I am a new user for zend framework. For my applications I need to keep track of currently logged in user, to do this I know I have to use zend_Auth and zend_Acl, but I don't know how to do that.
Well then the documentation would be the first place for you.
Zend_Auth: http://framework.zend.com/manual/en/zend.auth.html
Zend_Acl: http://framework.zend.com/manual/en/zend.acl.html
To get an easier access you could try this great tutorial series on youtube: http://www.youtube.com/watch?v=UmtGClgImpo which covers every step from auth to acl.
To keep track of something you can use Zend_Registry, e.g.
Zend_Registry::set ( 'role', 'guests' );
and use the auth instance, e.g.
if(Zend_Auth::getInstance()->hasIdentity()){
Zend_Registry::set('role', Zend_Auth::getInstance()->getStorage()
->read()->role);
}else{
Zend_Registry::set('role', 'guests');
}
But this all is described very well in the tutorial.
Good Luck!
Related
Not worked with PHP for close on 10 years now, so very out of touch. I have a a project I am working on that requires a web front end with secure authentication. There is no need for API's at all.
Auth0 meets the requirements from an authentication point of view, and provides a lot of options.
What I cant find is how to integrate this with Slim Framework, can anyone point me in the right direction?
Background on the app, I am collating information from multiple API sources into a database and want to display this out and add some more functionality. Currently most of this is displayed on Grafana dashboards around the office, but there are some new requirements for this which cant be solved with dashboards.
Slim looks like the right tool for me, I need something that allows me to create pages quite easily where I will be in effect displaying a few graphs but mostly tables and forms to interact with the data. If Slim is not the right fit, happy to look elsewhere.
Thanks
According to the official Auth0 documentation I would try a setup in Slim 3 like this:
Installation
composer require auth0/auth0-php
Container Setup
Add a new container factory entry:
use Auth0\SDK\Auth0;
use Psr\Container\ContainerInterface as Container;
//...
$container[Auth0::class] = function (Container $container) {
return new Auth0([
'domain' => 'YOUR_DOMAIN',
'client_id' => 'YOUR_CLIENT_ID',
'client_secret' => 'YOUR_CLIENT_SECRET',
'redirect_uri' => 'https://YOUR_APP/callback',
'audience' => 'https://YOUR_DOMAIN/userinfo',
'scope' => 'openid profile',
'persist_id_token' => true,
'persist_access_token' => true,
'persist_refresh_token' => true,
]);
};
Usage
The user's information is stored in the session. Each time you call getUser(), it retrieves the information from the session.
use Auth0\SDK\Auth0;
$auth0 = $container->get(Auth0::class);
$userInfo = $auth0->getUser();
if (!$userInfo) {
// We have no user info
// redirect to Login
} else {
// User is authenticated
// Say hello to $userInfo['name']
// print logout button
}
Note: Don't use the container directly. In reality it's better to use dependency injection.
"but mostly tables and forms to interact with the data"
aside from your graphs to be displayed if the above is the main requirement then I would also recommend you look at Yii Framework (a PHP framework)
In particular looking at Gii - a code generator that builds, exceptionally quickly, CRUD forms and tables...
I want a teacher capability to check the whether the login user is a teacher?
If teacher, I want a different Home Page i.e, my custom page
If student, a different page
Could anyone help ?
What you want to do is use the has_capabilty() function. That is the way you should pose the question. Does the user i am looking at have the capability to see this page. Moodle is all about context and in one context the user may have a different capability than another. Hence, to ask "if a user is a teacher" is the wrong question.
Example of implementation (using moodle 1.9)
if(has_capability('block/my_history:userview', get_context_instance(CONTEXT_USER)) ){
$this->content->footer = 'Manager View';
}else{
$this->content->footer = 'Non Manager View';
}
See this forum discussion for more understanding http://moodle.org/mod/forum/discuss.php?d=70739
Notice the comments by Tim Hunt in this post http://moodle.org/mod/forum/discuss.php?d=126223
It takes a bit of learning, but it works well once you get your head around it.
Good luck
I am using the spring-security-ui plugin(0.1.2) and it is working very well for me. However, I am looking for the best way to get back to my application once a user is done making updates.
As it stands, if an Admin logs into my application and decides that a user needs to be added, they will be directed to the spring-security-ui plugin to perform this action. Once done, they may need to get back to the application to perform other Admin tasks. Is there a button/link that allows for this. If they choose to logout, they will be directed back to the app, but then they would have to log back in to perform the rest of their duties. Any advice on the best approach?
Thanks
-Juan
Can't you redirect from, say, the update action in what I'm assuming is UserController.groovy? Currently, it would look something like
redirect action: edit, id: user.id
why not use something along the lines of
redirect controller: <your_controller>, action: <your_action>, ...
Background: Completely new to MVC2. Has C# experience, but limited web experience.
I need more fine grained access than simply assigning a Role to a user. The user may have the role at 0+ points in a tree.
/
/Europe
/England
/France
/USA
For example, a user might be moderator of all forums under "Europe" and have access to posting news in France.
The two example controllers have actions as these:
ForumController:
public ActionResult DeletePost(int id) { ... }
NewsController:
[HttpPost]
public ActionResult Post(int treeID, ...) { ... }
How should I approach this? From what I gather Membership+RoleProvider cannot do this level of fine-grained control.
Previously I have written custom user/role/auth system which supported all this, but it was incompatible with "the standard" controls such as LoginView.
The goal would be to have roles allowing access like so:
NewsAdmin
Add news
Edit news
Delete news
NewsPoster
Add news
Therefore, the Post action of News controler should check: Does user have "Add news"-access where he is trying to post?
I would really like to somehow specify this using attributes, so the actual action code could be cleaner and just assume that the caller has appropirate access.
Hope the question makes sense, and I can get some pointers on where to read.
(Oh, and I'm sure this question has been answered in some variant before. I just can't seem to find it. I won't mind single-link replies, if you feel they might be helpful to read)
I think you're being too quick to dismiss the role provider. If a user had a role called NewsAdmin_Europe_AddNews that would pretty much answer the question, wouldn't it?
Once you've made your authentication scheme work with the role provider, you need to tie that into MVC. Subtype AuthorizeAttribute and override AuthorizeCore. Warning: Your code here must be thread-safe and re-entrant. Call base.AuthorizeCore and then test for the specific role based on the URI/query (you won't get route values since this can be served from cache, bypassing MVC altogether).
This is some work, but will be more secure in the end than trying to reinvent membership.
I have a project in which I want to be able to call wp_list_pages() on a page that also uses the Zend Framework to power some complex interfaces manages custom data outside of wordpress.
This page should also redirect the user to the wordpress login screen if they're not already logged in with the appropriate level of authorization.
How would this work at a high level, i.e. do I need to edit the wordpress bootstrap file to conditionally implement the custom interface based on a specific URL or something, but still include certain files to be able to call wp_list_pages() on that custom interface?
I've developed a couple of WordPress plugins, and I've found it's really easy to extend. Haven't worked with Zend though.
You should check the WordPress plugin api. Mostly the part about actions, filters and hooks: http://codex.wordpress.org/Plugin_API
You can even override some functions (not sure if wp_list_pages() is overridable).
It's pretty well documented, and there's a large developer community behind it on IRC, forums, etc.
Thanks Fernando.
I just read this thread which suggests that you can use Zend in any script by just including:
require_once('Zend/Loader.php');
Zend_Loader::registerAutoload();
So given that all I need to use Zend for is on one page, can I just include that code in a custom template file that I assign to the appropriate page in the navigation? If I used javascript to submit the form via XHR, the requested URL would take the form '/controller/action' - but Zend wouldn't know the controller directory.
Could I put Zend code into the wordpress bootstrap, i.e. the above code plus the frontController configuration, and then use Zend wherever however?
So I've created a page in Wordpress and a custom template for that page, in which I've placed the following Zend Framework code:
require_once('Zend/Loader.php');
Zend_Loader::registerAutoload();
$db = Zend_Db::factory('Pdo_Mysql', array(
'host' => 'localhost',
'username' => 'username',
'password' => 'password',
'dbname' => 'dbname'
));
Zend_Db_Table::setDefaultAdapter($db);
class Users extends Zend_Db_Table_Abstract {
protected $_name = 'wp_users';
}
$users = new Users();
$users = $users->fetchAll()->toArray();
print_r($users[0]['user_login']);
This all works fine, so it's clearly possible to use Zend in conjuction with Wordpress at least to some extent.
It's becoming apparant that the problem is about who controls the URL rewriting, or the routing, or the bootstrapping (not sure of the correct terminology). If I were to put the end of the above code, starting $users = new Users();, into a controller as follows:
class UsersController extends Zend_Controller_Action {
function getUserAction() {
$this->_helper->viewRenderer->setNoRender();
$users = new Users();
$users = $users->fetchAll()->toArray();
echo $users[0]['user_login'];
}
}
How would I then call that function? My intention would be to call it from javascript via an XHR request in response to an event on the page, but requesting the URL 'index.php/Users/getUser/' returns 'No input file selected'. Trying to access the URL http://www.domain.com/Users/getUser/ produces a Wordpress 404 page.
Is there a way around this? It doesn't just apply to wordpress, of course - I expect it applies to any existing application that rewrites/routes requests via a bootstrap.
I guess you could do that, just import the framework into the one page you need it for. I don't know how Zend works, but check the paths as to where to put your directories so that Zend finds them.As I said I guess you could do that, just experiment and tell us how it went!
Beware of name conflicts for functions and/or variables, this shouldn't be much of a problem coming from such popular products as WordPress and Zend though... (which should be theoretically well coded)
I guess you could do that, just import the framework into the one page you need it for. I don't know how Zend works, but check the paths as to where to put your directories so that Zend finds them.As I said I guess you could do that, just experiment and tell us how it went!
Beware of name conflicts for functions and/or variables, this shouldn't be much of a problem coming from such popular products as WordPress and Zend though... (which should be theoretically well coded)
I've built a plugin for wordpress that has a similar goal to yours, more modeled on CodeIgniter though. Not knowing Zend terribly well, I think this should help:
Make a file named routes.php in your plugins directory with the following code:
add_action( 'init', 'add_custom_urls' );
function add_custom_urls(){
global $wp, $wp_rewrite;
$wp_rewrite->add_rule( '(.*)$', 'index.php?&cPath=$matches[1]', 'top' );
$wp->add_query_var( 'cPath' );
}
Be sure to activate both plugins in your admin. These two files will allow you to catch the url before Wordpress tries to figure out what to do with it. You can use regular expressions to have finer control over which pages to catch. You may have to delete the record in your _options db table where option_name = 'rewrite_rules' before this works.
Next, make another plugin with the following code:
add_action( 'template_redirect', 'bootstrap' );
function bootstrap(){
global $cPath;
echo( "cPath : $cPath" );
if( $cPath ){
dosomethingwith( $cPath );
}
}
Put all your code in the dosomethingwith() function. You'll need to figure out if the url requested can me mapped to a zend controller, etc. http://www.domain.com/Users/getUser/ would give you $cPath = Users/getUser/ If successful, you'll also probably want to die(), so once it is completed Wordpress won't try and take over again.