Friday, March 28. 2008Login and Authentication with Zend FrameworkI've fielded a number of questions from people wanting to know how to handle authentication and identity persistence in Zend Framework. The typical issue is that they're unsure how to combine:
It's not terribly difficult, but it does require knowing how the various pieces of the MVC fit together, and how to use Zend_Auth. Let's take a look. Authentication AdapterFor all this to work, you'll need an authentication adapter. I'm not going to go into specifics on this, as the documentation covers them, and your needs will vary based on your site. I will make the assumption, however, that your authentication adapter requires a username and password for authentication credentials. Our login controller will make use of the adapter, but simply have a placeholder for retrieving it. Login FormThe login form itself is pretty simple. You can setup some basic validation rules so that you can prevent a database or other service hit, but otherwise keep things relatively simple. For purposes of this tutorial, we'll define the following criteria:
The form would look like this: class LoginForm extends Zend_Form { public function init() { $username = $this->addElement('text', 'username', array( 'filters' => array('StringTrim', 'StringToLower'), 'validators' => array( 'Alpha', array('StringLength', false, array(3, 20)), ), 'required' => true, 'label' => 'Your username:', )); $password = $this->addElement('password', 'password', array( 'filters' => array('StringTrim'), 'validators' => array( 'Alnum', array('StringLength', false, array(6, 20)), ), 'required' => true, 'label' => 'Password:', )); $login = $this->addElement('submit', 'login', array( 'required' => false, 'ignore' => true, 'label' => 'Login', )); // We want to display a 'failed authentication' message if necessary; // we'll do that with the form 'description', so we need to add that // decorator. $this->setDecorators(array( 'FormElements', array('HtmlTag', array('tag' => 'dl', 'class' => 'zend_form')), array('Description', array('placement' => 'prepend')), 'Form' )); } } Login ControllerNow, let's create a controller for handling login and logout actions. The typical flow would be:
The LoginController will make use of your chosen authentication adapter, as well as the login form. We will pass to the login form constructor the form action and method (since we now know what they will be for this usage of the form). When we have valid values, we'll pass them to our authentication adapter. So, let's create the controller. First off, we'll create accessors for the form and authentication adapter. class LoginController extends Zend_Controller_Action { public function getForm() { return new LoginForm(array( 'action' => '/login/process', 'method' => 'post', )); } public function getAuthAdapter(array $params) { // Leaving this to the developer... // Makes the assumption that the constructor takes an array of // parameters which it then uses as credentials to verify identity. // Our form, of course, will just pass the parameters 'username' // and 'password'. } } Next, we need to do some checking before we dispatch any actions to ensure the following:
The following class LoginController extends Zend_Controller_Action { // ... public function preDispatch() { if (Zend_Auth::getInstance()->hasIdentity()) { // If the user is logged in, we don't want to show the login form; // however, the logout action should still be available if ('logout' != $this->getRequest()->getActionName()) { $this->_helper->redirector('index', 'index'); } } else { // If they aren't, they can't logout, so that action should // redirect to the login form if ('logout' == $this->getRequest()->getActionName()) { $this->_helper->redirector('index'); } } } } Now, we need to do our login form. This is our simplest method -- we simply retrieve the form and assign it to the view: class LoginController extends Zend_Controller_Action { // ... public function indexAction() { $this->view->form = $this->getForm(); } } Processing the form involves slightly more logic. We need to verify that we have a post request, then that the form is valid, and finally that the credentials are valid. class LoginController extends Zend_Controller_Action { // ... public function processAction() { $request = $this->getRequest(); // Check if we have a POST request if (!$request->isPost()) { return $this->_helper->redirector('index'); } // Get our form and validate it $form = $this->getForm(); if (!$form->isValid($request->getPost())) { // Invalid entries $this->view->form = $form; return $this->render('index'); // re-render the login form } // Get our authentication adapter and check credentials $adapter = $this->getAuthAdapter($form->getValues()); $auth = Zend_Auth::getInstance(); $result = $auth->authenticate($adapter); if (!$result->isValid()) { // Invalid credentials $form->setDescription('Invalid credentials provided'); $this->view->form = $form; return $this->render('index'); // re-render the login form } // We're authenticated! Redirect to the home page $this->_helper->redirector('index', 'index'); } } Finally, we can tackle the logout action. This is almost as simple as displaying the login form; we simply clear the identity from the authentication object, and redirect: class LoginController extends Zend_Controller_Action { // ... public function logoutAction() { Zend_Auth::getInstance()->clearIdentity(); $this->_helper->redirector('index'); // back to login page } } Okay, that's it for our login/logout routines. Let's look at the one associated view we have, the form: <? // login/index.phtml ?> <h2>Please Login</h2> <?= $this->form ?>
And that's it. Really. Zend_Form makes view scripts simple. Checking for Authenticated UsersThe last part of the question area is: how do I determine if a user is authenticated, and restrict access if not?
If you look carefully at the Zend_Auth::getInstance()->hasIdentity() You can use this to determine if the user is logged in, and then use the redirector to redirect to the login page if not. You can pull the identity from the auth object as well: $identity = Zend_Auth::getInstance()->getIdentity(); This could be sprinkled into a helper to show login status in your layout, for instance: /** * ProfileLink helper * * Call as $this->profileLink() in your layout script */ class My_View_Helper_ProfileLink { public $view; public function setView(Zend_View_Interface $view) { $this->view = $view; } public function profileLink() { $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $username = $auth->getIdentity()->username; return '<a href="/profile' . $username . '">Welcome, ' . $username . '</a>'; } return '<a href="/login">Login</a>'; } } Conclusion
Comments
Display comments as
(Linear | Threaded)
First of all I'd like to say thanks for your contributions to the ZF, I'm loving it so far.
I'm currently in the process of building a prototype using several pieces of the ZF, although it's not currently using Zend_Auth. I'm authenticating against SOAP web service, which I suppose could be implemented with an Auth_Adapter, but I haven't gone down that road yet. What I did do is create a Controller_Plugin which listens for a login (by checking the POST data) and handles it appropriately; or if no login is provided checks if the user is authenticated and handles that response properly. This makes it so the user can get linked to http://example.com/wherever/they/want and if they are not logged in I set the route to the login page, where the form simply posts back to itself so the user will login and automatically be where they tried to get in the first place. This is my first whack at the ZF... but I'm very much looking forward into getting to know it more intimately. The MVC+Layout, OpenID, and Translate pieces are phenomenal. Thanks again, and keep up the good work! If I'm able to push my prototype into production hopefully I can provide a case study for you guys or something.... I'll be going to battle with a home-baked Java framework, so wish me luck  init() was added in 1.5.1, and is called in __construct() prior to loading the default decorators.
The code in public function processAction() still shows the uncorrected way, I think you forgot to update something
#12.1.1.1.1
Arnaud
on
2008-04-01 03:06
(Reply)
what about checking user-login on the Plugin?
in most applications, you would want to restrict pages instead of just showing the "profile link" of the currently logged in user. i would have a plugin that looks something like this: public function preDispatch(Zend_Controller_Request_Abstract $request) { try { $controllerName = $this->getRequest()->getControllerName(); $frontController = Zend_Controller_Front::getInstance(); $user = Zend_Auth::getInstance()->getIdentity(); if ($controllerName=='index' OR $controllerName=='auth') { return true; } if(!isset($user)) { throw new Exception(); } } catch (Exception $e) { $this->getResponse()->setHttpResponseCode(403); $request->setControllerName('error'); $request->setActionName('noaccess'); } } } one could do additional ACL checking within the plugin. the great thing about using a plugin is that whenever you need to make changes with your ACL (or something), all you have to do is to edit the plugin. this is really helpful for me because i used to put a function in the preDispatch() of every Controller to check user-login. if i need to make changes, i would have to edit all of the controllers... thanks again for the post Matthew! Thanks!
Can't wait for the next post regarding Zend_Acl  Hello Matthew,
First I like to thank you very much for posting this. I am very new to Zend Framework moving over from CodeIgnitor. I have two requests 1) Can you provide us with the file and folder structure? 2) It seams the only thing missing to make this a working example is the db. Could you use an array with key username and value password? Something like $users = array('matthew'=>'1234', 'tanya'=>'4321', 'john'=>'5678', 'troy'=>'8765'); Best would be a working example of this in a zip file or google svn using sqlile as the db. You know what if you do get me going by providing the above I will create the svn for you, which ever you prefer. How is that? Took me while but after searching for Zend Framework and authentication etc I landed on this perfect cut'n'paste page
Also, NEW to ZF and just need the last missing piece to start reviewing the code and understand the structure of this. So, above there is a gap when calling the getAuthAdapter. What should this return ? My plan is to (within a year or so ) use MySql for storage of the credentials but I would really appreciate just an example.Thank you, Bjorn Hello all!
I see that there is a lot of compliments about this Tutorial, and i would like to say that all efforts mathew does are very appreciated. There is a simple point of view i would like to add. Lets say, that i am noob at ZF, and that i have not fully clear picture of what ZF does. Official documetation is so confusing. I am not native speaker and hardly can understand what that documentation is used for anyway. So the only way to really learn and to really use ZF is to learn thru tutorial here and there. Mathew i am sure that you have spent a few hours writing this tutorial but i simply cant make it work. 1. class LoginForm extends Zend_Form - whats that? how to name that file and where to save it? I cant continue cause i am stucked on the first point Also there is a feeling that i just jumped in the middle of something and that there is no beggining(i mean on application structure and bootstrap file..) and no end of this tutorial. Tbh, i am not able to learn nothing from this tutorial, and as i sadi, or i did not, i am noob in use of ZF Thank you for your swift reply.. You are absoultely in right, i was just miss somehow include path explained in previous post and want to apologize for bad i made
I make it works now. Thank you Matt! First off let me say, as many others have, Thank You. I'm a noob to the Zend Framework, though not so much to PHP, and am finding that I really like it. Resources like this make it much more enjoyable to learn.
Of course I do have a question In the LoginController, in the getForm function you specify the action to take when submitting the form, the problem is that I'm not running a Virtual Server for this app, nor am I running in the server's document root, so the action of course cannot be completed (404). My question is, how do I change this to something relative to the app? I've tried using $this->baseUrl().'/login/process', but it returns an error saying: "Fatal error: Uncaught exception 'Zend_Controller_Action_Exception' with message 'Method "baseUrl" does not exist and was not trapped in __call()' in...." Changing the action to just 'process' results in: "Fatal error: Uncaught exception 'Zend_Controller_Dispatcher_Exception' with message 'Invalid controller specified (process)' in...." So I'm at a tad bit of a loss here. Your help is greatly appreciated. Thanks! That did it. Now I'm off to figure out Zend_Auth_Adapter_DbTable
Great tutorial! But I have one question - why everytime we want to use Zend_Auth we're getting instance of it? Can't we just use Zend_Auth as fully static class, eg: Zend_Auth::getIdentity(); instead of Zend_Auth::getInstance()->getIdentity();?
I understand it can be a pretty lame question... (and sorry for my poor english...) Add Comment
|
CalendarQuicksearchLinks
ArchivesCategoriesSyndicate This BlogShow tagged entries |
Matthew Weier O?Phinney w swoim blogu zaprezentowa? bardzo ciekawy przyk?ad wykorzystania Zend_Auth i Zend_Form w celu autoryzacji i autentyfikacji u?ytkownik
Tracked: Mar 29, 07:53
Login and Authentication with Zend Framework - phly, boy, phly
Tracked: Mar 29, 10:15