Refactoring a Zend_Auth implementation
I am working on an existing project that has two areas that can be logged into. An admin section and the front end.
Currently the admin section has a login action and the front end has its own login action. Admin logs in using a database table specifically for admin accounts, the front end is logged in using a different table all together.
If the admin is logged in and tries to then log into the front end they are prompted to log in as a front end user (needed because front end users get completely different content based on projects they are associated with and admin is not associated with one particular project).
Once logged in as a front end user, their admin credentials are gone and they have to log in again if they try to reenter the admin section.
I want to make it so that the admin can be logged into the admin section AND log in as a specific front end user. Thus being able to switch back and forth between the two sections of the site without have to re-login.
What is the best way to han开发者_运维知识库dle this within the Zend Framework?
So far I am thinking of losing the separate login actions and having just one (there is no need for two, correct?) and then I have to deal with allowing separate credentials.
Currently, logging in as a front end user results in the admin user having to log back in to access the admin area. Is this because some $_SESSION credential is being overwritten? Do I need to somehow create a custom $_SESSION variable to handle this the ZF way?
Obviously I can't just directly assign a value to $_SESSION['front_end'] or $_SESSION['admin'] (which I would have done back in the day) so how would I do this within Zend Framework?
Thanks!
First question, do you really need to do this? Assuming admin users can access all projects, the typical approach to something like this would be to give admins a dropdown on the frontend that lists all projects and allows them to switch between them. Once they've selected one this selection is stored in their session and they can view data as if they were logged in as one of those users. They can then switch between projects at will.
If you really need two logins, this certainly should be possible. By default Zend_Auth uses the class Zend_Auth_Storage_Session for storing the result of authentication in the session. This class uses the session namespace 'Zend_Auth' by default (i.e. the data is being stored in $_SESSION['Zend_Auth']
), so when your frontend user successfully logs into the admin their session auth data is being overwritten by the result of the admin auth. So what you want to do is get Zend_Auth_Storage_Session to use a different namespace for the admin logins (or a custom namespace for each).
In theory you should be able to do something like this:
public function loginAction()
{
$auth = Zend_Auth::getInstance();
if (...) { // check some condition that returns true for admin logins
// setup storage with custom admin namespace (can be any string)
$authStorage = new Zend_Auth_Storage_Session('Yourapp_Admin_Auth');
} else {
// use defaults
$authStorage = new Zend_Auth_Storage_Session();
}
$auth->setStorage($authStorage);
// carry on login as normal
[...]
}
so, what this is doing is getting Zend_Auth to use $_SESSION['Yourapp_Admin_Auth']
for admin logins and the default $_SESSION['Zend_Auth']
for frontend ones.
精彩评论