tags:

views:

41

answers:

2
Q: 

same password for multi-users in zend

I have the following scenario in zend framework:

Data Table of students Table of classes, which contain many students each. Table of assignments, each of which is assigned to a class and given a password

I want students to be able to access an assignment given that assignment's id and shared password, but for the application to note which student signed in to the assignment. Zend_Auth however expects one table to contain both the username and the password, but in my situation the username is in the students table, and the password is in the assignments table.

Can anyone suggest a good way of handling the student login where they can all share one password. A way to authenticate with just a username and no password would work, as then I could do the password check in a separate conditional.

A: 

Shared passwords are a really bad idea. If you share the password, then another student need only learn an id -- typically not a highly secured piece of information -- to access the resource as the other student. A better solution would be to use a role to control access to assignments and put the students who need access to the assignment in the role. This way each student can still have access to the assignment and retain their own id/password pair. See the Zend documentation for information on roles and how to use them.

tvanfosson  2009-10-19 11:36:14
There are other important reasons why I'm using a shared password, and the content of teh website really isn't very sensitive, so I don't want to drop the shared password feature.
wheresrhys  2009-10-19 12:34:41
+1  A: 

I think your best bet would really be to just write your own adapter. Something like this would most likely work:

class MyAuthAdapter implements Zend_Auth_Adapter_Interface
{
    protected $_username;
    protected $_password;
    protected $_assignment_id;

    /**
     * Sets username, password, and assignemnt ID for authentication
     *
     * @return void
     */
    public function __construct($username,$password,$assignment_id)
    {
        $this->_username = $username;
     $this->_password = $password;
     $this->_assignment_id = $assignment_id;
    }

    /**
     * Performs an authentication attempt
     *
     * @throws Zend_Auth_Adapter_Exception If authentication cannot
     *                                     be performed
     * @return Zend_Auth_Result
     */
    public function authenticate()
    {
        // logic here to check everything out and erturn a new Zend_Auth_Result  
    }
}
Mike  2009-10-19 14:18:17
I found a solution this afternoon by using sessions, but yours looks far better. I'll give it a go tomorrow. Where shoudl I save the php file and what shoudl it be called?
wheresrhys  2009-10-19 17:36:39
You can save it just about anywhere. I usually run two libraries with every app I write with ZF. The first library is my business one with the second being called "App" for application specific library files.In a case like this I would most likely name the adapter- App_Auth_Adapterand save it in:- library/App/Auth/Adapter.phpAssuming you are using the normal autoloading setup its as simple as $adapter = new My_Auth_Adapter($username,$password,$assignment_id);
Mike  2009-10-19 19:52:55
Thanks a lot - this worked great in the end. Slightly more time consuming than I thought it would be as I needed to write versions of eg getResultRowObject() that retrieve user data successfully, but definitely worth it for the neatness of keeping all authentication info in one place.Cheers
wheresrhys  2009-10-20 11:34:01

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication