Authentication with a database table

In this example, we implement a simple authentication. The user names and passwords are stored in a database. And we use the default persistence mechanism.

Components used in this example

• Zend_Auth
• Zend_Auth_Adapter_DbTable
• Zend_Db_Adapter_Pdo_Sqlite

---

MyAuthentication MyHtml Entry point HTML | Try it | View source code

Implementation of the authentication

class MyAuthentication
{

The authentication process

• We get the user name and password from the GET request. Or we get the request to sign out.
• We instantiate the authentication object.
• If the user requested to sign out, we erase the identity of the user.
• If the user is already authenticated, we return the identity of the user.
• Or we attempt to authenticate the user. We return a message stating if the user was identified successfully or not.

    public function process()
    {
        // We get the user name and password from the GET request.
        // Or we get the request to sign out.
        list($username, $password, $clear) = $this->_getParameters();
        // We instantiate the authentication object.
        $auth = Zend_Auth::getInstance();

        if ($clear) {
            // If the user requested to sign out, we erase the identity of the user.
            $auth->clearIdentity();
            $message = 'The identity is cleared';
        } else if ($auth->hasIdentity()) {
            // If the user is already authenticated, we return the identity of the user.
            $identity = $auth->getIdentity();
            $message = "$username is already authenticated and identified as $identity!";
        } else if ($username) {
            // Or we attempt to authenticate the user.
            // We return a message stating if the user was identified successfully or not.
            $message = $this->_authenticate($username, $password);
        } else {
            $message = '';
        }

        return array($username, $password, $message);
    }

Extraction of the parameters from the GET request

    private function _getParameters()
    {
        $username = isset($_GET['username'])? $_GET['username'] : '';
        $password = isset($_GET['password'])? $_GET['password'] : '';
        $clear = !empty($_GET['clear']);

        return array($username, $password, $clear);
    }

Authentication of the user

• We create the database of user names and passwords
• We bind the database and the authentication adapter.
• We instantiate the authentication object.
• We attempt to authenticate the user.
• If the user is authenticated, we return the identity of the user. The identity of the user is stored in the session by default.
• If the authentication failed, we return an error message.

    private function _authenticate($username, $password)
    {
        // We create the database of user names and passwords
        $dbAdapter = $this->_createDbAdapter();
        // We bind the database and the authentication adapter.
        $authAdapter = $this->_createAuthAdapter($dbAdapter, $username, $password);
        // We instantiate the authentication object.
        $auth = Zend_Auth::getInstance();
        // We attempt to authenticate the user.
        $result = $auth->authenticate($authAdapter);

        if ($result->isValid()) {
            // If the user is authenticated, we return the identity of the user.
            // The identity of the user is stored in the session by default.
            $identity = $result->getIdentity();
            $message = "$identity is now authenticated!";
        } else if ($username) {
            // If the authentication failed, we return an error message.
            $message = $result->getMessages();
        }

        return $message;
    }

Creation of the authentication database

• We create a SQLite database in memory.
• We create the authentication table.
• We add users in the authentication table.

    private function _createDbAdapter()
    {
        // We create a SQLite database in memory.
        $dbAdapter = new Zend_Db_Adapter_Pdo_Sqlite(array('dbname' => ':memory:'));
        // We create the authentication table.
        $sqlCreate = 'CREATE TABLE users ('
            . 'id INTEGER  NOT NULL PRIMARY KEY, '
            . 'username TEXT UNIQUE NOT NULL, '
            . 'password TEXT NULL, '
            . 'real_name TEXT NULL)';
        $dbAdapter->query($sqlCreate);

        // We add users in the authentication table.
        $sqlInsert = "INSERT INTO users (username, password, real_name) "
            . "VALUES ('john', '123', 'John Foo')";
        $dbAdapter->query($sqlInsert);
        $sqlInsert = "INSERT INTO users (username, password, real_name) "
            . "VALUES ('jane', '456', 'Jane Bar')";
        $dbAdapter->query($sqlInsert);

        return $dbAdapter;
    }

Creation of the authentication adapter

• We instantiate the database adapter.
• We pass the table columns to the adapter.
• We pass the user name and password to the adapter.

    private function _createAuthAdapter($dbAdapter, $username, $password)
    {
        // We instantiate the database adapter.
        $authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);
        // We pass the table columns to the adapter.
        $authAdapter
            ->setTableName('users')
            ->setIdentityColumn('username')
            ->setCredentialColumn('password');

        // We pass the user name and password to the adapter.
        $authAdapter
            ->setIdentity($username)
            ->setCredential($password);

        return $authAdapter;
    }

}

Displaying items

class MyHtml
{

Displaying the title of the page based on the file name.

    public static function printTitle()
    {
        $basename = basename(__FILE__, '.php');
        $title = ucwords(str_replace('-' , ' ', $basename));
        $zfVersion = Zend_Version::VERSION;
        $phpVersion = phpversion();
        echo "ZfEx $title (ZF/$zfVersion PHP/$phpVersion)";
    }

Displaying a string or an array

• If the data is an array, we convert the array into a set of lines.
• We converts special characters into HTML entities.
• We convert new-line characters into line breaks.

    public static function display($mixed)
    {
        // If the data is an array, we convert the array into a set of lines.
        is_array($mixed) and $mixed = implode("\n", $mixed);
        $mixed = stripslashes($mixed);
        // We converts special characters into HTML entities.
        $mixed = htmlspecialchars($mixed, ENT_QUOTES, 'UTF-8');
        // We convert new-line characters into line breaks.
        echo nl2br($mixed);
    }

}

Processing the authentication

• We get the user name, the password and the authentication result, to display in the form.

$auth = new MyAuthentication;
// We get the user name, the password and the authentication result, to display in the form.
list($username, $password, $message) = $auth->process();

<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title><?php MyHtml::printTitle();?></title>
    <style type="text/css">
      body {
          font-family: arial, sans-serif;
          font-size: 0.9em;
      }
    </style>
  </head>

  <body>

    <p>EXAMPLE <?php MyHtml::printTitle();?></p>
    <hr />

    <form>
      Name:
      <input type="text" name="username"
             value="<?php MyHtml::display($username);?>" />
      Password:
      <input type="text" name="password"
             value="<?php MyHtml::display($password);?>" />
      <input type="submit" value="Sign In" />
    </form>

    <a href="?clear=1">Sign Out (Clear the user identity)</a>

    <br /> <br />
    (The authentication is only valid for users john and jane
    with respective passwords 123 and 456.)

    <br /> <br />
    <hr />
    AUTHENTICATION RESULT
    <br /> <br />
    <?php echo MyHtml::display($message);?>

  </body>
</html>