Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anthony Wlodarski's Blog:
Node.js and Zend Auth with Sessions stored in the database
Mar 07, 2012 @ 15:50:46

Anthony Wlodarski has posted a quick example of how he shared the sessions from Zend_Auth in his Zend Framework application over with a Node.js server/application.

Recently on a project I had to make changes to a underlying portion of the sites architecture to move sessions in Zend Framework from file storage to database storage. However this affected a piece of the architecture. Node.js, which manages all our real time interaction, looked at sessions at the file level. This was quite a easy transition for the function as it was abstracted away in a function call so the theory was to just replace the function "guts" with a new component.

The post shows the code he came from (which pulled in the PHP session file and extracted the session data manually) over to a new database-based version that selects from the SESSIONS table and pulls out the data. It's based on the table having an "id" column and the Zend_Auth namespace it uses.

tagged: nodejs zendauth sessions platform read tutorial database

Link:

Kevin Schroeder's Blog:
Authentication Using Zend_Amf
Jul 07, 2011 @ 14:39:47

Kevin Schroeder has a new post to his blog today showing how you can use the Zend_Amf component in your Flex+PHP application to authenticate users with the same authentication structure the rest of the application uses.

I forget why, but a few days ago I started doing some digging around with authentication in Zend_Amf_Server. I had figured that I would add an adapter to the Zend_Amf_Server::setAuth() method and that would be it. But I was wrong.

Zend_Auth is used to validate the login information that's passed along and the Zend_Acl checks to see if they have access. To make this work for a connection from Flex, you need to make an authentication adapter and add it (as well as a basic ACL) into your Zend_Amf_Server call.

tagged: zendamf zendacl zendauth authentication tutorial flex

Link:

Chance Garcia's Blog:
Auth/ACL implementation strategies
Aug 10, 2010 @ 17:20:00

In this new post to his blog talks about authentication strategies in Zend Framework applications with the combination of Zend_Acl and Zend_Auth.

I'm going to talk more about ACLs than Auth. Auth is simple, it's the ACL that will trip you up. Since both concepts are coupled together when you're making a login system, I feel it's appropriate to at least touch on Auth. What I want to cover is the ways we can create the ACL object to suit needs based on the scale of the project. I'm going to assume that readers have a passing familiarity with using the Auth and Acl objects and may have even implemented them into projects.

He talks about two things you'd need to consider - scalability (how to define your ACLS: hardcoded, in the navigation object and defined in a database) and working with ACLs in multiple projects.

tagged: zendframework strategy authentication zendauth zendacl

Link:

Rob Allen's Blog:
New Zend_Auth tutorial
Jul 26, 2010 @ 14:06:01

Rob Allen has a new post to his blog today about the update he's made to his Zend_Auth tutorial, introducing the authentication component of the Zend Framework.

After too many months of neglect, I have completely rewritten my Zend_Auth tutorial so that it is compatible with Zend Framework 1.10! As an experiment, I have written it directly in HTML, rather than PDF as before and cover the login form along with the login controller code required to authenticate a user using a database table. For good measure, I've included logging out and a view helper to show how to access the logged in user's details.

The tutorial walks you through the creation of a users table, an auth controller/form and the code needed to validate the user against in information in the table (as well as how to log them out). You can also download the code as a zip file.

tagged: zendauth zendframework tutorial

Link:

Chris Hartjes' Blog:
Testing Controllers Hiding Behind Zend_Auth
Jun 04, 2010 @ 18:13:50

On his blog today Chris Hartjes has a new post about testing your Zend Framework application's functionality that lives behind a Zend_Auth authentication.

The initial problem though was how do I simulate logging in a user so I can see this page, which was protected by authentication using Zend_Auth. So I started my scouring the internet for answers.

I found quite a few examples on how to test a controller, using the $this->dispatch('/path/to/action') method but found that I wasn't getting redirected properly to the post-login page. I was passing proper credentials in and everything. Then finally after deciding to go back to basics and read up on just how to test Zend_Auth. After some swearing a few face-palms, I realized what I had been doing wrong.

He includes the ultimately successful code for the test that uses a "loginUser" method to handle the authentication and ensure that the user is correctly logged in.

tagged: zendframework zendauth controller unittest

Link:

Zend Developer Zone:
How to avoid Identity Theft in Zend Framework with Zend Auth
Mar 05, 2010 @ 16:59:28

On the Zend Developer Zone there's a new tutorial for those using the Zend Framework (and more specifically the Zend_Auth component) on a way that you can prevent identity theft in validating your users.

As I am building my applications, I always try to improve the code I write in some way. Today I thought about the security issues of any PHP application that uses an authenticating system. [...] There is one particular issue that bugged me for some time. The Identity theft - Broken account and session management issue. Why can one so easily still my session id cookie and suddenly gain access to my account in one particular web application?

He shares a class he's developed as a guideline to help your application automatically test to ensure that the information being given by the user is valid. It checks a security level and validates against the user agent and remote IP of the user to ensure they match. These two criteria might not always be the best choices, but it gives you a push in the right direction.

Code is also included to show how to integrate it into your Zend Framework application by loading it into your base controller and using the "hasIdentity" and "hasSecureIdentity" methods to check the user's credentials.

tagged: zendframework tutorial zendauth security

Link:

ZendCasts.com:
Logging in Users using Doctrine and Zend_Auth
Jan 27, 2010 @ 15:38:52

The next ZendCast in the user authentication with the Zend Framework's Zend_Auth has been posted to the ZendCasts.com site today. In this new screencast, they look at how to integrate it with Doctrine to automatically validate users against the information in your databases (following up on this first part of the series).

Here’s the second part of my Doctrine / Zend_Auth example. In 15 minutes, we create a logout, login and protected area that’s reliant on the ZC_Auth_Adapter adapter we created in last week’s video. Notice how there's no code in the IndexController exposing the authentication implementation,

You can grab the code to follow along or build it as he goes. You'll need a copy of Doctrine up and working to keep up, though.

tagged: zendframework zendauth tutorial screencast doctrine

Link:

ZendCasts.com:
Writing a Zend_Auth_Adapter with Doctrine
Jan 25, 2010 @ 15:54:32

New from the ZendCasts.com site today there's this new screencast looking at the integration of the Zend_Auth_Adapter component of the Zend Framework and the Doctrine ORM library to split out the authentication from the persistence layer.

I've been using Doctrine a lot in my own work, and recently found myself itching to have tighter integration between Zend and Doctrine when it comes to user logins. Luckily, Zend provides a very simple interface with regards to Zend_Auth. This way, it's easy to decouple your persistence layer (in my case Doctrine) from the authentication layer.

He also recommends checking out Palo Verede's look at the same topic. You can watch the screencast here and grab the code for it here.

tagged: zendauth adapter doctrine authentication

Link:

Giorgio Sironi's Blog:
Php login with Zend_Auth
Oct 29, 2009 @ 14:23:02

In a new tutorial posted on his blog today Giorgio Sironi looks at the Zend_Auth component of the Zend Framework and how to create a simple login authentication method with it.

Zend_Auth is the component of the Zend Framework which provides a standard authentication mechanism for web applications users. It has few dependencies (on Zend_Loader and on Zend_Session for default persistence of the authentication) and, as other framework components, will let you concentrate on the user experience instead of worrying about boilerplate code.

He talks about how Zend_Auth handles properties internally and how it can make it easier to build out those redundant bits of so many applications you've worked with. He also includes a custom adapter that can directly use PDO to connect to the database and grab the login information it needs (to remove a dependency on Zend_Db).

tagged: login zendframework zendauth tutorial

Link:

Christian Stocker's Blog:
A Twitter Adapter for Zend_Auth
Jul 08, 2009 @ 16:02:16

Christian Stocker has posted an adapter he's created to hook the Zend_Auth component of the Zend Framework into Twitter's authentication system.

From time to time I write some little scripts for my own needs or just to test out new stuff. And I realised, that I blog about it way too little. So here I start with my latest addition: Zend_Auth_Adapter_Twitter. [...] I came up with a Zend_Auth Adapter for Twitter. The integration was pretty easy, but the code is very basic and rough. Nevertheless, it does the job and alongside the Openid Adapter I can offer a federated login for many people already.

You can grab the code and an example of it in action from their SVN server (as well as this library) or just check out the live demo.

tagged: zendauth zendframework adapter twitter

Link:


Trending Topics: