Authenticating with Zend Framework Made Easy
The Zend Framework provides the ability to use Basic or Digest authentication using an Http file adapter. My friend Jac Wright (jacwright.com) and I have created a set of classes that allow you to perform this same authentication using a database table. The classes are actually really easy to use.
The primary class, Zest_Auth_Db, follows a similar API to that of Zend_Auth_Adapter_DbTable. I have found it best practice to authenticate the entire controller in the init() function, treating the entire controller as a resource. If authentication fails, then the action should not be called.
Setup
To use Zest_Auth_Db, you’ll first need to create a database with a table to authenticate against. I generally use a database like MySQL with this solution. In this example I am not. The following code creates an adapter for an in-memory database, creates a simple table schema, and inserts a row against which we can perform an authentication query later. This example requires the PDO SQLite extension to be available:
// Create an in-memory SQLite database connection $dbAdapter = new Zend_Db_Adapter_Pdo_Sqlite(array('dbname' => ':memory:')); // Build a simple table creation query $sqlCreate = 'CREATE TABLE [users] (' . '[id] INTEGER NOT NULL PRIMARY KEY, ' . '[username] VARCHAR(50) UNIQUE NOT NULL, ' . '[password] VARCHAR(32) NULL, ' . '[real_name] VARCHAR(150) NULL)'; // Create the authentication credentials table $dbAdapter->query($sqlCreate); // Build a query to insert a row for which authentication may succeed $sqlInsert = "INSERT INTO users (username, password, real_name) " . "VALUES ('my_username', 'my_password', 'My Real Name')"; // Insert the data $dbAdapter->query($sqlInsert); |
Usage
To authenticate against the Db you will create an instance of Zest_Auth_Db and setup the proper credentials.
// Create an Http Config $httpConfig = new Zest_Auth_Http_Config('My Protected Area'); // Create an instance of Zest_Auth_Db, pass in a Db Adapter // that contains the table to authenticate the credentials // against $authDb = new Zest_Auth_Db($dbAdapter); // Setup the following mandatory parameters required for authentication $authDb ->setHttpConfig($httpConfig) ->setTableName('users') ->setIdentityColumn('username') ->setCredentialColumn('password') ->setRequest($this->_request) ->setResponse($this->_response); /* @var $result Zend_Auth_Result */ $result = $authDb->authenticate(); // Check if authentication is valid if($result->isValid()) { // authentication success $user = $authDb->getResultRowObject(); echo $user->real_name; // Output: // 'My Real Name' } else { echo 'FAILED'; // throw a 404 error } |
Now when you go to the controller, the authentication window will appear in the browser.
You can download the source here, http://code.google.com/p/zest-zf/. It contains documented code and a demo Controller you should be able to throw into your Zend Framework project to test.
