Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>We use a <a href="http://framework.zend.com/manual/en/zend.controller.plugins.html" rel="nofollow">Controller plugin</a> (bootstrapped in application.ini config file) that handles our authentications. It checks the requested controller/action in the preDispatch() phase and matches against ACL objects (could be fetched out of DB, config files, XML, etc.). If the user does not have the privilege to access the target controller/action, the a message is stored in the session and user is redirected to another page, displaying the access forbidden message.</p> <p>If the user needs to have authentication to access the target controller/action, user is redirected to the login action by modifying the request object.</p> <p>Using this plugin there is no need to check for user authentication/ACL in each controller and so all the "Access" code would be enclosed in one file, the "Access Plugin".</p> <p>In order to check for user identity we mostly use the same method of "Zend_Auth::getInstance()->hasIdenity()", but this just shows if the user is authenticated or not. the '''getIdentity()''' method of Zend_Auth returns the current user identity, but again just the identity and not more. However if you would need more information of the user, you could store the user information in a session.</p> <p>We implement our users as data models, so each user is defined as an object. after a user is authenticated on the login action, we create the appropriate user object and store it in the user session, like this:</p> <pre><code>// This could be a sample code in AuthController/processloginAction() // suppose $username is validated before and stores the username $user = new Default_Model_User($username); // now $user is our user object, suppose $log is a Zend_Log instance $log-&gt;info("user id '{$user-&gt;getId()}' username: '{$user-&gt;getUsername()}' logged in"); $sess = Zend_Session_Namespace('auth'); $sess-&gt;user = $user; </code></pre> <p>From now one, the $user property of the session namespace of 'auth' is the user object with all the information you would need about, not just the identity. and whenever you wanted to check if user is logged in (beside using Zend_Auth) you could check for availability of this value on the user session:</p> <pre><code>$sess = Zend_Session_Namespace('auth'); if (!isset($sess-&gt;user) || !$sess-&gt;user) { // user is not logged in, redirect to login page } $user = $sess-&gt;user; /*@var $user Default_Model_User*/ $email = $user-&gt;getEmail(); </code></pre> <p>now we checked for authentication, and have access to user information (email, phone, etc.).</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload