Use zend_auth to implement session identity persistent Authentication

Today, I used Zend framework to implement persistent identity authentication...

The manual provides four authentication methods: Session, database table, summary, and HTTP Authentication adapter. When I implemented session authentication (according to the code in the Manual), I first found a problem and could not be verified... later, I took a closer look. The code in the manual lacks something...

Zend_auth and zend_auth_storage_session are used to implement session persistent identity authentication. The main points are as follows:

1. First create an adapter, that is, the class used to verify the user, such:

Class authadapter implements zend_auth_adapter_interface {
VaR $ username;
VaR $ password;
/**
* Sets username andpassword for authentication
* @ Return void
*/
Public Function _ construct ($ username = '', $ Password = ''){//
$ This-> username = $ username;
$ This-> Password = $ password;
}
/**
* Performs an authentication attempt
* @ Throws zend_auth_adapter_exception if authentication cannot be specified med
* @ Return zend_auth_result
* Zend_auth_result: Success
* Zend_auth_result: Failure
* Zend_auth_result: failure_identity_not_found
* Zend_auth_result: failure_identity_ambiguous
* Zend_auth_result: failure_credential_invalid
* Zend_auth_result: failure_uncategorized
*/
Public Function authenticate (){
$ Aryinfo;
If (isset ($ this-> username) & (isset ($ this-> password ))){
$ Aryinfo [0] = _ E ('verification correctness ');
Return new zend_auth_result (1, $ aryinfo );
} Else {
$ Aryinfo [0] = _ E ('verification failed ');
Return new zend_auth_result (-1, $ aryinfo );
}
}
}

2. Obtain a zend_auth instance.
$ Auth = zend_auth: getinstance ();

3. Create a namespace for the authentication session and store it in the memory of the zend_auth instance.
$ Auth-> setstorage (New zend_auth_storage_session ('somenamespace '));

4. Add the above authentication adapter instance:
Include ('../classes/authadapter. Class. php ');
$ Authadapter = new authadapter ('usrname', 'pwd ');
$ Result = $ this-> _ auth-> authenticate ($ authadapter );

5. Verify the result:
If (! $ Result-> isvalid ()){
Foreach ($ result-> getmessages () as $ message ){
Echo "$ message/N ";
}
} Else {
Foreach ($ result-> getidentity () as $ message ){
Echo "$ message/N ";
}
}

If you call a method directly during verification on other pages, you can verify it:
$ Auth = zend_auth: getinstance ();
$ Auth-> setstorage (New zend_auth_storage_session ('sessionauth '));
If ($ auth-> hasidentity ()){
$ Identity = $ auth-> getidentity ();
Echo 'Authentication ';
} Else {
Echo 'unauthenticated ';
Foreach ($ auth-> getidentity () as $ message ){
Echo "$ message/N ";
}

In fact, according to my understanding, what method is used for verification, as long as you decide in the adapter verification method...

For persistent identities, it is best to use the ACL together... otherwise, there will still be many problems with access control of permissions and resources...

There is another important problem. Basically, no matter which authentication method is used, it also has a lot to do with the session, unless the original method of verification is called during each verification, instead of simply verifying the value in the session, the value in the session serves as the basis for verifying information.

There are several other verification methods. Let's take a look at them. It may be better and more appropriate to share them later.