/**
* Change environment for user role/status
*
* @param string $realm
* @param string $login
* @param string $password
* @return void
*/
protected function _doLogin($realm, $login, $password)
{
$authAdapter = new Zend_Auth_Adapter_Digest(APPLICATION_PATH . '/configs/auth', $realm, $login, $password);
$result = $authAdapter->authenticate();
if ($result->isValid()) {
// success: store database row to auth's storage system
Zend_Auth::getInstance()->getStorage()->write($authAdapter->getRealm());
}
}
protected function _authenticate($realm, $login, $password)
{
$authAdapter = new Zend_Auth_Adapter_Digest(APPLICATION_PATH . '/configs/auth', $realm, $login, $password);
$result = $authAdapter->authenticate();
if ($result->isValid()) {
// success: сохран¤ем роль пользовател¤ в Zend_Auth
Zend_Auth::getInstance()->getStorage()->write($authAdapter->getRealm());
}
return $result;
}
/**
* Ensures that getPassword() returns expected default value
*
* @return void
*/
public function testGetPassword()
{
$adapter = new Zend_Auth_Adapter_Digest();
$this->assertEquals(null, $adapter->getPassword());
}
/**
* The default action is "indexAction", unless explcitly set to something else.
*/
public function indexAction()
{
// STAGE 4: Apply business logic to create a presentation model for the view.
$origRequest = $this->getInvokeArg('origRequest');
$this->view->rerouteToReason = $this->getInvokeArg('rerouteToReason');
$this->view->origRequestUri = $origRequest->REQUEST_URI;
// if no credentials
if (empty($_REQUEST['username'])) {
// should be _POST, but this makes demo easier to tweak
// STAGE 5: Choose view template and submit presentation model to view template for rendering.
// if an admin area was requested, and authentication has been enabled in config.ini
if (isset($this->authSpace->authenticationId)) {
ZFDemo_Log::log(_('already have authentication id, showing logout form'));
$this->_forward('logoutDecision');
// show logout form
} else {
ZFDemo_Log::log(_('no authentication id, showing login form'));
$this->renderToSegment('body');
// show login form
}
return;
}
// prepare to authenticate credentials received from a form
require_once 'Zend/Auth/Result.php';
require_once 'Zend/Auth/Adapter/Digest.php';
$config = Zend_Registry::get('config');
$username = trim($_REQUEST['username']);
// ought to be _POST, but this simplifies experimentation
$password = trim($_REQUEST['password']);
// by the reader of the tutorial
// filtering will be added in a later section
/////////////////////////////
// ==> SECTION: filter <==
require_once 'Zend/Validate/Alnum.php';
require_once 'Zend/Validate/Regex.php';
// input filtering is enabled, so ..
$validator_name = new Zend_Validate_Alnum();
// alphabetic and numeric characters are permitted
if (!$validator_name->isValid($username)) {
$this->renderToSegment('body', 'invalidUsername');
return;
}
// this application has "special" requirements, so we show how to use custom regex:
$validator_password = new Zend_Validate_Regex('/^[a-z0-9_]{5,16}$/');
if (!$validator_password->isValid($password)) {
$this->renderToSegment('body', 'invalidPassword');
return;
}
/////////////////////////////
// ==> SECTION: auth <==
$result = false;
try {
// try to authenticate using the md5 "digest" adapter
$filename = $config->authenticate->filename;
// file containing username:realm:password digests
if ($filename[0] !== DIRECTORY_SEPARATOR) {
$filename = Zend_Registry::get('dataDir') . $filename;
// prepend path, if filename not absolute
}
$adapter = new Zend_Auth_Adapter_Digest($filename, $config->authenticate->realm, $username, $password);
$result = $adapter->authenticate();
// result of trying to authenticate credentials
$this->view->resultCode = $result->getCode();
// allow view to see result status (reason)
} catch (Exception $exception) {
$this->view->exception = ZFDemo::filterException($exception);
// record exception description
$this->view->resultCode = false;
}
if ($result && $result->isValid()) {
// if successful authentication, save the authentication identity ( http://framework.zend.com/wiki/x/fUw )
$id = $result->getIdentity();
Zend_Registry::set('authenticationId', $id);
// publish the identity (really need Observer pattern)
$this->authSpace->authenticationId = $id;
$this->authSpace->date = time();
// save the timestamp when authenticated successfully
$this->authSpace->attempts = 0;
// success, so forget the number of previous login failures
// @TODO: filter this ...
$this->_redirect($_REQUEST['origPathInfo']);
// now return to wherever user came from
} else {
$this->authSpace->attempts++;
// record the authentication failure
if ($this->authSpace->attempts > $config->authenticate->maxAttempts) {
// Overly simplistic account "lockout" lasts for at least 10 seconds,
// but increases with repeated failures.
$this->view->lockout = 5 * $this->authSpace->attempts;
// Lockout time will be "forgotten" later, and expired from session, allowing logins.
$this->authSpace->setExpirationSeconds($this->view->lockout);
$this->blockHacker();
// show a view indicating account lockout
return;
}
}
// STAGE 5: Choose view template and submit presentation model to view template for rendering.
$this->renderToSegment('body');
}
