Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
<?php
/*
This User model handles everything related to users. Most of the code is
ommitted, because it's not relevant to this example.
*/
class User
{
public static function loadUserByCredentials($username, $password)
{
/*
Check database for user matching credentials. If no match,
return false. If a match, create a new User object, populate
it with the user's data, and return that object.
*/
}
}
/*
The Auth class is a central place to handle everything having
to do with authentication.
*/
class Auth
{
/*
Here we implement a faux-singleton pattern via the getInstance() method
so that a single Auth instance is readily available throughout our application.
*/
protected static $_instance = null;
public function getInstance()
{
if (null == self::$_instance) {
self::$_instance = new Auth();
}
return self::$_instance;
}
/*
authenticate() just passes the info on to our User class and either returns
a User object (on success) of FALSE on failure. It also stores the user
in the session for later use.
You would call this method when a user submits a login form.
*/
public function authenticate($username, $password)
{
if ($user = User::loadUserByCredentials($username, $password)) {
$_SESSION['user'] = serialize($user);
return $user;
}
return false;
}
/*
getIdentity() returns a User object if one is stored in the session.
Use this when a user isn't required, but may result in additional features.
*/
public function getIdentity()
{
if (isset($_SESSION['user'])) {
$user = unserialize($_SESSION['user']);
if ($user instanceof User) {
return $user;
}
}
return false;
}
/*
requireIdentity() is similar to getIdentity(), except that if no user
is set in the session, it redirects to APP_ROOT_URI and exits. This way
you can be sure you have a User object if requireIdentitu() returns.
*/
public function requireIdentity()
{
if ($user = $this->getIdentity()) {
return $user;
}
header('Location: ' . APP_ROOT_URI);
exit;
}
}
/*
This is a very simple controller. Obviously the controller and the view
should be separated, but I have the controller printing content just for
simplicity's sake.
*/
class Controller
{
/*
The index action doesn't REQUIRE a user, so it uses getIdentity().
If a user exists, we print their name. If not, we fall back on "Guest".
*/
public function indexAction()
{
$name = 'Guest';
$user = Auth::getInstance()->getIdentity();
if ($user) {
$name = $user->getName();
}
printf("Hello, %s!", $name);
}
/*
The 'secret' action REQUIRES a user, so we use requireIdentity().
If a user doesn't exist, it automatically redirects (built into the
redirectIdentity() method).
*/
public function secretAction()
{
$user = Auth::getInstance()->requireIdentity();
// If you want to be paranoid, you can sanity-check your $user object.
// This way, if you mess up the requireIdentity() code, you still error out.
if ($user !instanceof User) {
throw new Exception('Authentication error.');
}
printf("You can access this secret page because you're %s!", $user->getName());
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.