Recomended user login methods

harri · 2009-12-09 05:03:15

Hi!

I am looking for a way (the best way?) to make a user login/authentication with Zend.

Till now I have found two ways to do it (though theres probably more):

The first I found uses Zend_Auth with Zend_Form.
http://weierophinney.net/matthew/archiv … ework.html

The other uses Zend_Auth_Adapter_DbTable, Zend_Session and Zend_Form.
http://www.zimuel.it/blog/?p=86

I plan to store the user information in a database. I'm kinda new to ZF and haven't quite understood Zend_Auth completely so I'm not shure if I can do validation against a database with it.
With the other solution this is very clear.
And I'm planning to use Doctrine so that might make it more difficult?

Anyone have any input on this? Any suggestions?

ryan.horn · 2009-12-09 14:42:10

If using doctrine, I would probably create my own authentication adapter that implements Zend_Auth_Adapter_Interface, takes a doctrine user model as a constructor argument, uses the model to build an authentication query via DQL and returns the result as a Zend_Auth_Result.

Ex:

[code=php]
class App_Model_UserAuthAdapter implements Zend_Auth_Adapter_Interface {
/**
   * Holds the user model
   *
   * @access protected
   * @var App_Model_User
   */
protected $__user;

/**
   * Class constructor stores the user
   *
   * @access public
   * @param App_Model_User $user
   */
public function __construct(App_Model_User $user) {
$this->__user = $user;
}

/**
   * Attempts authentication of the current user
   *
   * @access public
   * @throws App_Model_Exception
   * @return Zend_Auth_Result
   */
public function authenticate() {
$user = $this->__user;

if (empty($user->username)) {
throw new App_Model_Exception('Username must be provided in order to authenticate');
}

if (empty($user->password)) {
throw new App_Model_Exception('Password must be provided in order to authenticate');
}

$query = Doctrine_Query::create()
   ->select('u.*')
   ->from('App_Model_User u')
   ->where('u.username = ? AND u.password = ?', array($user->username, $user->password));
$userResult = $query->fetchOne();

// Failure
if (!$userResult) {
$result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, NULL);
// Success, stores the user object in the session
} else {
$result = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $userResult);
}

return $result;
}

}
[/code]

In the logic where you're logging your user in, validation should happen using the login form. Authentication should be attempted with the username and password in the form if valid. This is done by instantiating a new user model, populating it with the form values, instantiating the authentication adapter we defined above and passing it to Zend_Auth::authenticate, which will take care of persisting the identity in a session if valid.

[code=php]
// Assuming you have a Zend_Form with a username and password field and validation rules attached

// If there is login data sent via POST
if ($this->getRequest()->isPost()) {
// Get the POST data
$params = $this->getRequest()->getParams();

// Validate fields
$valid = $loginForm->isValid($params);

// If all fields are valid, process login
if ($valid) {
$user = new App_Model_User();
$user->username = $username;
$user->password = $password;
$authAdapter = new App_Model_UserAuthAdapter($user);
$result= Zend_Auth::getInstance()->authenticate($authAdapter);

if ($result->isValid()) {
// handle successful login here
} else {
// handle failed login here
}
}
[/code]

This works nice with doctrine model mutators (using doctrine 1.1 at least....I believe like this has changed in doctrine 1.2, see the documentation for full details). You can create one that hashes the password upon setting it in the model.

Ex:

[code=php]
App_Model_User extends Doctrine_Record {
public function setUp() {
$this->hasMutator('password', 'hashPassword');
parent::setUp();
}

public function hashPassword($password) {
$this->_set('password', md5($password);
}
}
[/code]

With that in place, when you do:

[code=php]
$user = new App_Model_User();
$user->password = 's3cr3t';
[/code]

The password will automatically be md5()'d.

harri · 2009-12-09 14:59:29

Thanks for the respons!

I'll try this out. I will probaby not get it right the first time so hope your up for some follow up questions a little later.

ryan.horn · 2009-12-09 15:04:48

no problem, it's kinda rough but should be a good starting point at least

expressskiphire · 2010-08-20 02:17:12

visit this site. I think it may help you to solve this problem. http://weierophinney.net/matthew/archiv … ework.html

Golumn647 · 2010-09-07 00:38:18

hi harri,

Using login would be a great help for an unwanted using of accounts.
Putting login before it start is somehow prevents our account in unwanted using our accounts or destroying it.

We can prevent spammers or bots if login is present.
I would recommend that login should have a three attempts and when he/she meets the 3rd attempts the application will close.

Zendcasts Forum

#1 2009-12-09 05:03:15

Recomended user login methods

#2 2009-12-09 14:42:10

Re: Recomended user login methods

#3 2009-12-09 14:59:29

Re: Recomended user login methods

#4 2009-12-09 15:04:48

Re: Recomended user login methods

#5 2010-08-20 02:17:12

Re: Recomended user login methods

#6 2010-09-07 00:38:18

Re: Recomended user login methods

Board footer