我是Zend Framework 2的新手,我想知道处理身份验证的最佳方法是什么。我当前(工作)的登录代码是:
public function loginAction()
{
$message = '';
$message_type = '';
$form = new UserForm();
$form->get('submit')->setValue('login');
$request = $this->getRequest();
if($request->isPost())
{
$data = $request->getPost();
$user = $this->getUserTable()->getUser($data['username']);
$bcrypt = new Bcrypt();
if($bcrypt->verify($data['password'], $user->password))
{
$message = 'successfully logged in as ' . $user->username;
$message_type = 'success';
}
else
{
$message = 'invalid password or username';
$message_type = 'danger';
}
}
return new ViewModel(array(
'form' => $form,
'message' => $message,
'message_type' => $message_type,
));
}
现在我知道我没有使用ZF2身份验证模块,但我无法使用它来使用Bcrypt。我的方法是否足够安全,还是应该使用Zend \ Authentication?
修改
好吧,我设法让它以某种方式工作,这里是新代码:
public function loginAction()
{
$message = '';
$message_type = '';
$form = new UserForm();
$form->get('submit')->setValue('login');
$request = $this->getRequest();
if($request->isPost())
{
$user = new User();
$form->setInputFilter($user->getInputFilter());
$form->setValidationGroup('username', 'password');
$form->setData($request->getPost());
if($form->isValid())
{
$user->exchangeArray($form->getData());
$data = $this->getUserTable()->getUser($user->username);
$bcrypt = new Bcrypt();
if($bcrypt->verify($user->password, $data->password))
{
$dbAdapter = $this->getServiceLocator()->get('Zend\Db\Adapter\Adapter');
$authService = new CredentialTreatmentAdapter($dbAdapter, 'user', 'username', 'password');
$authService->setIdentity($user->username);
$authService->setCredential($data->password);
if($authService->authenticate()->isValid())
{
$message = 'successfully logged in as ' . $user->username;
$message_type = 'success';
}
else
{
$message = 'invalid password or username';
$message_type = 'danger';
}
}
}
}
它使用BCrypt和Zend \ Authentication,它似乎工作正常。
答案 0 :(得分:1)
“但我无法使用Bcrypt ”
(它只会比较字符串。)
“我的方法是否足够安全,还是应该使用Zend \ Authentication ” 如果您存储密码加密(就像您一样),我认为您的代码没有任何问题。
然而,我会使用Zend身份验证:Zend\Authentication,因为它提供了更多。
答案 1 :(得分:0)
这对我来说没有会话存储
public function login($credential)
{
$bcrypt = new Bcrypt();
$user = new User();
$user->exchangeArray($credential);
$password = $user->password;
$data = $this->getUserTable()->selectUser($user->username);
if (!$data)
{
$message = 'Username or password not correct!';
} else {
if ($bcrypt->verify($password, $data->password)) {
$sm = $this->getServiceLocator();
$dbAdapter = $sm->get('Zend\Db\Adapter\Adapter');
$authAdapter = new AuthAdapter(
$dbAdapter,
'user',
'username',
'password'
);
$authAdapter -> setIdentity($user->username) -> setCredential($data->password);
$auth = new AuthenticationService();
$result = $auth->authenticate($authAdapter);
//success
switch ($result->getCode()) {
case Result::FAILURE_IDENTITY_NOT_FOUND:
// do stuff for nonexistent identity
$message = "FAILURE_IDENTITY_NOT_FOUND";
break;
case Result::FAILURE_CREDENTIAL_INVALID:
// do stuff for invalid credential
$message = "FAILURE_CREDENTIAL_INVALID";
break;
case Result::SUCCESS:
$message = "you are logged in succesfully";
break;
default:
// do stuff for other failure
//$message = "you are logged in succesfully";
break;
//$message = "Login succesfull.Welcome ".$auth->getIdentity();
}
} else {
$message = 'Username or password not correct';
}
}
return new ViewModel(array("message" =>$message));
}