthorized ( roleId,
journalId = 0 
)

Check if a user is authorized to access the specified role in the specified journal.

Parameters:
$roleId int
$journalId optional (e.g., for global site admin role), the ID of the journal
Returns:
boolean

Definition at line 188 of file Validation.inc.php.

References DAORegistry.getDAO(), Request.getJournal(), SessionManager.getManager(), and isLoggedIn().

Referenced by isAuthor(), isCopyeditor(), isEditor(), isJournalManager(), isLayoutEditor(), isProofreader(), isReader(), isReviewer(), isSectionEditor(), isSiteAdmin(), and isSubscriptionManager().

Validation.isCopyeditor ( journalId = -1  ) 

Shortcut for checking authorization as copyeditor.

Parameters:
$journalId int
Returns:
boolean

Definition at line 348 of file Validation.inc.php.

References isAuthorized().

Referenced by CopyeditorHandler.validate().

Validation.isEditor ( journalId = -1  ) 

Shortcut for checking authorization as editor.

Parameters:
$journalId int
Returns:
boolean

Definition at line 312 of file Validation.inc.php.

References isAuthorized().

Referenced by EmailHandler.email(), SectionEditorAction.emailEditorDecisionComment(), SectionEditorAction.postCopyeditComment(), SectionEditorAction.postEditorDecisionComment(), SectionEditorAction.postLayoutComment(), SectionEditorAction.postPeerReviewComment(), SectionEditorAction.postProofreadComment(), SubmitHandler.saveSubmit(), IssueHandler.setupIssueTemplate(), SectionEditorHandler.setupTemplate(), SubmissionEditHandler.submissionEmailLog(), SubmissionEditHandler.submissionEmailLogType(), SubmissionEditHandler.submissionEventLog(), SubmissionEditHandler.submissionEventLogType(), SubmissionEditHandler.submissionHistory(), SubmissionEditHandler.validate(), SectionEditorHandler.validate(), IssueManagementHandler.validate(), EditorHandler.validate(), SectionEditorAction.viewCopyeditComments(), SectionEditorAction.viewEditorDecisionComments(), SectionEditorAction.viewLayoutComments(), SectionEditorAction.viewPeerReviewComments(), and SectionEditorAction.viewProofreadComments().

Validation.isJournalManager ( journalId = -1  ) 

Shortcut for checking authorization as journal manager.

Parameters:
$journalId int
Returns:
boolean

Definition at line 303 of file Validation.inc.php.

References isAuthorized().

Referenced by canAdminister(), UserManagementForm.display(), EmailHandler.email(), UserManagementForm.execute(), UserManagementForm.UserManagementForm(), RTAdminHandler.validate(), and ManagerHandler.validate().

Validation.isLayoutEditor ( journalId = -1  ) 

Shortcut for checking authorization as layout editor.

Parameters:
$journalId int
Returns:
boolean

Definition at line 330 of file Validation.inc.php.

References isAuthorized().

Referenced by IssueHandler.setupIssueTemplate(), LayoutEditorHandler.validate(), and IssueManagementHandler.validate().

Validation.isLoggedIn (  ) 

Check if the user must change their password in order to log in.

Returns:
boolean

Definition at line 282 of file Validation.inc.php.

References SessionManager.getManager().

Referenced by LoginHandler.implicitAuthReturn(), LoginHandler.index(), isAuthorized(), login(), LoginHandler.signIn(), LoginHandler.signOut(), TemplateManager.TemplateManager(), UserHandler.validate(), CommentHandler.validate(), ArticleHandler.validate(), Handler.validate(), ReviewerHandler.validateAccessKey(), ArticleHandler.viewArticle(), and ArticleHandler.viewRST().

Validation.isProofreader ( journalId = -1  ) 

Shortcut for checking authorization as proofreader.

Parameters:
$journalId int
Returns:
boolean

Definition at line 357 of file Validation.inc.php.

References isAuthorized().

Referenced by IssueHandler.setupIssueTemplate(), and ProofreaderHandler.validate().

Validation.isReader ( journalId = -1  ) 

Shortcut for checking authorization as reader.

Parameters:
$journalId int
Returns:
boolean

Definition at line 375 of file Validation.inc.php.

References isAuthorized().

Referenced by ProfileForm.execute(), and ProfileForm.initData().

Validation.isReviewer ( journalId = -1  ) 

Shortcut for checking authorization as reviewer.

Parameters:
$journalId int
Returns:
boolean

Definition at line 339 of file Validation.inc.php.

References isAuthorized().

Referenced by ProfileForm.execute(), ProfileForm.initData(), and ReviewerHandler.validate().

Validation.isSectionEditor ( journalId = -1  ) 

Shortcut for checking authorization as section editor.

Parameters:
$journalId int
Returns:
boolean

Definition at line 321 of file Validation.inc.php.

References isAuthorized().

Referenced by EmailHandler.email(), and SectionEditorHandler.validate().

Validation.isSiteAdmin (  ) 

Shortcut for checking authorization as site admin.

Returns:
boolean

Definition at line 294 of file Validation.inc.php.

References isAuthorized().

Referenced by canAdminister(), EmailHandler.email(), CounterPlugin.getManagementVerbs(), ResolverPlugin.getManagementVerbs(), TranslatorPlugin.manage(), CounterPlugin.manage(), ResolverPlugin.manage(), PluginHandler.plugins(), CounterHandler.validate(), ManagerHandler.validate(), and AdminHandler.validate().

Validation.isSubscriptionManager ( journalId = -1  ) 

Shortcut for checking authorization as subscription manager.

Parameters:
$journalId int
Returns:
boolean

Definition at line 384 of file Validation.inc.php.

References isAuthorized().

Referenced by SubscriptionManagerHandler.validate().

& Validation.login ( username,
password,
&$  reason,
remember = false 
)

Authenticate user credentials and mark the user as logged in in the current session.

Parameters:
$username string
$password string unencrypted password
$reason string reference to string to receive the reason an account was disabled; null otherwise
$remember boolean remember a user's session past the current browser session
Returns:
User the User associated with the login credentials, or false if the credentials are invalid

Definition at line 30 of file Validation.inc.php.

References HookRegistry.call(), encryptCredentials(), Core.getCurrentDate(), DAORegistry.getDAO(), SessionManager.getManager(), Config.getVar(), isLoggedIn(), and PluginRegistry.loadCategory().

Referenced by LoginHandler.implicitAuthReturn(), RegistrationHandler.registerUser(), LoginHandler.savePassword(), and LoginHandler.signIn().

Validation.logout (  ) 

Mark the user as logged out in the current session.

Returns:
boolean

Definition at line 120 of file Validation.inc.php.

References DAORegistry.getDAO(), and SessionManager.getManager().

Referenced by LoginHandler.signIn(), LoginHandler.signOut(), and ReviewerHandler.validateAccessKey().

Validation.redirectLogin ( message = null  ) 

Redirect to the login page, appending the current URL as the source.

Parameters:
$message string Optional name of locale key to add to login page

Definition at line 142 of file Validation.inc.php.

References Request.redirect().

Referenced by RTAdminHandler.index(), CounterHandler.validate(), UserHandler.validate(), SubscriptionManagerHandler.validate(), SectionEditorHandler.validate(), RTAdminHandler.validate(), ReviewerHandler.validate(), ProofreaderHandler.validate(), ManagerHandler.validate(), LayoutEditorHandler.validate(), IssueManagementHandler.validate(), EditorHandler.validate(), CopyeditorHandler.validate(), CommentHandler.validate(), AuthorHandler.validate(), ArticleHandler.validate(), and AdminHandler.validate().

Validation.suggestUsername ( firstName,
lastName 
)

Suggest a username given the first and last names.

Returns:
string

Definition at line 269 of file Validation.inc.php.

References DAORegistry.getDAO(), String.regexp_replace(), String.strtolower(), and String.substr().

Referenced by SubmissionEditHandler.suggestUsername(), and PeopleHandler.suggestUsername().

The documentation for this class was generated from the following file:
Generated on Mon Jul 14 10:55:48 2008 for Open Journal Systems by  doxygen 1.5.6