(English) Refactoring the ZF Secure Login example with Zend_Application
Posted: ottobre 22nd, 2009 | Author: enrico | Filed under: Zend Framework | Tags: md5, PHP, refactoring, Zend Framework, Zend_Application | 17 Comments »Ci spiace, ma questo articolo è disponibile soltanto in English.
I am new to zend framework, how do I create a bootstrap to put in index.php in the root folder?
You can use the Zend_Application class and run the bootstrap method of it.
For instance:
$application = new Zend_Application(
APPLICATION_ENV,
APPLICATION_PATH . ‘/configs/application.ini’
);
$application->bootstrap()->run();
where application.ini contains all the configurations of the application. You can see the source of my example.
I couldn’t get your example code to work without adding the following to the IndexController submitAction:
$session = Zend_Registry::get(‘session’);
I’m not sure if the $session variable was suppose to be accessible some other way, or if that was just an oversight in the code.
I’m pretty green at ZF. Thanks!
Hi John,
yes you are right, you have to add $sesion= Zend_Registry::get(‘session’); in the sumbitAction. It was an oversight, too many refactoring
I updated the source code, thanks!
The requested URL /index/login was not found on this server.
I am getting this error wen i have installed your source code
You have to check the configuration of your web server. I guess your rewrite rule is not working. If you are using Apache you can read this page: http://framework.zend.com/wiki/display/ZFDEV/Configuring+Your+URL+Rewriter
Hi Enrico,
could you please give me a suggestion where/how to put/invoke code which would check if user is logged and pass this info with a nickname to a layout template and not one view?
For instance, you can insert this code inside the checkSession method of the plugin App_Plugin_SessionCheck of the ZF Secure Login.
Something like this:
public function checkSession () {
$session = Zend_Registry::get(‘session’);
if (empty($session->username)) {
$this->getResponse()->setRedirect(‘/index/login’)->sendResponse();
exit;
} else {
$layout = Zend_Layout::getMvcInstance();
$view= $layout->getView();
$view->logged= “User {$session->username} is logged!”;
}
}
And insert the print of the logged variable in the layout.
Greetings -
I have been teaching myself the Zend Framework and have walked through the Quickstart application provided in the manual. (http://framework.zend.com/manual/en/learning.quickstart.create-model.html) In the portion on creating the model, they use the concept of a “Table Data Gateway” and a “Data Mapper” to map classes to DB tables. I notice that you have not implemented your User model in this way. Is there a reason why?
It does look like a bit more overhead initially, but it seems as though this approach would provide more separation of code and perhaps increase the code’s extensibility and portability.
DNoe
Use of Model is always a good practice because you build your PHP application using a better organization of the code, isolating the business logic from the Controller and from the View. I didn’t use a Model in my example because it didn’t contains business logic. The application is just a “toy example” to show how to build a secure login.
hi, its a very good example…..
but i have one doubt.. why put session into Zend_Registry.. because wherever needed we can create Zend_ Session_Namespace instance and then access its variabe…. because if i have created this instance at any time before then i by recreating its instance i can access those easily….
You are right, you can use Zend_Session_Namespace instead of Zend_Registry to manage directly the session data. The only difference is that using Zend_Registry you instantiate the Zend_Session class only one time.
Hi, very nice example.
But is it possible that the download isn’t working? I tried to download the source but it is damaged.
Hi Sameni,
i just fixed the issue of the download. Now it works.
Thanks for your feedback.
Thank you, worked this time.
do I have to create my own “register”/”signup” form and method for hashing the password?
My question is, does your code only work for login in, not registering?
The code is just for login, in order to create the password you can use the MD5(CONCAT(salt,password)) of MYSQL where salt is the value stored into the password.salt of application.ini and password is the plain text of the password.