StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
2300547
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2010-02-20T00:31:41.147
FavoriteCount
0
LastActivityDate
2010-02-20T00:37:59.273
LastEditDate
2010-02-20T00:37:59.273
LastEditorUserId
105662
OwnerUserId
105662
ParentId
2300389
PostTypeId
2
Score
9
ViewCount
0
LastEditorDisplayName
text
Body
I use a combination of a Zend_Controller_Plugin and an AuthController to protect my sites. It supports password resets, forced password changes, and automatic account locking, hence the moderate complexity. Note that I use Doctrine, so this obviously can't just be cut and pasted into your application, but it should function with minimal changes. I removed a few methods specific to my application, but all the general authentication foo is there. Plugin <pre><code><?php class Hobo_Controller_Plugin_Auth extends Zend_Controller_Plugin_Abstract { public function preDispatch(Zend_Controller_Request_Abstract $request) { $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { if ('logout' != $request->getActionName()) { if (! $request->getParam('force_password_change') && $this->_checkPasswordExpiry($auth->getIdentity()->username) ) { $request->setParam('force_password_change', true); $request->setModuleName('default') ->setControllerName('auth') ->setActionName('change-password'); } } } else { // Defer more complex authentication logic to AuthController if ('auth' != $this->getRequest()->getControllerName()) { $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector'); $redirector->gotoSimple('restricted', 'auth'); } } } protected function _checkPasswordExpiry($username) { // Look up user and return true if password is expired } } </code></pre> AuthController <pre><code><?php class AuthController extends Zend_Controller_Action { public function init() { $this->_auth = Zend_Auth::getInstance(); $this->_errorMessenger = new Zend_Controller_Action_Helper_FlashMessenger(); $this->_errorMessenger->setActionController($this)->init(); $this->_errorMessenger->setNamespace('error'); $this->_noticeMessenger = new Zend_Controller_Action_Helper_FlashMessenger(); $this->_noticeMessenger->setActionController($this)->init(); $this->_noticeMessenger->setNamespace('notice'); $this->view->errors = $this->_errorMessenger->getMessages(); $this->view->notices = $this->_noticeMessenger->getMessages(); } public function preDispatch() { if (! $this->_auth->hasIdentity()) { if (! in_array($this->_request->getActionName(), array( 'logout', 'identify', 'forgot-password', 'reset-password', 'restricted')) ) { $this->_redirect('/auth/restricted'); } } } public function restrictedAction() { // Shows access restricted page } public function logoutAction() { $this->_auth->clearIdentity(); Zend_Session::destroy(); $this->_redirect('/'); } public function identifyAction() { if ($this->_request->isPost()) { $username = $this->_getParam('username'); $password = $this->_getParam('password'); if (empty($username) || empty($password)) { $this->_flashError('Username or password cannot be blank.'); } else { $user = new dUser(); $result = $user->login($username, $password); if ($result->isValid()) { $user->fromArray((array) $this->_auth->getIdentity()); if ($this->_getParam('changepass') || $user->is_password_expired) { $this->_redirect('auth/change-password'); return; } $this->_doRedirect($user); return; } else { $this->_doFailure($result->getIdentity()); } } } $this->_redirect('/'); } public function changePasswordAction() { if ($this->_request->isPost()) { $username = $this->_auth->getIdentity()->username; $formData = $this->_request->getParams(); if (empty($formData['password']) || empty($formData['new_password']) || empty($formData['confirm_password']) ) { $this->_flashError('Password cannot be blank.'); $this->_redirect('auth/change-password'); } elseif ($formData['new_password'] !== $formData['confirm_password']) { $this->_flashError('Password and confirmation do not match.'); $this->_redirect('auth/change-password'); } else { $user = new dUser(); $result = $user->login($username, $formData['password']); if ($result->isValid()) { $user->updatePassword($username, $formData['new_password']); $this->_flashNotice('Password updated successfully!'); $this->_redirect('/'); } else { $this->_flashError('Invalid username or password!'); $this->_redirect('auth/change-password'); } } } if ($this->_getParam('force_password_change')) { $this->view->notice = 'Your password has expired. You must change your password to continue.'; } } public function forgotPasswordAction() { if ($this->_request->isPost()) { // Pseudo-random uppercase 6 digit hex value $resetCode = strtoupper(substr(sha1(uniqid(rand(),true)),0,6)); Doctrine_Query::create() ->update('dUser u') ->set('u.reset_code', '?', array($resetCode)) ->where('u.username = ?', array($this->_getParam('username'))) ->execute(); $this->_doMail($this->_getParam('username'), $resetCode); $this->_flashNotice("Password reset request received."); $this->_flashNotice("An email with further instructions, including your Reset Code, has been sent to {$this->_getParam('username')}."); $this->_redirect("auth/reset-password/username/{$this->_getParam('username')}"); } } public function resetPasswordAction() { $this->view->username = $this->_getParam('username'); $this->view->reset_code = $this->_getParam('reset_code'); if ($this->_request->isPost()) { $formData = $this->_request->getParams(); if (empty($formData['username']) || empty($formData['reset_code'])) { $this->_flashError('Username or reset code cannot be blank.'); $this->_redirect('auth/reset-password'); } elseif ($formData['new_password'] !== $formData['confirm_password']) { $this->_flashError('Password and confirmation do not match.'); $this->_redirect('auth/reset-password'); } else { $user = new dUser(); $result = $user->loginWithResetCode($formData['username'], $formData['reset_code']); if ($result->isValid()) { $user->updatePassword($result->getIdentity(), $formData['new_password']); $user->fromArray((array) $this->_auth->getIdentity()); $this->_flashNotice('Password updated successfully!'); $this->_doRedirect($user); } else { $this->_doFailure($result->getIdentity()); $this->_redirect('auth/reset-password'); } } } } protected function _doRedirect($user) { $this->_helper->Redirector->gotoUserDefault($user); } protected function _flashError($message) { $this->_errorMessenger->addMessage($message); } protected function _flashNotice($message) { $this->_noticeMessenger->addMessage($message); } protected function _doFailure($username) { $user = Doctrine_Query::create() ->from('dUser u') ->select('u.is_locked') ->where('u.username = ?', array($username)) ->fetchOne(); if ($user->is_locked) { $this->_flashError('This account has been locked.'); } else { $this->_flashError('Invalid username or password'); } } } </code></pre>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POHow to do preDispatch forwarding in Zend Framework?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. UShobodave
UserOwnerUserId
1. UShobodave
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POHow to do preDispatch forwarding in Zend Framework?
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COThanks for the answer! Great example, how to set up things quickly and reasonable.
 singulars
 PostPostId
 PO
 UserUserId
 USPvB
2. COGreat job, $this->_redirect(); didnt worked only works yours.
 singulars
 PostPostId
 PO
 UserUserId
 USYumYumYum

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.