Adding authentication using Zend Framework components in Delphi for PHP 2.0

Posted by on in Blogs
One of the main goals of VCL for PHP design was to reuse as much existing PHP code as possible. There is a lot of excellent PHP code out there, so we wanted to make easy to integrate all that content in a visual development environment, but the problem was that no other library was designed to be included on a drag-and-drop IDE.

Lot of things must be taken into account to allow PHP components to work inside a visual designer, so the library must be written to satisfy the IDE needs, and not write the IDE to satisfy the library needs.

One of the strengths in VCL for PHP, is you can write components to wrap around existing PHP code and get them up and running inside the IDE, in no time and with full-blown design capabilities, like properties, events, javascript events and visual representation.

This is what we have done by integrating Zend Framework inside the VCL for PHP. Zend Framework is an excellent library which provides a lot of ready-made functionality to your PHP applications and is becoming better and better, so is worth considering if you plan to write serious PHP applications.

As you can see, VCL for PHP and Zend Framework are not competing products, but products that can work together to supply things you may need. VCL for PHP is a visual library, while Zend Framework is more focused to the procedures and functionality.

I will cover component development in another article, on this one, you will see how easy is to add authentication to your application using the new Zend Framework components.

Creating the project

First, you need to create a new application using File | New | Application, this creates a new project with a single form. Save it anywhere and add some label to your form. This is going to be your protected content, that is, a page is not going to be shown, unless the user enters the right credentials.

content_373.png

Using ZAuth and ZAuthDigest

To add those components to your application, is better you add a new Data Module to the project, by using File | New | Data Module. A Data Module is a container for non-visual components, like ZAuth and ZAuthDigest, that doesn't provide any visual output, but functionality.

Place both components there and link them by setting the ZAuth::AuthAdapter property to the ZAuthDigest component. ZAuth uses adapters to perform authentication, so you can add new adapters and change authentication from a text file or a database, to, for example, an LDAP directory just by changing the adapter.

The ZAuthDigest component is a file based authentication component, it uses a text file to search for valid users. This component has a property called FileName you must set to the file that contain valid users and passwords.

datamodule_375.png

Users file

The users file must be in the form user:realm:md5, where md5 is the md5(user+realm+pass), to know more about this:

http://framework.zend.com/manual/en/zend.auth.adapter.digest.html

For this sample, we can use the same sample file used in the Zend Framework documentation:

someUser:Some Realm:fde17b91c3a510ecbaf7dbd37f59d4f8


Which correspond to user: someUser and password: somePassword

Requesting login

If the user has not been authenticated, you need to request the username and password, so double click the ZAuth component and the OnLogin event handler will be generated. Write this code:

function ZAuthLogin($sender, $params)
{
redirect('login.php');

}

ZAuth::OnLogin event is fired when authentication fails and login is required, so you just simply need to redirect the user to login.php, a page we are going to add that will request the user name and password.

Adding the login screen

Now we need to add a new page to request user name and password, so File | New | Form will create it, place two Edit boxes and a Button (and some labels) to make a login screen and save it as login.php.

login_377.png

We need also to use the Data Module we created before, so the ZAuth component is available to us.

Now we are going to process the user submission, so double click on the Button to create the OnClick event and write this code:

function btnLoginClick($sender, $params)
{
global $dmAuth;
$dmAuth->ZAuth->UserName = $this->edUser->Text;
$dmAuth->ZAuth->UserPassword = $this->edPassword->Text;
redirect("zauthsample.php");
}


That is, set the UserName and UserPassword properties of the ZAuth component on the Data Module to the values entered by the user and redirect to the page requires authentication.

Performing authentication

Now the login screen is ready and the ZAuth and ZAuthDigest are setup, you just need to call the ZAuth::Execute() method to prevent this page from being shown if no user has been authenticated.

To access the ZAuth component, you need to use the Data Module on this page, by using File | Use Unit... command.

The perfect time for authentication is the OnBeforeShow event for the Page, which is executed before any page content is dumped out, so here it is:

function ZAuthSampleBeforeShow($sender, $params)
{
global $dmAuth;
$dmAuth->ZAuth->Execute();
}

And that's it, if you run your main script, you will be requested for user and password and you won't be able to access unless you enter the right values.

You have an authentication system in your app, with just seven lines of code and with the ability to change the adapter to a ZAuthDB adapter or your custom one without changing anything in your application.


Comments

Check out more tips and tricks in this development video: