inxilpro/gist:1590022

## gistfile1.aw
<?php

/*
This User model handles everything related to users.  Most of the code is
ommitted, because it's not relevant to this example.
*/

class User
{
	public static function loadUserByCredentials($username, $password)
	{
		/*
		Check database for user matching credentials.  If no match,
		return false.  If a match, create a new User object, populate
		it with the user's data, and return that object.
		*/
	}
}

/*
The Auth class is a central place to handle everything having
to do with authentication.
*/

class Auth
{
	/*
	Here we implement a faux-singleton pattern via the getInstance() method
	so that a single Auth instance is readily available throughout our application.
	*/

	protected static $_instance = null;
	public function getInstance()
	{
		if (null == self::$_instance) {
			self::$_instance = new Auth();
		}

		return self::$_instance;
	}

	/*
	authenticate() just passes the info on to our User class and either returns
	a User object (on success) of FALSE on failure.  It also stores the user
	in the session for later use.

	You would call this method when a user submits a login form.
	*/

	public function authenticate($username, $password)
	{
		if ($user = User::loadUserByCredentials($username, $password)) {
			$_SESSION['user'] = serialize($user);
			return $user;
		}

		return false;
	}

	/*
	getIdentity() returns a User object if one is stored in the session.
	Use this when a user isn't required, but may result in additional features.
	*/

	public function getIdentity()
	{
		if (isset($_SESSION['user'])) {
			$user = unserialize($_SESSION['user']);
			if ($user instanceof User) {
				return $user;
			}
		}

		return false;
	}

	/*
	requireIdentity() is similar to getIdentity(), except that if no user
	is set in the session, it redirects to APP_ROOT_URI and exits.  This way
	you can be sure you have a User object if requireIdentitu() returns.
	*/

	public function requireIdentity()
	{
		if ($user = $this->getIdentity()) {
			return $user;
		}

		header('Location: ' . APP_ROOT_URI);
		exit;
	}
}

/*
This is a very simple controller.  Obviously the controller and the view
should be separated, but I have the controller printing content just for
simplicity's sake.
*/

class Controller
{
	/*
	The index action doesn't REQUIRE a user, so it uses getIdentity().
	If a user exists, we print their name.  If not, we fall back on "Guest".
	*/

	public function indexAction()
	{
		$name = 'Guest';
		$user = Auth::getInstance()->getIdentity();
		if ($user) {
			$name = $user->getName();
		}

		printf("Hello, %s!", $name);
	}

	/*
	The 'secret' action REQUIRES a user, so we use requireIdentity().
	If a user doesn't exist, it automatically redirects (built into the
	redirectIdentity() method).
	*/

	public function secretAction()
	{
		$user = Auth::getInstance()->requireIdentity();

		// If you want to be paranoid, you can sanity-check your $user object.
		// This way, if you mess up the requireIdentity() code, you still error out.
		if ($user !instanceof User) {
			throw new Exception('Authentication error.');
		}

		printf("You can access this secret page because you're %s!", $user->getName());
	}
}
	<?php

	/*
	This User model handles everything related to users. Most of the code is
	ommitted, because it's not relevant to this example.
	*/

	class User
	{
	public static function loadUserByCredentials($username, $password)
	{
	/*
	Check database for user matching credentials. If no match,
	return false. If a match, create a new User object, populate
	it with the user's data, and return that object.
	*/
	}
	}

	/*
	The Auth class is a central place to handle everything having
	to do with authentication.
	*/

	class Auth
	{
	/*
	Here we implement a faux-singleton pattern via the getInstance() method
	so that a single Auth instance is readily available throughout our application.
	*/

	protected static $_instance = null;
	public function getInstance()
	{
	if (null == self::$_instance) {
	self::$_instance = new Auth();
	}

	return self::$_instance;
	}

	/*
	authenticate() just passes the info on to our User class and either returns
	a User object (on success) of FALSE on failure. It also stores the user
	in the session for later use.

	You would call this method when a user submits a login form.
	*/

	public function authenticate($username, $password)
	{
	if ($user = User::loadUserByCredentials($username, $password)) {
	$_SESSION['user'] = serialize($user);
	return $user;
	}

	return false;
	}

	/*
	getIdentity() returns a User object if one is stored in the session.
	Use this when a user isn't required, but may result in additional features.
	*/

	public function getIdentity()
	{
	if (isset($_SESSION['user'])) {
	$user = unserialize($_SESSION['user']);
	if ($user instanceof User) {
	return $user;
	}
	}

	return false;
	}

	/*
	requireIdentity() is similar to getIdentity(), except that if no user
	is set in the session, it redirects to APP_ROOT_URI and exits. This way
	you can be sure you have a User object if requireIdentitu() returns.
	*/

	public function requireIdentity()
	{
	if ($user = $this->getIdentity()) {
	return $user;
	}

	header('Location: ' . APP_ROOT_URI);
	exit;
	}
	}

	/*
	This is a very simple controller. Obviously the controller and the view
	should be separated, but I have the controller printing content just for
	simplicity's sake.
	*/

	class Controller
	{
	/*
	The index action doesn't REQUIRE a user, so it uses getIdentity().
	If a user exists, we print their name. If not, we fall back on "Guest".
	*/

	public function indexAction()
	{
	$name = 'Guest';
	$user = Auth::getInstance()->getIdentity();
	if ($user) {
	$name = $user->getName();
	}

	printf("Hello, %s!", $name);
	}

	/*
	The 'secret' action REQUIRES a user, so we use requireIdentity().
	If a user doesn't exist, it automatically redirects (built into the
	redirectIdentity() method).
	*/

	public function secretAction()
	{
	$user = Auth::getInstance()->requireIdentity();

	// If you want to be paranoid, you can sanity-check your $user object.
	// This way, if you mess up the requireIdentity() code, you still error out.
	if ($user !instanceof User) {
	throw new Exception('Authentication error.');
	}

	printf("You can access this secret page because you're %s!", $user->getName());
	}
	}