Zend framework tutorial: logging in

Know that the network has a lot of such tutorials, but I also know that ZF is very difficult at the start, but then... everything is clear and easy.
I would like to facilitate this first stage those who are still only in the beginning.

For authorization, we need of course the finished users table — at least two fields, userName and passwordMD5.
passwordMD5 is immediately clear that stores the password in an implicit way, what would someone not stolen at one point.

1. Make a login form.

<?php

class Form_Login extends Zend_Form
{

public function init()
{

// post method
$this->setMethod('post');

$this->addElement('text' 'userName', array(
'label' => 'username:'
'filters' => array('StringTrim')
));
$el = $this->getElement('userName');
$el->setRequired(true)
- >addValidators(array(
array('NotEmpty' true, array('messages' => array(
'isEmpty' => 'user name is mandatory.'
)))));


$this->addElement('password' 'password', array(
'label' => 'Password:'
));
$el = $this->getElement('password');

$el->setRequired(true)- > addValidators(array(
array('NotEmpty' true, array('messages' => array(
'isEmpty' => 'password cannot be empty!'
)))));

$this->addElement('submit' 'login', array(

'label' => 'username'
));
}
}

* This source code was highlighted with Source Code Highlighter.

Put this class in /application/forms(or anywhere)

2. Controller for login.

<?php
class LoginController extends Zend_Controller_Action
{

public function preDispatch()
{
if (Zend_Auth::getInstance()->hasIdentity()) {
return $this->_redirect('/');//suddenly already logged in, redirect to the main
}
}


public function indexAction()
{

$form = $this->_getLoginForm();

if ($this->_request->isPost()) {
$formData = $this->_request->getPost();

if ($form->isValid($formData)) {

$auth = Zend_Auth::getInstance();
$authAdapter = $this->_getAuthAdapter($formData['userName'],$formData['password']);
$result = $auth->authenticate($authAdapter);
if (!$result->isValid()) {
// wrong
$form->setDescription('Incorrect username or password');
$form- > populate($formData);
$this->view->form = $form;
return $this->render('index'); // repaint
}else{

$currentUser = $authAdapter- > getResultRowObject();
Zend_Auth::getInstance()->getStorage()->write( $currentUser);//recorded user in auth, now it's everywhere, accessible - read-only

return $this->_redirect('/');//logged in redirect to the home
}

} else {
$form- > populate($formData);
}
}

$this->view->form = $form;
}

protected _getLoginForm function()
require_once APPLICATION_PATH . '/forms/Login.php';
return new Form_Login();
}

protected function _getAuthAdapter($userName, $userPassword)
{
$authAdapter = new Zend_Auth_Adapter_DbTable(
$registry- > dbAdapter
'user'
'username'
'passwordMD5'
'MD5(?) AND status = "OK"'
);
$authAdapter- > setIdentity($userName)- > setCredential($userPassword);

return $authAdapter;
}

}
?>

* This source code was highlighted with Source Code Highlighter.

Registry::getInstance()->session — session create bootstrap.php and gently thrust in our object registry.

$configuration = new Zend_Config(require APPLICATION_PATH . '/config/config.php');
$dbAdapter = Zend_Db::factory($configuration->database);
Zend_Db_Table_Abstract::setDefaultAdapter($dbAdapter);
$registry = Zend_Registry::getInstance();
$registry- > configuration = $configuration;
$registry- > dbAdapter = $dbAdapter;
$registry->session = new Zend_Session_Namespace();

* This source code was highlighted with Source Code Highlighter.

I think there is nothing to chew, all so clear. I think there are other authentication methods, but this suits me completely.

Remember me?

What would your user remember the system only need to add components on the form(you know what) and if the user has our Selaginella to call this code:

Zend_Session::rememberMe(1209600);//here everyone decides for themselves how much

After login access to the object user can be done anywhere in your code thus:

$auth = Zend_Auth::getInstance()->getIdentity();

But here it is — when you try to change some property of this object and save it immediately get oshibku
Cannot save a Row unless it is connected

It turns out we recorded the object in the session, and after that it's just an object and the connection he had lost.

For this I made a very simple solution.
Create plugin class:

<?php
class CheckLoginPlugin extends Zend_Controller_Plugin_Abstract
{
protected $_userModel;

public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request){
$auth = Zend_Auth::getInstance();
$user = $auth- > getIdentity();
$model = $this->_getUserModel();
$auth->getStorage()->write($model- > getUserById($user->id));

}

public _getUserModel function(){
if (null === $this->_userModel) {
require_once APPLICATION_PATH . '/models/User.php';
$this->_userModel = new Model_User();
}
return $this->_userModel;
}

}
?>

* This source code was highlighted with Source Code Highlighter.

Plug-in plug-in bootstrap.php

require_once 'My/Plugin/CheckLoginPlugin.php';
$frontController- > registerPlugin(new CheckLoginPlugin());

* This source code was highlighted with Source Code Highlighter.

This plugin just refreshes the object from the database each time you call the page. Of course this can be done only if necessary who as saves of matches I have enough :)

PS — of course the example can contain some mistakes(logic), take it as pseudocode, but with minimal knowledge in PHP I think it will be easy to fix.

you can also make authorization for the zend program using OpenID

Article based on information from habrahabr.ru