Zend authentication examples

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Zend authentication examples

Post by alex.barylski »

I've looked at Magento but I don't have the time or patience to make sense out of it's use of Zend. Seems they have their own framework wrapped around Zend called Mage which is just creating additional indirection for me to struggle with.

Anyways, I'm curious to see how others implement authentication (maybe authorization as well) while using Zend.

1. Submit login FORM to login controller -- which then redirects/forwards you to a dashboard

This much is pretty obvious but during this action I assume you also store a SESSION value indicating access levels (ACL) or userid indicating basic authorization?

The next page refresh, where do you check this SESSION value to determine whether you should redirect to login screen or not?

Obviously this should be centralized as it doesn't make sense to check for a basic SESSION in each controller invoked. Likewise, what about advanced authroization? Do you check permissions/roles/whatever inside each action for really fine grained access control?

I'd like to see a clean cut, simple example of a Zend controller action or two which demonstrates what a typical action might look like when generating a full fledged view for an application, like say phpBB.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Zend authentication examples

Post by John Cartwright »

Hockey wrote:I've looked at Magento but I don't have the time or patience to make sense out of it's use of Zend. Seems they have their own framework wrapped around Zend called Mage which is just creating additional indirection for me to struggle with.

Anyways, I'm curious to see how others implement authentication (maybe authorization as well) while using Zend.

1. Submit login FORM to login controller -- which then redirects/forwards you to a dashboard

This much is pretty obvious but during this action I assume you also store a SESSION value indicating access levels (ACL) or userid indicating basic authorization?

The next page refresh, where do you check this SESSION value to determine whether you should redirect to login screen or not?

Obviously this should be centralized as it doesn't make sense to check for a basic SESSION in each controller invoked. Likewise, what about advanced authroization? Do you check permissions/roles/whatever inside each action for really fine grained access control?

I'd like to see a clean cut, simple example of a Zend controller action or two which demonstrates what a typical action might look like when generating a full fledged view for an application, like say phpBB.
If your going the ACL route, I wrote plugin awhile back that I never really got around to finishing/implementing.

viewtopic.php?f=19&t=66427&p=374049#p374049
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Re: Zend authentication examples

Post by Maugrim_The_Reaper »

My blog has a series of tutorial level posts on various ZF subjects - all were written within a real development process (me, writing a replacement blog I can hack on without dealing with the procedural crap plaguing the usual blogging platforms).

There's a really simple login/ACL example in there somewhere.
Post Reply