i use this code for authorization. it needs to be refactored and documented for the production version, but may give you some ideas.
one key here is that it allows you to store multiple roled per session. i have users who are also members. this allows them to be logged into admin and their member account at the same time, without ever granting a member access to admin.
one other key is the utility role, registeredUser. this is helpfull for when you want to save some information about a site visitor for a few.
PHP Code:
<?php
class MyAuth
{
private $userNamespace;
private $user;
private $member;
private $registered_user;
private $username;
private $password;
function __construct(){
$this->userNamespace = new Zend_Session_Namespace('User');
if(isset($this->userNamespace->user)){
$this->user = $this->userNamespace->user;
//log the users request
$log = new AccessLog();
$log->log($this->user->id);
}
if(isset($this->userNamespace->member)){
$this->member = $this->userNamespace->member;
}
if(isset($this->userNamespace->registered_user)){
$this->registered_user = $this->userNamespace->registered_user;
}
}
function authenticate($username, $password,$type = false){
if($type == 'person'){
$e = new libEncrypt();
$password = $e->encryptData(trim($password));
$where = "username = '$username' AND password = \"{$password}\"";
$user = new People();
$currUser = $user->fetchRow($where);
if(!$currUser->id == ''){
$userClass = new stdClass();
$userClass->id = $currUser->id;
$userClass->first_name = $currUser->first_name;
$userClass->last_name = $currUser->last_name;
$userClass->email = $currUser->email;
//get user role
$r = new PeopleRoles();
echo $currUser->role;
$ur = $r->find($currUser->role)->current();
//Zend_Debug::dump($ur);
$role = $ur->role;
$userClass->role = $role;
return $this->userNamespace->$role = $userClass;
}else{
$e = new libErrors();
$e->add("The username or password you entered is not correct");
}
}else{
$e = new libEncrypt();
$password = $e->encryptData($password);
$where = "email = '$username' AND password = \"{$password}\"";
$user = new Users();
$currUser = $user->fetchRow($where);
if(!$currUser->id == ''){
$userClass = new stdClass();
$userClass->id = $currUser->id;
$userClass->first_name = $currUser->first_name;
$userClass->last_name = $currUser->last_name;
$userClass->role = $currUser->role;
$userClass->email = $currUser->email;
$userClass->editor = $currUser->editor;
//load the users usergroup
$g = new UserGroups();
$group = $g->find($currUser->user_group_id)->current();
$userGroup = new stdClass();
$userGroup->id = intval($group->id);
$userGroup->name = (string)$group->name;
$userClass->group = $userGroup;
$this->user = $userClass;
return $this->userNamespace->user = $this->user;
}
}
}
/**
* the registered user is like a utility class to store temp data
* no need to validate it here
*
* @return unknown
*/
function hasIdentity()
{
if($this->user || $this->member){
return true;
}
}
function getUser()
{
return $this->user;
}
function getMember()
{
return $this->member;
}
function getRegisteredUser()
{
return $this->registered_user;
}
function destroy()
{
foreach ($this->userNamespace as $k=>$v)
{
$this->userNamespace->$k = false;
unset($this->userNamespace->$k );
}
}
}