简体繁体 English

PHP：集中式页面会话身份验证器

[英]PHP: Centralized Page Session Authenticator

原文 2009-04-26 05:35:57 8 2 php/ session/ centralized

I am currently wondering how a centralized page authenticator could be achieved. 我目前想知道如何实现集中式页面身份验证器。 Can anyone suggest a neat algorithm for me? 谁能为我推荐一种简洁的算法？ What I intend to achieve is to make my backend administrator pages session protected without writing a piece of session checking code to each of my pages that I want protected. 我打算实现的目标是使后端管理员页面处于会话保护状态，而无需在要保护的每个页面上编写会话检查代码。 I currently do something like this: 我目前正在做这样的事情：

login page -> if right credentials : set session -> if view protected page without session : reject else : permit 登录页面->如果权限凭证正确：设置会话->如果查看没有会话的受保护页面：拒绝其他：允许

Any best practices (or a better method) on/than this? 是否有其他最佳做法（或更好的方法）？

2 个解决方案

I would not so much want to suggest an algorithm, but a library/framework instead. 我不太想建议一种算法，而是要使用一个库/框架。

If your application has a single entry point, that is the place to call your session management library/framework. 如果您的应用程序具有单个入口点，那么这就是调用会话管理库/框架的地方。 For example with the Zend Framework you can initiate your session in the bootstrap. 例如，使用Zend Framework，您可以在引导程序中启动会话。 The only thing left is to authenticate a session in the login controller. 剩下的唯一事情就是在登录控制器中对会话进行身份验证。

If you're architecting a PHP app that has multiple entry points you will go crazy trying to copy and paste all this code. 如果您要构建一个具有多个入口点的PHP应用程序，那么您将疯狂地尝试复制并粘贴所有这些代码。 Look into using a real MVC framework. 研究使用真正的MVC框架。

I use Zend_Controller to route my pageviews in situations like this. 在这种情况下，我使用Zend_Controller来路由我的综合浏览量。

Once you architect your app in that way, it becomes simple to add some code to the predispatch() method of your restricted controllers to do authentication and redirect to a login page if it is not found or is invalid. 以这种方式构建应用程序后，将简单的代码添加到受限控制器的predispatch（）方法中进行身份验证，并在找不到或无效的情况下重定向到登录页面变得很简单。