Apply Authentication to the Blog Demo

Apply Authentication to the Blog Demo Chapter one introduced Solar by creating a simplistic blog. Chapter five introduced views and layouts. Now, we can continue the journey by adding authentication to the blog demo application. First, we need a table in the database to hold user data. The blog demo uses sqlite, but you could use a different adapter if you wanted. Here are the Sqlite and MySQL SQL statements to create the "members" table: Next, we add a user to the members table. The password is St34k!! Sqlite does not have an md5() function, therefore, you need to take care of the hashing before creating the record. To create an md5 hash, you can use the PHP md5() function, or you can use the md5sum command at the terminal. $ echo -n 'mypassword' | md5sum Next, we need a view partial to hold the authentication form. $ cd SYSTEM/source/acme/Acme/Controller/Page/Layout $ vim _user.php Copy the code below to the new partial. user->auth->isValid()): ?>

getText('TEXT_AUTH_USERNAME'); ?> escape($this->user->auth->handle); ?>

form() ->addProcess('logout') ->fetch(); ?> form() ->text(array( 'name' => 'handle', 'label' => 'LABEL_HANDLE', 'attribs' => array('style'=>'width: 100px'), )) ->password(array( 'name' => 'passwd', 'label' => 'LABEL_PASSWD', 'attribs' => array('style'=>'width: 100px'), )) ->addProcess('login') ->decorateAsDivs() ->fetch(); ?> user->auth->getStatusText(); ?>

escape($status); ?>

]]> Save the file and open the _nav.php partial so we can include the _user.php partial. $ vim _nav.php Add the following at the bottom. template('_user.php'); ?> ]]> We are almost done. The final step is to add configuration values to the unified configuration file. $ cd SYSTEM $ vim config.php Add the following somewhere near the bottom: 'Solar_Auth_Adapter_Sql' ); // Adapter-specific config $config['Solar_Auth_Adapter_Sql'] = array( 'table' => 'members', 'handle_col' => 'handle', 'passwd_col' => 'passwd', 'email_col' => 'email', 'moniker_col' => 'moniker' ); ?> ]]> In this case, the adapter-specific config settings are not even required. The members table was set up to match the Sql adapter's default settings. The settings are included here to show how to set these options. Now, browse to http://localhost/blog and you should see something similar to the image below. Entering juser for the username and St34k!! for the password should get you logged in. Checking for a Valid User Solar_Auth is really only used to provide a mechanism for users to log in, and to check if the user is logged in or not. To check for a valid user, use the Solar_Auth_Adapter::isValid() method. For example, in the _nav.php partial, you could decide to show the "Add" link only when the user is valid (logged in). For example:

action('blog', 'Blog Home'); ?>

user->auth->isValid()) : ?>

action('blog/add', 'ACTION_ADD'); ?>

action('blog/drafts', 'View Drafts'); ?>

]]> Assume the $user object is a public property and, therefore, available to the view/partial. For more fine-grained control over actions, you would use Solar_Access and Solar_Role.