Luracast Restler认证 [英] Luracast Restler Authentication

问题描述

我使用Luracast restler我试图通过实现IAuthenticate进行的接口来实现一些认证。

I’m using Luracast restler and i’m trying to implement some authentication by implementing iAuthenticate interface.

问题是，我的身份验证code需要查询我的数据库检索用户的私钥。这私钥总是在URL请求（哈希）提供。

The thing is, my authentication code needs to query my database to retrieve the user private key. This private key will always be provided in the url request (hashed).

我想打开只有一个数据库连接到每一个请求，所以我需要的数据库连接变量传递给我的类，它实现IAuthenticate进行的，并可以处理所有的请求的其他类。但我无法弄清楚如何传递变量到我的类，它实现IAuthenticate进行的。

I wanted to open just one database connection to each request, so i need to pass the db connection variable to my class that implements iAuthenticate and to the other classes that handle all the requests. But i can’t figure out how can i pass variables to my class that implements iAuthenticate.

这可能吗？

有关参考，在这里是的luracast例子

thks提前。

推荐答案

创建一个名为php文件的config.php ，把你所有的数据库信息与数据库连接，并选择沿。

Using Single DB Connection for your API and Authentication Classes

Create a php file called config.php and place all your db information along with db connection and selection.

例如

<?php
define('DB_SERVER', 'localhost');
define('DB_USER', 'root');
define('DB_PASSWORD', 'password');
define('DB_NAME', 'mysql_db');
//initalize connection to use everywhere
//including auth class and api classes
mysql_connect(DB_SERVER, DB_USER, DB_PASSWORD);
mysql_select_db(DB_NAME);

使用 require_once 对包含该功能既验证类API类，像（为简单起见，我在这里不加密的密码）

Include this function using require_once on both Authentication class and API class, something like (for simplicity I'm not encrypting the password here)

<?php
require_once 'config.php';
class BasicAuthentication implements iAuthenticate{
    const REALM = 'Restricted API';
    public static $currentUser;

    function __isAuthenticated(){
        if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])){
            $user = $_SERVER['PHP_AUTH_USER'];
            $pass = $_SERVER['PHP_AUTH_PW'];
            $user = mysql_real_escape_string($user);
            $pass = mysql_real_escape_string($pass);

            mysql_query("UPDATE `login` SET logged=NOW()
                WHERE user='$user' AND pass='$pass'");
            // echo mysql_affected_rows();
            if(mysql_affected_rows()>0){
                self::$currentUser = $user;
                return TRUE;
            }
        }
        header('WWW-Authenticate: Basic realm="'.self::REALM.'"');
        throw new RestException(401, 'Basic Authentication Required');
    }
}

您API类可以具有一个保护方法，其查询同一分贝，它可以是一个不同的表返回使用相同的连接的数据。为了简便起见，我在这里使用相同的表。

Your API class can have a protected method that query the same db, it can be a different table that return the data using the same connection. For simplicity sake I use the same table here.

<?php
require_once 'config.php';
class Simple {
    function index() {
        return 'public api result';
    }
    protected function restricted() {
        $query = mysql_query("SELECT * FROM login");
        $result = array();
        while ($row = mysql_fetch_assoc($query)) {
            $result[]=$row;
        }
        return $result;
    }
}

使用 require_once 可确保PHP文件包括只在第一次遇到一次。即使我们停止使用身份验证类后者我们的API将继续发挥作用。

Using require_once makes sure that the php file is included only once on the first encounter. Even if we stop using the auth class latter our api will keep functioning

假设下面的SQL用于创建我们的数据库表

Assuming that following SQL is used to create our db table

--
-- Database: `mysql_db`
--

--
-- Table structure for table `login`
--

CREATE TABLE IF NOT EXISTS `login` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `logged` datetime DEFAULT NULL,
  `user` varchar(10) DEFAULT NULL,
  `pass` varchar(10) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

--
-- Dumping data for table `login`
--

INSERT INTO `login` (`id`, `logged`, `user`, `pass`) VALUES
(1, '2011-11-01 22:50:05', 'arul', 'mypass'),
(2, '2011-11-01 23:43:25', 'paulo', 'hispass');

和用以下的index.php

And the index.php with the following

<?php
require_once '../../restler/restler.php';

#set autoloader
#do not use spl_autoload_register with out parameter
#it will disable the autoloading of formats
spl_autoload_register('spl_autoload');

$r = new Restler();

$r->addAPIClass('Simple','');
$r->addAuthenticationClass('BasicAuthentication');
$r->handle();

的结果

如果你打开​​的index.php /限制在正确的用户名和密码组合的浏览器和钥匙，你会看到如下的结果：）

The Result

if you open index.php/restricted in the browser and key in the right username and password combination, you will see the following as the result :)

[
  {
    "id": "1",
    "logged": "2011-11-01 22:50:05",
    "user": "arul",
    "pass": "mypass"
  },
  {
    "id": "2",
    "logged": "2011-11-01 23:43:25",
    "user": "paulo",
    "pass": "hispass"
  }
]

这篇关于Luracast Restler认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！