I've recently started working with Zend Framework and I've absolutely fallen in love with it and I've even decommissioned my own framework in favour of it.
But I'm missing something that is probably so painfully obvious you'll chuckle a little bit.
I have a login system and in every controller I have to put the check for the login status, I had a look at accessing the Zend Session Storage in the Bootstrap but I'm on bit of a deadline and can't afford to waste time, is there a better way to check IE in the bootstrap? instead of repeating 20+ lines of code and functionality in every controller.
Thanks in advance!
You can use a controller plugin for this. See: http://framework.zend.com/manual/en/zend.controller.plugins.html
class Your_Plugin_Login extends Zend_Controller_Plugin_Abstract
{
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if (!Zend_Auth::getInstance()->hasIdentity()) {
// send the user to the login page
$request->setControllerName('login')
->setActionName('login');
}
}
}
replace the controller/action names with whatever is appropriate for your login page, and 'Your' with your application's namespace.
You then register the plugin with the Front controller either in application.ini or in your bootstrap with Zend_Controller_Front::getInstance()->registerPlugin(new Your_Plugin_Login());.
Edit: If you want to put the user details in the view as well, you can do:
$layout = Zend_Layout::getMvcInstance();
$view = $layout->getView();
$view->user = Zend_Auth::getIdentity();
You can write your own controller that inherits from Zend Controller (call it e.g. DaveMac_Controller - you can define the prefix in the app's config file so that the app can autoload it (and you need to be careful with which directory you save your class in)). In this class's construct function run the check for authentication. Then change all your page's controllers to inherit from DaveMac_Controller rather than the default zend one.
If I was at home I could copy and paste some code as an example, but at work right now so hopefully the above outline is enough.
*edit Good ol' dropbox :)
application.ini
includePaths.library = APPLICATION_PATH "/../library"
autoloaderNamespaces[] = "DaveMac_"
/../library/DaveMac/Controller/Action.php
<?php
class DaveMac_Controller_Action extends Zend_Controller_Action {
protected $acl;
protected $user;
protected $userRole;
public function init() {
//retrieve and store user details
$auth = Zend_Auth::getInstance();
if($auth->hasIdentity()){
$user = $auth->getIdentity();
$this->user = $user;
$this->view->user = $user;
$this->userRole = $user->role;
} else {
$this->userRole = "guest";
}
//Initialise access control list
$this->acl = new DaveMac_Acl();
}
protected function checkAuth($pageLevel, $redirect = "/") {
if($this->user) {
if(!$this->acl->isAllowed($this->userRole, $pageLevel)) {
$this->_redirect($redirect);
}
} else if ($pageLevel != DaveMac_Resources::PUBLIC_ONLY_PAGE) {
$this->_redirect('/login/returnurl/' . str_replace('/','-',$this->getRequest()->getRequestUri()));
}
}
}
You will probably already have your own functioms fdor checking authentication, but I thought I'd leave mine in anyway
Related
In my Zend application there is a layout file used in multiple modules. Now i need to retrieve data from database (table gateway) and display on layout. Then it should appear across all the modules.
How do i achieve that ?
Ex -
<?php echo $user_name; ?>
Value for $user_name should be taken from database and pass to layout file.
you dont have to set it in every controller. You could just attach it to a layout variable in your module.php.
public function onBootstrap(MvcEvent $e)
{
$sm = $e->getApplication()->getServiceManager();
$tableWhatever = $sm->get('tableWhatever');
$viewModel = $e->getApplication()->getMvcEvent()->getViewModel();
$viewModel->userName = $tableWhatever->getUserName();
}
Depending on the zf2 version you may have to access the variable in your layout like so:
$this->layout()->userName;
You also have the possibility to extend the AbstractActionController and add the layout variables trough that. I usually just go with the quick onBootstrap method though.
I believe, in Zend, your controller(s) will want:
$this->view->assign('variableName', 'variableValue');
And in your view(s), you will want:
$this->variableName;
You could use Zend Plugin to achieve something like that, like:
class MyPlugin extends Zend_Controller_Plugin_Abstract {
public function preDispatch(Zend_Controller_Request_Abstract $request) {
// Get instance
$layout = Zend_Layout::getMvcInstance();
$view = $layout->getView();
$view->user_name = 'your_username';
}
}
and register your plugin in frontController:
Zend_Controller_Front::getInstance()->registerPlugin(new MyPlugin());
then in layout , you could do:
<?php echo $this->user_name; ?>
I have a number of authentication components that extend the BaseAuthenticate class. These are setup in the AppController in the normal way.
Is it possible for an authentication component to alter the AuthComponent's loginRedirect variable?
To clarify the situation, one of my authentication components looks at a certain subset of users. It checks to see if the credentials are valid before checking to see if that person has any outstanding invoices. Depending on the outstanding value, I'd like to redirect the user to a given page or block them out altogether.
Thanks
Yes it's possible. The AuthComponent's redirect location is just a session variable (so technically it can be set anywhere).
To change the redirect location, you can set it manually:
$this->Session->write('Auth.redirect', 'http://example.com');
On the next request, they will be redirected by the AuthComponent.
Or, have your component redirect them then and there:
$this->_Collection->getController()->redirect('http://example.com');
A big thanks to #jerermyharris for pushing me in the right direction. Here goes with what I ended up doing.
1. Extended the AuthComponent
App::uses('AuthComponent', 'Controller/Component');
class MyAuthComponent extends AuthComponent {
var $components = array('Session');
public function identify(CakeRequest $request, CakeResponse $response) {
if (empty($this->_authenticateObjects)) {
$this->constructAuthenticate();
}
foreach ($this->_authenticateObjects as $auth) {
$result = $auth->authenticate($request, $response);
if (!empty($result) && is_array($result)) {
if(isset($result['Redirect']))
{
$this->Session->write('Auth.redirect', $result['Redirect']);
}
return $result;
}
}
return false;
}
}
2. Add this the AppController components
public $components = array(
'Auth' => array(
'className' => 'MyAuth',
)
);
Add this bit around whatever other definitions you have for your AuthComponent.
3. Return a redirect from your authentication component
App::uses('BaseAuthenticate', 'Controller/Component/Auth');
class TutorAuthenticate extends BaseAuthenticate {
public function authenticate(CakeRequest $request, CakeResponse $response) {
$user = ...... // However you authenticate your user
$user['Redirect'] = "http://example.com";
return $user;
}
}
So now if you want to redirect based on the user you can just add it in, if you don't then cake will obey the directives you set up in AppController.
Wow, that seems like I've had to do loads extra, but it's the right thing to do.
I have this thing that I need in multiple places:
public function init()
{
$fbLogin = new Zend_Session_Namespace('fbLogin'); #Get Facebook Session
if(!$fbLogin->user) $this->_redirect('/'); #Logout the user
}
These two lines:
$fbLogin = new Zend_Session_Namespace('fbLogin'); #Get Facebook Session
if(!$fbLogin->user) $this->_redirect('/'); #Logout the user
Whats the best way to do it in ZendFramework?To create a plugin or? I mean I want to execute it in multiple places but If I need to edit it I want to edit it in one place.
Here is an example of an Action Helper that you can call from your controllers easily.
<?php
class My_Helper_CheckFbLogin extends Zend_Controller_Action_Helper_Abstract
{
public function direct(array $params = array())
{
// you could pass in $params as an array and use any of its values if needed
$request = $this->getRequest();
$view = $this->getActionController()->view;
$fbLogin = new Zend_Session_Namespace('fbLogin'); #Get Facebook Session
if(!$fbLogin->user) {
$this->getActionController()
->getHelper('redirector')
->gotoUrl('/'); #Logout the user
}
return true;
}
}
In order to use it, you have to tell the helper broker where it will live. Here is an example code you can put in the bootstrap to do so:
// Make sure the path to My_ is in your path, i.e. in the library folder
Zend_Loader_Autoloader::getInstance()->registerNamespace('My_');
Zend_Controller_Action_HelperBroker::addPrefix('My_Helper');
Then to use it in your controller:
public function preDispatch()
{
$this->_helper->CheckFbLogin(); // redirects if not logged in
}
It doesn't go into much detail, but Writing Your Own Helpers is helpful as well.
If you need this check in every Controller you could even set up a baseController from which you extend instead of the default one:
class My_Base_Controller extends Zend_Controller_Action
{
public function init()
{ ...
class IndexController extends My_Base_Controller
{ ...
Shift your init() into the base controller and you don't need to repeat yourself in every specific controller.
Need a varying init() in a specific controller?
class FooController extends My_Base_Controller
{
public function init()
{
parent::init();
...
I'm working on my first user login in Zend Framework, but I'm a little confused with Zend_Auth. All the articles I read about it use it directly in the controller. But to me, it makes more sense, to work as a plugin
What do you guys think?
You can use it as a plugin, the only downside is that if you initialize the plugin in your bootstrap, then the plugin will be executed for every controller and action, since it would have to run before your controller.
You could extend Zend_Auth and add extra methods to set up the auth adapter and manage the storage, and then you can just call Your_Custom_Auth::getInstance() to get the auth instance and then you can check for auth in the preDispatcth() part of your controllers that need auth.
This way you can easily work with zend_auth in multiple places with less code
<?php
class My_User_Authenticator extends Zend_Auth
{
protected function __construct()
{}
protected function __clone()
{}
public static function getInstance()
{
if (null === self::$_instance) {
self::$_instance = new self();
}
return self::$_instance;
}
// example using zend_db_adapter_dbtable and mysql
public static function getAdapter($username, $password)
{
$db = Zend_Controller_Front::getInstance()
->getParam('bootstrap')
->getResource('db');
$authAdapter = new Zend_Auth_Adapter_DbTable($db,
'accounts',
'username',
'password');
$authAdapter->setIdentity($username)
->setCredential($password)
->setCredentialTreatment(
'SHA1(?)'
);
return $authAdapter;
}
public static function updateStorage($storageObject)
{
self::$_instance->getStorage()->write($storageObject);
}
}
// in your controllers that should be fully protected, or specific actions
// you could put this in your controller's preDispatch() method
if (My_User_Authenticator::getInstance()->hasIdentity() == false) {
// forward to login action
}
// to log someone in
$auth = My_User_Authenticator::getInstance();
$result = $auth->authenticate(
My_User_Authenticator::getAdapter(
$form->getValue('username'),
$form->getValue('password'))
);
if ($result->isValid()) {
$storage = new My_Session_Object();
$storage->username = $form->getValue('username');
// this object should hold the info about the logged in user, e.g. account details
My_User_Authenticator::getInstance()->updateStorage($storage); // session now has identity of $storage
// forward to page
} else {
// invalid user or pass
}
Hope that helps.
"Plugin" in ZF doesn't only mean "front controller plugin", also Action helpers, view helpers...
ZF guru Matthew Weier O'Phinney wrote an excellent article about creating action helpers, and guess what ?..
He illustrates it with an Auth widget !
http://weierophinney.net/matthew/archives/246-Using-Action-Helpers-To-Implement-Re-Usable-Widgets.html
don't forget to read the articles comments, as a lot of interesting Q&A are handled there
So I'm starting up in Zend framework and looking to implement a site-wide "User" session.... something I can easily access from ALL modules/controllers in the application.
I'm like, should I make a new namespace in the library and extend the controller, like:
class MYCUSTOMLIB_Controller_Action extends Zend_Controller_Action
{
protected $_userSession;
function preDispatch(Zend_Controller_Request_Abstract $req)
{
$this->_userSession = new Zend_Session_Namespace('user');
}
}
ANd then have all my controllers/modules/etc extend from that?
Or should I create a Plugin or what? How would you go about making this plugin to pass the user session to the controller?
Or do I do it in the bootstrap?? Again how to pass to controller?
Also should I use Zend_Session_Namespace or Zend_Http_Cookie and also how do I encrypt and xss clean the cookie or is that done automagically?
I would initialise in the bootstrap too:
//Bootstrap.php
protected function _initUserSession()
{
return new Zend_Session_Namespace('user');
}
Then I would use an action helper:
// library/App/Controller/Action/Helper/Session.php
class App_Controller_Action_Helper_Session extends Zend_Controller_Action_Helper_Abstract
{
function direct()
{
return $this->getFrontController()->getParam('userSession');
}
}
You access it in your controller like this:
function indexAction()
{
$session = $this->_helper->session;
}
You should initialize your session in the bootstrap. You can either put it in the Zend_Registry and access it that way or from your controllers you can access your bootstrap by calling $this->getInvokeArg('bootstrap').
// in your controllers
public function init()
{
$bootstrap = $this->getInvokeArg('bootstrap');
$this->_session = $bootstrap->getResource('session');
}