6

I'm learning Zend Framework, but I have some doubts about the usage and the concepts.

I want to check if the user is logged to allow access to all the pages. If it is, show the page, if not, display the login the page.

My main doubts are what I need to use to do this (Zend_Auth, Zend_Acl, etc) and where to check if the user is logged (in each controller or the framework automatically checks this for each requisition).

Renato Dinhani
  • 35,057
  • 55
  • 139
  • 199
  • ACL is usually used for levels of user control. You want Zend_Auth. – Brendan May 09 '12 at 14:48
  • For the user that negatived, why the -1? – Renato Dinhani May 09 '12 at 15:05
  • 1
    Because "your question doesn't show any research effort" (hover over the down vote arrow to see that). There are lots of tutorials to be found and there is an excellent manual for ZF that would give you the information you are looking for. In any case my answer should get you moving in the right direction. Good luck. – vascowhite May 09 '12 at 15:10
  • @vascowhite So, it's needed to say that I'm doing some research in the question? I don't said that, but yes, I did a lot of research. If you look, my main doubt is between using Zend_Auth or Zend_Acl because I saw a lot of examples with each one, but I was not sure of which one to use. The second doubt is because I don't know if the Front Controller does the check or I need to put the check in each Controller. My question here was to clarify these points. – Renato Dinhani May 09 '12 at 15:17
  • It's probably best to mention what you have tried/researched up to now as that helps people decide how to help you without going over ground you have already covered. – vascowhite May 09 '12 at 15:25

2 Answers2

5

The tool you want to use is Zend_Auth which is quite easy to use when you get the hang of it.

Checking if a user is logged in can be as simple as:-

$auth = Zend_Auth::getInstance();
if($auth->hasIdentity()) $loggedIn = true;

See Rob Allen's excellent tutorial on getting started with Zend Auth.

The method I use is to set up a user class that looks after authorisation and access control and inject it into my application as an Action Helper, so that in any of my controllers I can just do:-

$this->user->checkSomething();

The authorisation part needs to affect all the parts of your site which you don't want public and each affected controller needs to check that the user is logged in. For access control, that is done on a per role/per resource basis depending on how fine grained you need to be.See ACL and AUTH in the manual.

vascowhite
  • 18,120
  • 9
  • 61
  • 77
  • In what way? An action helper is only loaded if needed, I've never noticed any performance issues with it. Can you link to a source for that? I'd be interested in reading it. – vascowhite May 09 '12 at 15:37
  • well, It was mentioned in the accepted answer for [this](http://stackoverflow.com/questions/4708754/optimising-the-zend-framework) question. Also I found [this article](http://www.rmauger.co.uk/2009/03/why-the-zend-framework-actionstack-is-evil/) a while ago. I didn't investigate it much further as I rarely use Action Helpers. If you have other materials disagreeing with this then plz post it. – Songo May 09 '12 at 15:52
  • @songo I'm not going to defend their use, I don't feel that strongly about them. I just said I use them. If other people don't want to for whatever reason it has absolutely no effect on me. I am just interested to read anything that may give me more information. – vascowhite May 09 '12 at 15:56
  • well, that's exactly how I feel :) I'm always looking for ways to improve my code. That's why I was looking for other concrete references to whether not using the `Action Helpers` is good or not for performance ;) – Songo May 09 '12 at 16:14
  • I hadn't seen those, interesting stuff, thanks for the links. However, I'll keep using action helpers until performance actually becomes an issue for me :) – vascowhite May 09 '12 at 16:35
  • The action stack and action helpers are not the same thing. The action stack is a performance killer, action helpers are just a class that gets loaded and run like a view helper. – Tim Fountain May 09 '12 at 18:59
  • @TimFountain Thanks for the clarification. I haven't had time to read those yet. – vascowhite May 09 '12 at 19:01
  • Sorry for the misleading text (my answer linked above). Using "Zend_View_Helper_Action" and "Zend_Controller_Action_Helper_ActionStack" poses performance problems. Action helper - even not very efficient with many namespaces - are not that big problem. – Tomáš Fejfar May 12 '12 at 22:59
2

Want to check if the user is logged in ZendFramework? Try this:

Place this in anywhere of your controller to 'debug', and put it in the top or beginning of your code:

if (Zend_Auth::getInstance()->hasIdentity()) echo "oh yeah I'm logged in lol"; die;
Raymond
  • 1,309
  • 14
  • 10