基本身份验证和会话管理库PHP？ [英] Basic authentication and session management library for PHP?

问题描述

我知道这样已经被问过无数次的问题，但并不完全这样的。原谅我，如果我忽略了一个明显的重复。

在我的许多Web应用程序的核心是一个自写用户/会话管理类，在它的起源可以追溯到2002年。
我已决定，现在是一个根本上重新写，或者preferably，引进了现成的标准库。

我该库的要求是：

• 面向对象的，干净的，优秀的code


• 全会话管理：包装到在ses​​sion_start（）和嫔妃


• 在理想情况下提供各种存储方法（PHP标准/ tmp目录，基于数据库的）


• 从理论上是能够连接到不同类型的用户的数据存储，但MySQL将做精


• 将理想支持OpenID的提供方便的功能，但是这是一个奇特的想法，不要求马上


• 方法：验证会话，获取用户数据，获取会话数据，登录用户，注销用户


• 设置：会话生命周期，密码加密


• 必须是开源

而如果它是的非常的通用性，用户管理API的或的通用连接器周围应用程序的用户管理将是不错的：

• 创建/更新/删除用户记录


• 获取和修改登录用户的当前数据

这是如此基本，所以安全性相关的，那我希望是有一个标准的解决方案，这一点，但是我不知道任何和所有的大的CMS和博客似乎是自己卷。

我的两个问题：

• 你知道这样的组件作为通用，单机库？




• 可能有人在很深的造诣 Zend框架告诉我是否可以使用Zend_Auth的和/或由Zend_Session的独立的，在一个大的应用程序的核心拥有否则无关，与采埃孚，在不麻烦运行？

解决方案

  

可能有人在很深的造诣 Zend框架告诉我是否可以使用Zend_Auth的和/或由Zend_Session独立的，在有其它无关ZF大的应用程序的核心，没有麻烦中运行？

我没有Zend框架的深入了解，但我已经使用了各种组件（例如Zend_Search），而无需创建一个Zend_Application对象或使用MVC框架，我相信该库的其余部分也设计得完全模块化的。上次我挖出虽然由Zend_Session code，我没有发现任何包括外的Zend /会话/ 。一个快速谷歌似乎证实本作Zend_Auth的，与沿Zend的常见问题其中规定：

  

是ZF的组件库或框架？结果
  答案很简单：两者。 Zend框架提供了所有在单个分布大多数Web应用程序所需的组件。的但Zend框架组件也松耦合的，因此很容易只使用几个组件在网络针对应用甚至与其他框架！的使用这个应用，随意的架构，我们正在实施的功能常见更多的整体框架。事实上，我们目前正在为1.8版本，这将使它易于构建使用ZF组件的应用程序，但不会牺牲现有的ZF组件的使用，随意自然一个工具组件。这也证明了Zend框架的使用，随意架构的工具组件本身可以独立使用。

我没有使用Zend_Search与MVC框架时做的唯一的事情是添加到你安装Zend框架包含路径由于Zend库中包含的目录。文档没有记录了包括你不使用Zend自动加载时的需要，但因为一切都将使用PEAR类的命名方案，很容易从你使用的是类名来推断。 （因此该类 Foo_Bar_File 将要求您包括富/酒吧/ File.php ）

I know questions like this have been asked numerous times, but not quite this one. Forgive me if I overlooked an obvious duplicate.

In the core of many of my web applications is a self-written user/session management class that in its origins dates back to 2002. I have decided that it is time for a fundamental re-write or, preferably, the introduction of a ready-made standard library.

My requirements for that library would be:

• Object oriented, clean, excellent code
• Full session management: Wrapper to session_start() and consorts
• Would ideally provide various storage methods (PHP Standard /tmp, database based)
• Would ideally be able to connect to different types of user data storage, but mySQL will do fine
• Would ideally provide convenient functions for supporting OpenID, but that's a fancy thought, no requirement right now
• Methods: Verify session, get user data, get session data, log in user, log out user
• Settings: Session lifetime, password encryption
• Must be Open Source

And if it's very generic, a user management API or a generic connector to the user management of the surrounding application would be nice:

• Create/Update/delete user records
• Fetch and modify data of currently logged in user

this is so basic, and so security relevant, that I would expect that there is a standard solution to this, however I don't know of any, and all the big CMSs and blogs seem to be rolling their own.

My two questions:

• Do you know such a component as a generic, stand-alone library?

• Could somebody with deep knowledge in Zend Framework tell me whether it is possible to use Zend_auth and/or Zend_session standalone, at the core of a big application that has otherwise nothing to do with ZF, without running in to trouble?

解决方案

Could somebody with deep knowledge in Zend Framework tell me whether it is possible to use Zend_auth and/or Zend_session standalone, at the core of a big application that has otherwise nothing to do with ZF, without running in to trouble?

I don't have deep knowledge of the Zend Framework, but I have used various components (e.g. Zend_Search) without creating a Zend_Application object or using the MVC framework and I am sure the rest of the library is also designed to be totally modular. Last time I dug though the Zend_Session code, I didn't find any includes outside Zend/Session/. A quick google seemed to confirm this for Zend_Auth, along with the Zend FAQ which states:

Is ZF a component library or a framework?
Simple answer: both. Zend Framework provides all the components required for most web applications in a single distribution. But Zend Framework components are also loosely coupled, making it easy to use just a few components in a web application- even alongside other frameworks! Using this use-at-will architecture, we are implementing features commonly found in more monolithic frameworks. In fact, we are currently working on a tooling component for the 1.8 release that will make it simpler to build applications using ZF components, yet will not sacrifice the use-at-will nature of existing ZF components. It's a testament to the use-at-will architecture of Zend Framework that the tooling component itself can be used standalone.

The only thing I had to do when not using Zend_Search with the MVC framework was add the directory where you installed the Zend Framework to the include path due to the includes in the Zend library. The documentation doesn't document the includes you need when not using the Zend Autoloader, but as everything uses the PEAR class naming scheme, it is easy to deduce from the class names you are using. (so the class Foo_Bar_File would require you to include Foo/Bar/File.php )

这篇关于基本身份验证和会话管理库PHP？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！