PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Fri Nov 28, 2014 11:38 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Fri Jul 04, 2008 3:09 am 
Offline
DevNet Evangelist

Joined: Tue Dec 21, 2004 6:00 pm
Posts: 6259
Location: Winnipeg
I've looked at Magento but I don't have the time or patience to make sense out of it's use of Zend. Seems they have their own framework wrapped around Zend called Mage which is just creating additional indirection for me to struggle with.

Anyways, I'm curious to see how others implement authentication (maybe authorization as well) while using Zend.

1. Submit login FORM to login controller -- which then redirects/forwards you to a dashboard

This much is pretty obvious but during this action I assume you also store a SESSION value indicating access levels (ACL) or userid indicating basic authorization?

The next page refresh, where do you check this SESSION value to determine whether you should redirect to login screen or not?

Obviously this should be centralized as it doesn't make sense to check for a basic SESSION in each controller invoked. Likewise, what about advanced authroization? Do you check permissions/roles/whatever inside each action for really fine grained access control?

I'd like to see a clean cut, simple example of a Zend controller action or two which demonstrates what a typical action might look like when generating a full fledged view for an application, like say phpBB.


Top
 Profile  
 
PostPosted: Fri Jul 04, 2008 3:25 am 
Offline
Site Admin
User avatar

Joined: Tue Dec 23, 2003 3:10 am
Posts: 11470
Location: Toronto
Hockey wrote:
I've looked at Magento but I don't have the time or patience to make sense out of it's use of Zend. Seems they have their own framework wrapped around Zend called Mage which is just creating additional indirection for me to struggle with.

Anyways, I'm curious to see how others implement authentication (maybe authorization as well) while using Zend.

1. Submit login FORM to login controller -- which then redirects/forwards you to a dashboard

This much is pretty obvious but during this action I assume you also store a SESSION value indicating access levels (ACL) or userid indicating basic authorization?

The next page refresh, where do you check this SESSION value to determine whether you should redirect to login screen or not?

Obviously this should be centralized as it doesn't make sense to check for a basic SESSION in each controller invoked. Likewise, what about advanced authroization? Do you check permissions/roles/whatever inside each action for really fine grained access control?

I'd like to see a clean cut, simple example of a Zend controller action or two which demonstrates what a typical action might look like when generating a full fledged view for an application, like say phpBB.


If your going the ACL route, I wrote plugin awhile back that I never really got around to finishing/implementing.

viewtopic.php?f=19&t=66427&p=374049#p374049


Top
 Profile  
 
PostPosted: Fri Jul 04, 2008 6:21 am 
Offline
DevNet Master
User avatar

Joined: Tue Nov 02, 2004 6:43 am
Posts: 2704
Location: Ireland
My blog has a series of tutorial level posts on various ZF subjects - all were written within a real development process (me, writing a replacement blog I can hack on without dealing with the procedural crap plaguing the usual blogging platforms).

There's a really simple login/ACL example in there somewhere.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group