讲述Zend 的权限和身份验证的综合应用

讲述Zend 的权限和身份验证的综合应用.

思路如下:

setModule()

浏览器地址Zend_Controller_Front registerPlugin setController()

setAction()

registerPlugin载入的插件处理程序将完成权限判断后定义程序的流程.



代码详解:

主文件(index.php)

$dbconfig = array(

‘type’ => ‘PDO_MYSQL’,

‘db’ => array(

‘host’ => ‘localhost’,

‘username’ => ‘root’,

‘password’ => ‘123456’,

‘dbname’ => ‘zend’

)

);

//创建一个数据库连接先

$db = Zend_Db::Factory($dbconfig[‘type’], $dbconfig[‘db’]);

$acl = new MyAcl(); //创建了一个MyAcl对象. MyAcl内完成分配权限功能.

$auth = Zend_Auth::getInstance();

$frontController = new Zend_Controller_Front();

$frontController->throwException(true);

$frontController->setDefaultDirectory(‘./application/controllers’)

->registerPlugin(new MyAuth($auth, $acl)); //注册一个权限处理和身份验证插件,这个插件将对当前用户进行验证，并判断是否具备权限.并分别对程序的module, controller, action进行定义。

$frontController->dispatch();



这是MyAcl类所有的文件(MyAcl.php)

解释这个文件代码前，先交代一下代码中用到的ini文件.内容如下:



[index]

Index = index:index

Add = index:add

Edit = index:edit

Del = index:del

Login = index:login

Logout = index:logout



对这种格式很熟悉吧, Zend_Config_Ini 载入后，等号左边将为数组的指针， 右边为数组的值.

Class MyAcl extents Zend_Acl {

Function __Construct() {

/*载入ini文件后，将得到一个数组

$config = array(

‘index’ = > ‘index:index’,

‘add’ => ‘index:add’,

‘edit’ => ‘index:edit’,

‘del’ => ‘index:del’,

‘login’ => ‘index:login’,

‘logout’ => ‘index:logout’

)

*/

$config = new Zend_Config_Ini(‘resource.ini’, ‘index’);

Foreach($config as $key => $value) {

$this->add(new Zend_Acl_Resource($value)); //将配置文件中的值添加至资源中.完成了的Acl中的资源设置.

}

$this->addRole(new Zend_Acl_Role(‘guest’)); //分三个权限等级,完成对角色的设置.

$this->addRole(new Zend_Acl_Role(‘editor’), ‘guest’);

$this->addRole(new Zend_Acl_Role(‘admin’));



//分配权限, Zend_Acl 提供allow和deny方法.

$this->deny(‘guest’, null); //初级用户将不具备任何权限.

$this->allow(‘editor’, array(‘index:index’, ‘index:add’, ‘index:edit’, ‘index:del’, array(‘index’,’add’,’edit’,’del’);

$this->allow(‘admin’);

}

}





MyAuth.php



Class MyAuth extents Zend_Controller_Plugins_Abstractor {

Private $_acl;

Private $_auth;

Private $noauth = array(

‘module’ => ‘index’,

‘controller’ => ‘index’

‘action’ => ‘login’

);

Private $nopur = array(

‘module’ => ‘index’,

‘controller’ => ‘index’,

‘action’ => ‘login’

);

/*

获取从主文件index.php 中传递过来的对象参数$auth, $acl

*/

Public function __construct($auth, $acl) {

$this->_auth = $auth;

$this->_acl = $acl;

}

Public function preDispatch(Zend_Controller_Request_Abstractor $request) {

If(!$this->_auth->hasIdentity()) {

$role = $this->_auth->getIdentity()->role;

} else {

$role = ‘guest’;

}

$module = $request->module();

$controller = $request->controller();

$action = $request->action();

$resource = “$controller:$action”;

If(!$this->_acl->has($resource)) {

$resource = null;

}



$if(!$this->_acl->isallowed($role, $resource, $action)) {

/*

没有权限或者没有验证时，分别定义Module Controller Action

*/

If(!$this->_auth->hasIdentity()) {

$module = $noauth[‘module’];

$controller = $noauth[‘controller’];

$action = $noauth[‘action’];

} else {

$module = $nopur[‘module’];

$controller = $nopur[‘controller’];

$action = $nopur[‘action’];

}

$request->setModuleName($module);

$request->setControllerName($controller);

$request->setActionName($action);

}

}

}







身份验证文件代码(login.php)



Function loginAction() {

If($this->_request->isPost()) {

$filter = new Zend_Filter_Striptags();

$username = trim($filter->filter($this->_request->getPost(‘username’));

$password = trim($filter->filter($this->_request->getPost(‘password’));



$db = Zend_Registry::get(‘db’);

$authAdapter = new Zend_Auth_Adapter_DbTable($db, ‘users’, ‘username’, ‘password’);

$authAdapter->setIdentity($username)

->setCredential(md5($password));

$auth = Zend_Auth::getInstance();

$result = $auth->authenticate($authAdapter);

If($result->isValid()) {

$data = $authAdapter->getResultRowObject(null, ‘password’);

$auth->getStorage()->write($data);

$this->_redirct(‘/’);

Return;

}

}

}