Chapter 7. User authentication and access control
This chapter covers
- The basics of authentication and access control
- Using Zend_Auth for logging into an application
- Using Zend_Acl to restrict access to certain web pages
Most websites restrict different areas to different people. For example, most e-commerce sites require that you’re logged in before you can check out your order. Other sites have members-only pages that can only be accessed after logging in. In our Places application, only registered users can write or rate a review. This functionality is known as authentication and access control, and in this chapter we’ll look at the support Zend Framework provides in the shape of the Zend_Auth and Zend_Acl components. We’ll start by looking at the basics of authentication and access control, and we’ll go on to integrating Zend_Auth and Zend_Acl into our Places application.
There are two different processes involved when it comes to allowing a user access to specific pages on a website. Authentication is the process of identifying an individual based on her credentials (usually username and password), and access control is the process of deciding whether the user is allowed to do something. Zend Framework’s Zend_Auth and Zend_Acl components provide comprehensive support for all aspects of authentication and access control for websites.