Zend Framework by examples (ZfEx): Authentication with a custom storage

In this example, we implement a simple authentication with a custom adapter. The user names and passwords are stored inside. And the persistence mechanism is implemented with a custom storage.

Components used in this example

MyAuthentication MyStorage MyAuthAdapter MyHtml Entry point HTML | Try it | View source code

Implementation of the authentication


class MyAuthentication
{

The authentication process

We get the user name and password from the GET request. Or we get the request to sign out.
We instantiate the authentication object.
We pass the storage to the authentication object.
If the user requested to sign out, we erase the identity of the user.
If the user is already authenticated, we return the identity of the user.
Or we attempt to authenticate the user. We return a message stating if the user was identified successfully or not.


    public function process()
    {
        // We get the user name and password from the GET request.
        // Or we get the request to sign out.
        list($username, $password, $clear) = $this->_getParameters();
        // We instantiate the authentication object.
        $auth = Zend_Auth::getInstance();
        // We pass the storage to the authentication object.
        $auth->setStorage(new MyStorage());

        if ($clear) {
            // If the user requested to sign out, we erase the identity of the user.
            $auth->clearIdentity();
            $message = 'The identity is cleared';
        } else if ($auth->hasIdentity()) {
            // If the user is already authenticated, we return the identity of the user.
            $identity = $auth->getIdentity();
            $message = "$username is already authenticated and identified as $identity!";
        } else if ($username) {
            // Or we attempt to authenticate the user.
            // We return a message stating if the user was identified successfully or not.
            $message = $this->_authenticate($username, $password);
        } else {
            $message = '';
        }

        return array($username, $password, $message);
    }

Extraction of the parameters from the GET request


    private function _getParameters()
    {
        $username = isset($_GET['username'])? $_GET['username'] : '';
        $password = isset($_GET['password'])? $_GET['password'] : '';
        $clear = !empty($_GET['clear']);

        return array($username, $password, $clear);
    }

Authentication of the user

We instantiate the authentication adapter by passing the user name and password.
We instantiate the authentication object.
We attempt to authenticate the user.
If the user is authenticated, we return the identity of the user. The identity of the user is stored in the custom storage.
If the authentication failed, we return an error message.


    private function _authenticate($username, $password)
    {
        // We instantiate the authentication adapter by passing the user name and password.
        $authAdapter = new MyAuthAdapter($username, $password);
        // We instantiate the authentication object.
        $auth = Zend_Auth::getInstance();
        // We attempt to authenticate the user.
        $result = $auth->authenticate($authAdapter);

        if ($result->isValid()) {
            // If the user is authenticated, we return the identity of the user.
            // The identity of the user is stored in the custom storage.
            $identity = $result->getIdentity();
            $message = "$identity is now authenticated!";
        } else if ($username) {
            // If the authentication failed, we return an error message.
            $message = $result->getMessages();
        }

        return $message;
    }

Implementation of the custom storage

The storage is implement as a file on the server. The file name is created randomly and passed to the user in a cookie.


class MyStorage implements Zend_Auth_Storage_Interface
{
    // The storage is implement as a file on the server.
    // The file name is created randomly and passed to the user in a cookie.
    private $_storage;

Construction of the adapter

If the cookie does not exist, we create the name of the file randomly. And we store the name in the cookie.
If the cookie exists, we get the name of the file from the cookie.


    public function __construct()
    {
        if (empty($_COOKIE['storage'])) {
            // If the cookie does not exist, we create the name of the file randomly.
            // And we store the name in the cookie.
            $this->_storage = dirname(__FILE__) . '/data/auth/storage-' . rand() . '.txt';
            setcookie('storage', $this->_storage, time() + 3600, '/');
        } else {
           // If the cookie exists, we get the name of the file from the cookie.
           $this->_storage = $_COOKIE['storage'];
        }
    }

Methods of access to the storage

We check if the file does not exist or if the file is empty.
Or we read the file and we return the identity.
Or we write the identity into the file.
Or we delete the file and we erase the cookie.


    public function isEmpty()
    {
        // We check if the file does not exist or if the file is empty.
        return !file_exists($this->_storage) or !filesize($this->_storage);
    }

    public function read()
    {
        // Or we read the file and we return the identity.
        return file_get_contents($this->_storage);
    }

    public function write($contents)
    {
        // Or we write the identity into the file.
        file_put_contents($this->_storage, $contents);
    }

    public function clear()
    {
        // Or we delete the file and we erase the cookie.
        file_exists($this->_storage) and unlink($this->_storage);
        setcookie('storage', '', 1, '/');
    }

Implementation of the authentication adapter

User names and passwords are hard coded for the purpose of this example.


class MyAuthAdapter implements Zend_Auth_Adapter_Interface
{
    // User names and passwords are hard coded for the purpose of this example.
    private $_userPasswords = array('john' => '123', 'jane' => '456');
    private $_username;
    private $_password;

Construction of the adapter

The user name and password are passed to the adapter.


    public function __construct($username, $password)
    {
        // The user name and password are passed to the adapter.
        $this->_username = $username;
        $this->_password = $password;
    }

Authentication of the user

We check if the user exists. We prepare the error message if not.
We check if the password is valid. We prepare the error message if not.
We mark the result as successful if the user name and password are valid.
We return the authentication result.


    public function authenticate()
    {
        if (!isset($this->_userPasswords[$this->_username])) {
            // We check if the user exists. We prepare the error message if not.
            $result = new Zend_Auth_Result(
                Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND,
                $this->_username,
                array('Unknown user!'));
        } else if ($this->_userPasswords[$this->_username] != $this->_password) {
            // We check if the password is valid. We prepare the error message if not.
            $result =  new Zend_Auth_Result(
                Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID,
                $this->_username,
                array('Bad password!'));
        } else {
            // We mark the result as successful if the user name and password are valid.
            $result =  new Zend_Auth_Result(
                Zend_Auth_Result::SUCCESS,
                $this->_username);
        }

        // We return the authentication result.
        return $result;
    }

Displaying items


class MyHtml
{

Displaying the title of the page based on the file name.


    public static function printTitle()
    {
        $basename = basename(__FILE__, '.php');
        $title = ucwords(str_replace('-' , ' ', $basename));
        $zfVersion = Zend_Version::VERSION;
        $phpVersion = phpversion();
        echo "ZfEx $title (ZF/$zfVersion PHP/$phpVersion)";
    }

Displaying a string or an array

If the data is an array, we convert the array into a set of lines.
We converts special characters into HTML entities.
We convert new-line characters into line breaks.


    public static function display($mixed)
    {
        // If the data is an array, we convert the array into a set of lines.
        is_array($mixed) and $mixed = implode("\n", $mixed);
        $mixed = stripslashes($mixed);
        // We converts special characters into HTML entities.
        $mixed = htmlspecialchars($mixed, ENT_QUOTES, 'UTF-8');
        // We convert new-line characters into line breaks.
        echo nl2br($mixed);
    }

Processing the authentication

We get the user name, the password and the authentication result, to display in the form.


$auth = new MyAuthentication;
// We get the user name, the password and the authentication result, to display in the form.
list($username, $password, $message) = $auth->process();


<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title><?php MyHtml::printTitle();?></title>
    <style type="text/css">
      body {
          font-family: arial, sans-serif;
          font-size: 0.9em;
      }
    </style>
  </head>

  <body>

    <p>EXAMPLE <?php MyHtml::printTitle();?></p>
    <hr />

    <form>
      Name:
      <input type="text" name="username"
             value="<?php MyHtml::display($username);?>" />
      Password:
      <input type="text" name="password"
             value="<?php MyHtml::display($password);?>" />
      <input type="submit" value="Sign In" />
    </form>

    <a href="?clear=1">Sign Out (Clear the user identity)</a>

    <br /> <br />
    (The authentication is only valid for users john and jane
    with respective passwords 123 and 456.)

    <br /> <br />
    <hr />
    AUTHENTICATION RESULT
    <br /> <br />
    <?php echo MyHtml::display($message);?>

  </body>
</html>