2

我最近开始使用 Zend Framework,我仍然很习惯 session_start,并将变量分配给某些会话名称(即:$_SESSION['username'] == $username)

我试图弄清楚如何在 Zend 中做类似的事情。现在,我的身份验证脚本使用 LDAP 对我的 AD 服务器检查凭据,如果成功,则对用户进行身份验证。

我想创建一个脚本,允许管理员用户轻松“进入”其他人的会话。假设 admin1 有一个活动会话并且想要切换到 user1 的会话。通常我只会更改 $_SESSION['username'] 变量并有效地更改登录用户的身份。

但是对于 Zend,我不太确定如何更改会话信息。对于它的价值,这是我的身份验证脚本:

class LoginController extends Zend_Controller_Action
{
    public function getForm()
    {
        return new LoginForm(array(
            'action' => '/login/process',
            'method' => 'post',
        ));
    }

    public function getAuthAdapter(array $params)
    {
        $username = $params['username'];
        $password = $params['password'];
        $auth = Zend_Auth::getInstance();

        require_once 'Zend/Config/Ini.php';
        $config = new Zend_Config_Ini('../application/configs/application.ini', 'production');
        $log_path = $config->ldap->log_path;
        $options = $config->ldap->toArray();
        unset($options['log_path']);

        require_once 'Zend/Auth/Adapter/Ldap.php';
        $adapter = new Zend_Auth_Adapter_Ldap($options, $username, $password);

        $result = $auth->authenticate($adapter);

        if ($log_path) {
            $messages = $result->getMessages();

            require_once 'Zend/Log.php';
            require_once 'Zend/Log/Writer/Stream.php';
            require_once 'Zend/Log/Filter/Priority.php';
            $logger = new Zend_Log();
            $logger->addWriter(new Zend_Log_Writer_Stream($log_path));
            $filter = new Zend_Log_Filter_Priority(Zend_Log::DEBUG);
            $logger->addFilter($filter);

            foreach ($messages as $i => $message) {
                if ($i-- > 1) { // $messages[2] and up are log messages
                    $message = str_replace("\n", "\n  ", $message);
                    $logger->log("Ldap: $i: $message", Zend_Log::DEBUG);
                }
            }
        }
        return $adapter;
    }
    public function preDispatch()
    {
        if (Zend_Auth::getInstance()->hasIdentity()) {
            // If the user is logged in, we don't want to show the login form;
            // however, the logout action should still be available
            if ('logout' != $this->getRequest()->getActionName()) {
                $this->_helper->redirector('index', 'index');
            }
        } else {
            // If they aren't, they can't logout, so that action should
            // redirect to the login form
            if ('logout' == $this->getRequest()->getActionName()) {
                $this->_helper->redirector('index');
            }
        }
    }
    public function indexAction()
    {
        $this->view->form = $this->getForm();
    }
    public function processAction()
    {
        $request = $this->getRequest();

        // Check if we have a POST request
        if (!$request->isPost()) {
            return $this->_helper->redirector('index');
        }

        // Get our form and validate it
        $form = $this->getForm();
        if (!$form->isValid($request->getPost())) {
            // Invalid entries
            $this->view->form = $form;
            return $this->render('index'); // re-render the login form
        }

        // Get our authentication adapter and check credentials
        $adapter = $this->getAuthAdapter($form->getValues());
        $auth    = Zend_Auth::getInstance();
        $result  = $auth->authenticate($adapter);
        if (!$result->isValid()) {
            // Invalid credentials
            $form->setDescription('Invalid credentials provided');
            $this->view->form = $form;
            return $this->render('index'); // re-render the login form
        }

        // We're authenticated! Redirect to the home page

        $this->_helper->redirector('index', 'index');

    }
    public function logoutAction()
    {
        Zend_Auth::getInstance()->clearIdentity();
        $this->_helper->redirector('index'); // back to login page
    }
}

有什么办法可以做我所描述的吗?感谢您的任何建议。

4

1 回答 1

2

Zend_Auth_Storage_Session给定您的代码,身份验证的结果通过一个对象存储在 PHP 会话中。

调用Zend_Auth::getIdentity()获取对存储的访问权,如果它不为空,则返回结果。同样,您可以通过访问底层存储并更改其值来更改存储的身份。作为身份验证结果存储的实际身份Zend_Auth_Adapter_Ldap只是一个表示 LDAP 用户名的字符串值。

要有效地更改登录用户,您可以执行以下操作:

Zend_Auth::getInstance()->getStorage()->write('newUserName');

这假定了给定代码的默认行为。

身份验证成功后,我在应用程序中所做的是创建某个用户模型的新对象,并将其写入 Zend_Auth 会话,以便我在每个会话中获得有关用户的更多信息,因此您应该知道不同的事情可以根据应用程序在存储中。

例如,这就是我所做的:

$auth       = new Zend_Auth(...);
$authResult = $auth->authenticate();

if ($authResult->isValid() == true) {
    $userobj = new Application_Model_UserSession();
    // populate $userobj with much information about the user
    $auth->getStorage()->write($userobj);
}

现在,在我调用的应用程序中的任何地方,我Zend_Auth::getInstance()->getIdentity()都会返回Application_Model_UserSession对象而不是字符串;但我离题了。

应该对您有所帮助的信息是:

$user = Zend_Auth::getInstance()->getIdentity(); // reads from auth->getStorage()

Zend_Auth::getInstance()->getStorage()->write($newUser);
于 2012-06-11T23:43:42.180 回答