Php 在Zend Framework 2中处理身份验证的最佳方法2
我是Zend Framework 2的新手,我想知道处理身份验证的最佳方法是什么。我当前的(工作)登录代码是:Php 在Zend Framework 2中处理身份验证的最佳方法2,php,authentication,login,zend-framework2,bcrypt,Php,Authentication,Login,Zend Framework2,Bcrypt,我是Zend Framework 2的新手,我想知道处理身份验证的最佳方法是什么。我当前的(工作)登录代码是: public function loginAction() { $message = ''; $message_type = ''; $form = new UserForm(); $form->get('submit')->setValue('login'); $request = $this->getRequest();
public function loginAction()
{
$message = '';
$message_type = '';
$form = new UserForm();
$form->get('submit')->setValue('login');
$request = $this->getRequest();
if($request->isPost())
{
$data = $request->getPost();
$user = $this->getUserTable()->getUser($data['username']);
$bcrypt = new Bcrypt();
if($bcrypt->verify($data['password'], $user->password))
{
$message = 'successfully logged in as ' . $user->username;
$message_type = 'success';
}
else
{
$message = 'invalid password or username';
$message_type = 'danger';
}
}
return new ViewModel(array(
'form' => $form,
'message' => $message,
'message_type' => $message_type,
));
}
现在我知道我没有使用ZF2身份验证模块,但我无法让它与Bcrypt一起工作。我的方法是否足够安全,还是应该使用Zend\Authentication
编辑
好吧,我设法让它工作了,下面是新代码:
public function loginAction()
{
$message = '';
$message_type = '';
$form = new UserForm();
$form->get('submit')->setValue('login');
$request = $this->getRequest();
if($request->isPost())
{
$user = new User();
$form->setInputFilter($user->getInputFilter());
$form->setValidationGroup('username', 'password');
$form->setData($request->getPost());
if($form->isValid())
{
$user->exchangeArray($form->getData());
$data = $this->getUserTable()->getUser($user->username);
$bcrypt = new Bcrypt();
if($bcrypt->verify($user->password, $data->password))
{
$dbAdapter = $this->getServiceLocator()->get('Zend\Db\Adapter\Adapter');
$authService = new CredentialTreatmentAdapter($dbAdapter, 'user', 'username', 'password');
$authService->setIdentity($user->username);
$authService->setCredential($data->password);
if($authService->authenticate()->isValid())
{
$message = 'successfully logged in as ' . $user->username;
$message_type = 'success';
}
else
{
$message = 'invalid password or username';
$message_type = 'danger';
}
}
}
}
它使用BCrypt和Zend\Authentication,似乎工作正常。“但我无法让它与BCrypt一起工作”
尽管如此,我还是会使用Zend身份验证:,因为它提供了更多功能。它在没有会话存储的情况下对我有效。
public function login($credential)
{
$bcrypt = new Bcrypt();
$user = new User();
$user->exchangeArray($credential);
$password = $user->password;
$data = $this->getUserTable()->selectUser($user->username);
if (!$data)
{
$message = 'Username or password not correct!';
} else {
if ($bcrypt->verify($password, $data->password)) {
$sm = $this->getServiceLocator();
$dbAdapter = $sm->get('Zend\Db\Adapter\Adapter');
$authAdapter = new AuthAdapter(
$dbAdapter,
'user',
'username',
'password'
);
$authAdapter -> setIdentity($user->username) -> setCredential($data->password);
$auth = new AuthenticationService();
$result = $auth->authenticate($authAdapter);
//success
switch ($result->getCode()) {
case Result::FAILURE_IDENTITY_NOT_FOUND:
// do stuff for nonexistent identity
$message = "FAILURE_IDENTITY_NOT_FOUND";
break;
case Result::FAILURE_CREDENTIAL_INVALID:
// do stuff for invalid credential
$message = "FAILURE_CREDENTIAL_INVALID";
break;
case Result::SUCCESS:
$message = "you are logged in succesfully";
break;
default:
// do stuff for other failure
//$message = "you are logged in succesfully";
break;
//$message = "Login succesfull.Welcome ".$auth->getIdentity();
}
} else {
$message = 'Username or password not correct';
}
}
return new ViewModel(array("message" =>$message));
}