Zend framework - tutorial: authorization
I know that there are many such tutorials in the network already, but I myself also know that ZF is very difficult at the start, but then ... everything is clear and easy.
I would like to facilitate this first stage to those who are still only at the beginning of the path.
For authorization, we need of course a ready-made user table - at least two fields, userName and passwordMD5.
passwordMD5 - it is immediately clear that the password is stored in an implicit form, so that someone would not steal it at one moment.
1. Making a login form.
')
We put this class in / application / forms (or wherever it pleases)
2. Controller for login.
Registry :: getInstance () -> session - create the session in bootstrap.php and carefully insert the registry into our object.
I think there is nothing to chew on, everything is clear. I think there are other ways of authorization, but this one suits me completely.
In order for your user to remember the system, you only need to add an element on the form (you know which one) and if our user logged in to call such code:
After login, the user object can be accessed anywhere in the code in the following way:
But here it is - when you try to change some property of this object and save it, you immediately get such a bug -
Cannot save a row unless it is connected
It turns out we recorded the object in the session, and after that it is just an object and the connection with the database is lost.
For this, I made a very simple solution.
Create plugin class:
Connect the plugin in bootstrap.php
This plugin simply updates the object from the database with each page call. Of course, you can do this only by necessity, who saves you something, I have enough matches :)
PS - an example of course may contain some errors (logic), take it as pseudocode, but with minimal knowledge of php, I think it will be easy to fix.
You can also do authorization for the zend program using OpenID
I would like to facilitate this first stage to those who are still only at the beginning of the path.
For authorization, we need of course a ready-made user table - at least two fields, userName and passwordMD5.
passwordMD5 - it is immediately clear that the password is stored in an implicit form, so that someone would not steal it at one moment.
1. Making a login form.
')
<?php
class Form_Login extends Zend_Form
{
public function init()
{
//
$ this ->setMethod( 'post' );
$ this ->addElement( 'text' , 'userName' , array(
'label' => ' :' ,
'filters' => array( 'StringTrim' )
));
$el = $ this ->getElement( 'userName' );
$el->setRequired( true )
->addValidators(array(
array( 'NotEmpty' , true , array( 'messages' => array(
'isEmpty' => ' !' ,
)))));
$ this ->addElement( 'password' , 'password' , array(
'label' => ':'
));
$el = $ this ->getElement( 'password' );
$el->setRequired( true )->addValidators(array(
array( 'NotEmpty' , true , array( 'messages' => array(
'isEmpty' => ' !' ,
)))));
$ this ->addElement( 'submit' , 'login' , array(
'label' => ''
));
}
}
* This source code was highlighted with Source Code Highlighter .We put this class in / application / forms (or wherever it pleases)
2. Controller for login.
<?php
class LoginController extends Zend_Controller_Action
{
public function preDispatch()
{
if (Zend_Auth::getInstance()->hasIdentity()) {
return $ this ->_redirect( '/' ); // ,
}
}
public function indexAction()
{
$form = $ this ->_getLoginForm();
if ($ this ->_request->isPost()) {
$formData = $ this ->_request->getPost();
if ($form->isValid($formData)) {
$auth = Zend_Auth::getInstance();
$authAdapter = $ this ->_getAuthAdapter($formData[ 'userName' ],$formData[ 'password' ]);
$result = $auth->authenticate($authAdapter);
if (!$result->isValid()) {
//
$form->setDescription( ' ' );
$form->populate($formData);
$ this ->view->form = $form;
return $ this ->render( 'index' ); //
} else {
$currentUser = $authAdapter->getResultRowObject();
Zend_Auth::getInstance()->getStorage()->write( $currentUser);// auth, -
return $ this ->_redirect( '/' ); //,
}
} else {
$form->populate($formData);
}
}
$ this ->view->form = $form;
}
protected function _getLoginForm()
{
require_once APPLICATION_PATH . '/forms/Login.php' ;
return new Form_Login();
}
protected function _getAuthAdapter($userName, $userPassword)
{
$authAdapter = new Zend_Auth_Adapter_DbTable(
$registry->dbAdapter,
'user' ,
'username' ,
'passwordMD5' ,
'MD5(?) AND status = "OK"'
);
$authAdapter->setIdentity($userName)->setCredential($userPassword);
return $authAdapter;
}
}
?>
* This source code was highlighted with Source Code Highlighter .Registry :: getInstance () -> session - create the session in bootstrap.php and carefully insert the registry into our object.
$configuration = new Zend_Config(require APPLICATION_PATH . '/config/config.php' );
$dbAdapter = Zend_Db::factory($configuration->database);
Zend_Db_Table_Abstract::setDefaultAdapter($dbAdapter);
$registry = Zend_Registry::getInstance();
$registry->configuration = $configuration;
$registry->dbAdapter = $dbAdapter;
$registry->session = new Zend_Session_Namespace();
* This source code was highlighted with Source Code Highlighter .I think there is nothing to chew on, everything is clear. I think there are other ways of authorization, but this one suits me completely.
Remember me?
In order for your user to remember the system, you only need to add an element on the form (you know which one) and if our user logged in to call such code:
Zend_Session::rememberMe(1209600); // here everyone decides for himself how much he needsAfter login, the user object can be accessed anywhere in the code in the following way:
$auth = Zend_Auth::getInstance()->getIdentity();But here it is - when you try to change some property of this object and save it, you immediately get such a bug -
Cannot save a row unless it is connected
It turns out we recorded the object in the session, and after that it is just an object and the connection with the database is lost.
For this, I made a very simple solution.
Create plugin class:
<?php
class CheckLoginPlugin extends Zend_Controller_Plugin_Abstract
{
protected $_userModel;
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request){
$auth = Zend_Auth::getInstance();
$user = $auth->getIdentity();
$model = $ this ->_getUserModel();
$auth->getStorage()->write($model->getUserById($user->id));
}
public function _getUserModel(){
if ( null === $ this ->_userModel) {
require_once APPLICATION_PATH . '/models/User.php' ;
$ this ->_userModel = new Model_User();
}
return $ this ->_userModel;
}
}
?>
* This source code was highlighted with Source Code Highlighter .Connect the plugin in bootstrap.php
require_once 'My/Plugin/CheckLoginPlugin.php' ;
$frontController->registerPlugin( new CheckLoginPlugin());
* This source code was highlighted with Source Code Highlighter .This plugin simply updates the object from the database with each page call. Of course, you can do this only by necessity, who saves you something, I have enough matches :)
PS - an example of course may contain some errors (logic), take it as pseudocode, but with minimal knowledge of php, I think it will be easy to fix.
You can also do authorization for the zend program using OpenID
Source: https://habr.com/ru/post/53763/
All Articles