Posted: Mon May 22, 2006 9:22 pm
Hahahaha! Code typo! Didn't run it through php -l or anything, and it's our first bug report. I meant $manager instead of $authentication_manager, and, to top things off, we were missing closing parenthesese.
And... to answer Nathaniel's questions...
Community coding works! Wow.
Code: Select all
<?php
// no access control built in!
// returns whether or not a user is authenticated,
// and registers AuthenticationManager to appropriate persistence if they are.
function authtools_quick_authenticate(
$data_adapter = false, // false to use the automatic classes
$session_adapter = false,
$credential_adapter = false)
{
$manager = new AuthTools_AuthenticationManager();
// give the credentials AuthenticationManager (nothing happens yet)
if (!$credential_adapter) $credentials = new AuthTools_Credentials_Auto();
$manager->setCredentials($credentials);
// likewise we need some to check the credentials against (nothing happens)
// the automatic detection is NOT recommended
if (!$data_adapter) $data_adapter = new AuthTools_Datasource_AutoMySQL();
$manager->setDataAdapter($data_adapter);
// the user gets authenticated.
// authenticateUser optionally takes a specific authentication command,
// otherwise, it passes the credentials to a controller which determines
// which methods should the user be authenticated by
$manager->authenticateUser();
// propagate the authentication manager to the entire app. This gives the app a dependency,
// but it should be trivial to write wrappers for the most important
// methods: isUserAuthenticated() and getUserId()
if (!$session_adapter) $session_adapter = new AuthTools_Session_Auto();
$session_adapter->setAuthenticationManager($manager);
// for small scripts that don't want to interface with the manager
return $manager->isUserAuthenticated();
}
?>Yup. It's all neatly tucked away inside AuthTools_Credentials_Auto(). This is so in the case that it's actually in $_POST['login_username'], we can just let them pass an amended AuthTools_Credentials object. It'll be clearer with code for that class. (actually, we do have code for that class. It's in the TeX.)could this be either the session cookie or the $_POST['username'] / $_POST['password']?
Precisely. And you bring up an important point: the manager has to know about the session adapter too! I'll add that in later, it might be a pickle due to bidirectional references.this would be the datasource to check the session cookie or $_POST data against...?
The authentication manager needs to be known by the entire application. So that's what the session_adapter does. Admittedly, it isn't the cleanest of ideas. It might not even belong there. Will reconsider.ok, I'm really lost. This isn't returned or added to the $manager object - what is it doing?
Community coding works! Wow.