Smutty

SmuttyAuthentication

User authentication is usually a very important part of any application, so Smutty comes with built in support for (hopefully) a number of different methods for doing this, so you don't have to. Authentication is set up in Smutty's configuration file. What follows is information about the different types of authentication, and the options you can use with them.

Standard Authentication

Currently Smutty only supports "standard" database authentication (where users are stored in a database). To enable this form of authentication just add the following line to your app.cfg.

auth.type = standard

This will then assume that you have a table called users, with username and password fields (where the password is an md5 hash). You can customize the following settings to your particular setup though:

auth.standard.nameParam = (username POST parameter)
auth.standard.passParam = (password POST parameter)
auth.standard.table = (users table name)
auth.standard.idField = (user table id field name)
auth.standard.nameField = (user name field name)
auth.standard.passField = (user pass field name)
auth.standard.passType = (password type: md5, plaintext)
auth.standard.emailField = (user email field name)

The easiest way to get users logging in then is by creating a controller which subclasses Smutty_Controller_Session, like so...

class UserController extends Smutty_Controller_Session {
}

This controller will then have the login and logout actions to handle sessions (you will still need to create a view file for the login action though - /views/user/login.tpl)

Enigform

Smutty currently supports authentication of requests generated by the frankly *brilliant* Enigform Firefox extension. This amazing idea by Buanzo pretty much eliminates the need for standard "sessions" as they're normally used. To check if a request has been signed and/or verified you can use the isSigned and isVerified methods of the data object.

function fooAction( $data ) {
    if ( $key = $data->isVerified() ) {
        // do some sensitive action
        $user = User::find( $key, 'gpgkeyid' );
        // ...
    }
}

This method of course assumes that the users key has been added to the GPG keyring. For more information on enabling Enigform support in your application see the Enigform page. You could for example put this code in the controllers actionBefore method to control access to this controller.