重构Zend_Auth实现 [英] Refactoring a Zend_Auth implementation

问题描述

我正在研究一个可以登录两个区域的现有项目.管理部分和前端.

I am working on an existing project that has two areas that can be logged into. An admin section and the front end.

当前，管理员部分具有登录操作，前端具有其自己的登录操作.管理员使用专门用于管理员帐户的数据库表登录，前端同时使用其他表登录.

Currently the admin section has a login action and the front end has its own login action. Admin logs in using a database table specifically for admin accounts, the front end is logged in using a different table all together.

如果管理员已登录并尝试登录到前端，则会提示他们以前端用户身份登录(之所以需要，是因为前端用户根据与他们相关联的项目获得完全不同的内容，而admin不是与一个特定项目相关联.

If the admin is logged in and tries to then log into the front end they are prompted to log in as a front end user (needed because front end users get completely different content based on projects they are associated with and admin is not associated with one particular project).

以前端用户身份登录后，他们的管理员凭据已消失，如果尝试重新输入管理员部分，则必须再次登录.

Once logged in as a front end user, their admin credentials are gone and they have to log in again if they try to reenter the admin section.

我要这样做，以便管理员可以登录到admin部分并以特定的前端用户身份登录.这样便可以在两个部分之间来回切换网站而无需重新登录.

I want to make it so that the admin can be logged into the admin section AND log in as a specific front end user. Thus being able to switch back and forth between the two sections of the site without have to re-login.

在Zend Framework中处理此问题的最佳方法是什么?

到目前为止，我正在考虑丢失单独的登录操作，而只进行一次登录(是否需要两项，对吗?)，然后我必须处理允许使用单独的凭据.

So far I am thinking of losing the separate login actions and having just one (there is no need for two, correct?) and then I have to deal with allowing separate credentials.

当前，以前端用户身份登录导致admin用户必须重新登录才能访问admin区域.这是因为某些$ _SESSION凭据被覆盖了吗?我是否需要以某种方式创建自定义$ _SESSION变量来处理ZF方式?

Currently, logging in as a front end user results in the admin user having to log back in to access the admin area. Is this because some $_SESSION credential is being overwritten? Do I need to somehow create a custom $_SESSION variable to handle this the ZF way?

很明显，我不能直接将值分配给$ _SESSION ['front_end']或$ _SESSION ['admin'](我会回想一下)，那么我将如何在Zend Framework中做到这一点?

Obviously I can't just directly assign a value to $_SESSION['front_end'] or $_SESSION['admin'] (which I would have done back in the day) so how would I do this within Zend Framework?

谢谢！

推荐答案

第一个问题，您真的需要这样做吗?假设管理员用户可以访问所有项目，则类似的典型方法是让管理员在前端列出下拉列表，列出所有项目并允许他们在它们之间进行切换.一旦他们选择了一个，这个选择就会存储在他们的会话中，他们可以像查看其中一个用户一样查看数据.然后，他们可以随意在项目之间切换.

First question, do you really need to do this? Assuming admin users can access all projects, the typical approach to something like this would be to give admins a dropdown on the frontend that lists all projects and allows them to switch between them. Once they've selected one this selection is stored in their session and they can view data as if they were logged in as one of those users. They can then switch between projects at will.

如果您确实需要两次登录，那肯定应该可行.默认情况下，Zend_Auth使用类Zend_Auth_Storage_Session在会话中存储身份验证结果.此类默认情况下使用会话名称空间'Zend_Auth'(即数据存储在$_SESSION['Zend_Auth']中)，因此当您的前端用户成功登录到admin后，其admin身份验证结果将覆盖他们的session身份验证数据.因此，您要做的就是让Zend_Auth_Storage_Session为管理员登录使用不同的名称空间(或为每个登录使用自定义名称空间).

If you really need two logins, this certainly should be possible. By default Zend_Auth uses the class Zend_Auth_Storage_Session for storing the result of authentication in the session. This class uses the session namespace 'Zend_Auth' by default (i.e. the data is being stored in $_SESSION['Zend_Auth']), so when your frontend user successfully logs into the admin their session auth data is being overwritten by the result of the admin auth. So what you want to do is get Zend_Auth_Storage_Session to use a different namespace for the admin logins (or a custom namespace for each).

理论上，您应该可以执行以下操作:

In theory you should be able to do something like this:

public function loginAction()
{
    $auth = Zend_Auth::getInstance();
    if (...) { // check some condition that returns true for admin logins
        // setup storage with custom admin namespace (can be any string)
        $authStorage = new Zend_Auth_Storage_Session('Yourapp_Admin_Auth');
    } else {
        // use defaults
        $authStorage = new Zend_Auth_Storage_Session();
    }
    $auth->setStorage($authStorage);

    // carry on login as normal
    [...]
}

所以，这是让Zend_Auth使用$_SESSION['Yourapp_Admin_Auth']进行管理员登录，使用默认$_SESSION['Zend_Auth']进行前端登录.

so, what this is doing is getting Zend_Auth to use $_SESSION['Yourapp_Admin_Auth'] for admin logins and the default $_SESSION['Zend_Auth'] for frontend ones.

这篇关于重构Zend_Auth实现的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！