讲述Zend 的权限和身份验证的综合应用.
思路如下:
setModule()
浏览器地址Zend_Controller_Front registerPlugin setController()
setAction()
registerPlugin载入的插件处理程序将完成权限判断后定义程序的流程.
代码详解:
主文件(index.php)
$dbconfig = array(
‘type’ => ‘PDO_MYSQL’,
‘db’ => array(
‘host’ => ‘localhost’,
‘username’ => ‘root’,
‘password’ => ‘123456’,
‘dbname’ => ‘zend’
)
);
//创建一个数据库连接先
$db = Zend_Db::Factory($dbconfig[‘type’], $dbconfig[‘db’]);
$acl = new MyAcl(); //创建了一个MyAcl对象. MyAcl内完成分配权限功能.
$auth = Zend_Auth::getInstance();
$frontController = new Zend_Controller_Front();
$frontController->throwException(true);
$frontController->setDefaultDirectory(‘./application/controllers’)
->registerPlugin(new MyAuth($auth, $acl)); //注册一个权限处理和身份验证插件,这个插件将对当前用户进行验证,并判断是否具备权限.并分别对程序的module, controller, action进行定义。
$frontController->dispatch();
这是MyAcl类所有的文件(MyAcl.php)
解释这个文件代码前,先交代一下代码中用到的ini文件.内容如下:
[index]
Index = index:index
Add = index:add
Edit = index:edit
Del = index:del
Login = index:login
Logout = index:logout
对这种格式很熟悉吧, Zend_Config_Ini 载入后,等号左边将为数组的指针, 右边为数组的值.
Class MyAcl extents Zend_Acl {
Function __Construct() {
/*载入ini文件后,将得到一个数组
$config = array(
‘index’ = > ‘index:index’,
‘add’ => ‘index:add’,
‘edit’ => ‘index:edit’,
‘del’ => ‘index:del’,
‘login’ => ‘index:login’,
‘logout’ => ‘index:logout’
)
*/
$config = new Zend_Config_Ini(‘resource.ini’, ‘index’);
Foreach($config as $key => $value) {
$this->add(new Zend_Acl_Resource($value)); //将配置文件中的值添加至资源中.完成了的Acl中的资源设置.
}
$this->addRole(new Zend_Acl_Role(‘guest’)); //分三个权限等级,完成对角色的设置.
$this->addRole(new Zend_Acl_Role(‘editor’), ‘guest’);
$this->addRole(new Zend_Acl_Role(‘admin’));
//分配权限, Zend_Acl 提供allow和deny方法.
$this->deny(‘guest’, null); //初级用户将不具备任何权限.
$this->allow(‘editor’, array(‘index:index’, ‘index:add’, ‘index:edit’, ‘index:del’, array(‘index’,’add’,’edit’,’del’);
$this->allow(‘admin’);
}
}
MyAuth.php
Class MyAuth extents Zend_Controller_Plugins_Abstractor {
Private $_acl;
Private $_auth;
Private $noauth = array(
‘module’ => ‘index’,
‘controller’ => ‘index’
‘action’ => ‘login’
);
Private $nopur = array(
‘module’ => ‘index’,
‘controller’ => ‘index’,
‘action’ => ‘login’
);
/*
获取从主文件index.php 中传递过来的对象参数$auth, $acl
*/
Public function __construct($auth, $acl) {
$this->_auth = $auth;
$this->_acl = $acl;
}
Public function preDispatch(Zend_Controller_Request_Abstractor $request) {
If(!$this->_auth->hasIdentity()) {
$role = $this->_auth->getIdentity()->role;
} else {
$role = ‘guest’;
}
$module = $request->module();
$controller = $request->controller();
$action = $request->action();
$resource = “$controller:$action”;
If(!$this->_acl->has($resource)) {
$resource = null;
}
$if(!$this->_acl->isallowed($role, $resource, $action)) {
/*
没有权限或者没有验证时,分别定义Module Controller Action
*/
If(!$this->_auth->hasIdentity()) {
$module = $noauth[‘module’];
$controller = $noauth[‘controller’];
$action = $noauth[‘action’];
} else {
$module = $nopur[‘module’];
$controller = $nopur[‘controller’];
$action = $nopur[‘action’];
}
$request->setModuleName($module);
$request->setControllerName($controller);
$request->setActionName($action);
}
}
}
身份验证文件代码(login.php)
Function loginAction() {
If($this->_request->isPost()) {
$filter = new Zend_Filter_Striptags();
$username = trim($filter->filter($this->_request->getPost(‘username’));
$password = trim($filter->filter($this->_request->getPost(‘password’));
$db = Zend_Registry::get(‘db’);
$authAdapter = new Zend_Auth_Adapter_DbTable($db, ‘users’, ‘username’, ‘password’);
$authAdapter->setIdentity($username)
->setCredential(md5($password));
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($authAdapter);
If($result->isValid()) {
$data = $authAdapter->getResultRowObject(null, ‘password’);
$auth->getStorage()->write($data);
$this->_redirct(‘/’);
Return;
}
}
}
思路如下:
setModule()
浏览器地址Zend_Controller_Front registerPlugin setController()
setAction()
registerPlugin载入的插件处理程序将完成权限判断后定义程序的流程.
代码详解:
主文件(index.php)
$dbconfig = array(
‘type’ => ‘PDO_MYSQL’,
‘db’ => array(
‘host’ => ‘localhost’,
‘username’ => ‘root’,
‘password’ => ‘123456’,
‘dbname’ => ‘zend’
)
);
//创建一个数据库连接先
$db = Zend_Db::Factory($dbconfig[‘type’], $dbconfig[‘db’]);
$acl = new MyAcl(); //创建了一个MyAcl对象. MyAcl内完成分配权限功能.
$auth = Zend_Auth::getInstance();
$frontController = new Zend_Controller_Front();
$frontController->throwException(true);
$frontController->setDefaultDirectory(‘./application/controllers’)
->registerPlugin(new MyAuth($auth, $acl)); //注册一个权限处理和身份验证插件,这个插件将对当前用户进行验证,并判断是否具备权限.并分别对程序的module, controller, action进行定义。
$frontController->dispatch();
这是MyAcl类所有的文件(MyAcl.php)
解释这个文件代码前,先交代一下代码中用到的ini文件.内容如下:
[index]
Index = index:index
Add = index:add
Edit = index:edit
Del = index:del
Login = index:login
Logout = index:logout
对这种格式很熟悉吧, Zend_Config_Ini 载入后,等号左边将为数组的指针, 右边为数组的值.
Class MyAcl extents Zend_Acl {
Function __Construct() {
/*载入ini文件后,将得到一个数组
$config = array(
‘index’ = > ‘index:index’,
‘add’ => ‘index:add’,
‘edit’ => ‘index:edit’,
‘del’ => ‘index:del’,
‘login’ => ‘index:login’,
‘logout’ => ‘index:logout’
)
*/
$config = new Zend_Config_Ini(‘resource.ini’, ‘index’);
Foreach($config as $key => $value) {
$this->add(new Zend_Acl_Resource($value)); //将配置文件中的值添加至资源中.完成了的Acl中的资源设置.
}
$this->addRole(new Zend_Acl_Role(‘guest’)); //分三个权限等级,完成对角色的设置.
$this->addRole(new Zend_Acl_Role(‘editor’), ‘guest’);
$this->addRole(new Zend_Acl_Role(‘admin’));
//分配权限, Zend_Acl 提供allow和deny方法.
$this->deny(‘guest’, null); //初级用户将不具备任何权限.
$this->allow(‘editor’, array(‘index:index’, ‘index:add’, ‘index:edit’, ‘index:del’, array(‘index’,’add’,’edit’,’del’);
$this->allow(‘admin’);
}
}
MyAuth.php
Class MyAuth extents Zend_Controller_Plugins_Abstractor {
Private $_acl;
Private $_auth;
Private $noauth = array(
‘module’ => ‘index’,
‘controller’ => ‘index’
‘action’ => ‘login’
);
Private $nopur = array(
‘module’ => ‘index’,
‘controller’ => ‘index’,
‘action’ => ‘login’
);
/*
获取从主文件index.php 中传递过来的对象参数$auth, $acl
*/
Public function __construct($auth, $acl) {
$this->_auth = $auth;
$this->_acl = $acl;
}
Public function preDispatch(Zend_Controller_Request_Abstractor $request) {
If(!$this->_auth->hasIdentity()) {
$role = $this->_auth->getIdentity()->role;
} else {
$role = ‘guest’;
}
$module = $request->module();
$controller = $request->controller();
$action = $request->action();
$resource = “$controller:$action”;
If(!$this->_acl->has($resource)) {
$resource = null;
}
$if(!$this->_acl->isallowed($role, $resource, $action)) {
/*
没有权限或者没有验证时,分别定义Module Controller Action
*/
If(!$this->_auth->hasIdentity()) {
$module = $noauth[‘module’];
$controller = $noauth[‘controller’];
$action = $noauth[‘action’];
} else {
$module = $nopur[‘module’];
$controller = $nopur[‘controller’];
$action = $nopur[‘action’];
}
$request->setModuleName($module);
$request->setControllerName($controller);
$request->setActionName($action);
}
}
}
身份验证文件代码(login.php)
Function loginAction() {
If($this->_request->isPost()) {
$filter = new Zend_Filter_Striptags();
$username = trim($filter->filter($this->_request->getPost(‘username’));
$password = trim($filter->filter($this->_request->getPost(‘password’));
$db = Zend_Registry::get(‘db’);
$authAdapter = new Zend_Auth_Adapter_DbTable($db, ‘users’, ‘username’, ‘password’);
$authAdapter->setIdentity($username)
->setCredential(md5($password));
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($authAdapter);
If($result->isValid()) {
$data = $authAdapter->getResultRowObject(null, ‘password’);
$auth->getStorage()->write($data);
$this->_redirct(‘/’);
Return;
}
}
}