Architecture & DesignManaging User Accounts with the Zend Framework

Managing User Accounts with the Zend Framework content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Managing User Accounts with the Zend Framework – Introduction

Today’s consumer sure has become the discerning sort,
hasn’t he? No longer content with a standard product made
for the masses, today’s buyer seeks out wares capable of
being modified to fit specific tastes and desires. iPod
, customized Scions,
and even monogrammed
postage stamps
are just a few examples of the lengths
companies (and consumers) are going to, to make the
marketplace their very own.

With the Web a crucial part of our everyday lives, not to
mention a major part of the societal marketplace, it doesn’t
come as a surprise that consumers have come to expect as
much from the virtual world as they do of the physical.
Custom sports scores, localized news, and tailor-made
product catalogs are all typical features on today’s web
sites. Of course, barring the employment of The Amazing
, Web site developers require a way to match a
user to his online preferences. The standard way to do so is
by providing the user with a means for creating and logging
into an account. This account serves as the glue which ties
the user to his actions performed while navigating the Web
site, such as purchasing an e-book, identifying his hometown
as Columbus, Ohio, or specifying that he’d like to see only
sports-related news hailing from Pittsburgh.

Creating a user account feature is a bit more involved
than simply creating a database table for hosting account
information, and plugging it into the requisite registration
and login forms. You’ll also need to think about
safeguarding against bogus accounts by requiring the user to
confirm his e-mail address before the account is activated,
maintaining the user’s session while he’s navigating the Web
site, providing a simple mechanism for logging out of an
account, and allowing users to easily recover forgotten
passwords. Recognizing the commonplace need for such
features, the Zend
is bundled with a great component named Zend_Auth which significantly reduces the time required
to create and manage user accounts. In this tutorial I’ll
show you how to create the building blocks for managing user
accounts, showing you how to register users, and allow them
to both login and logout of your Web site.

Creating the User Registration Feature

In order to create a user registration feature, we’ll
need a place to store the account information. The most
logical place to do so is within a database table specially
designated for this purpose. A sample MySQL table schema for
such a purpose might look like this:

CREATE TABLE account {
first_name VARCHAR(100) NOT NULL,
last_name VARCHAR(100) NOT NULL,
email VARCHAR(100) NOT NULL,
pswd CHAR(32) NOT NULL,
recovery_key CHAR(32) DEFAULT “”

Nothing in this table should be too surprising, except
for perhaps the pswd and recovery_key
. The pswd column is defined as a
CHAR(32) because the user’s password will always be stored
in hashed format using PHP’s md5() function,
making it highly unlikely the plaintext password will be
recovered should an attacker somehow gain access to the
database. The md5() function will convert any
string to a 32-character hash, giving reason to the type
definition. The recovery_key column will be
used later in this tutorial to hold a random 32-character
string which will be used to confirm the user’s identity in
case he initiates the password recovery sequence. I’ll talk
more about this particular column in a bit.

Of course, you’ll probably need to extend the account
table to include other pertinent information, such as the
user’s address, phone number, or birthdate. For the purposes
of this tutorial I’m focusing on just the bare minimum
requirements, so don’t be afraid to add to this table as you
see fit.

The Account Model

Next you’ll need to create the account model pursuant to the typical convention defined by the Zend Framework. I’m going to keep the initial model capabilities to a minimum, although we’ll add to it as necessary.

class Default_Model_Customer extends Zend_Db_Table_Abstract
protected $_name = ‘customer’;

The Account Registration Form

Next up is the registration form. I’m going to keep this to the minimum required fields, creating the form you see in Figure 1. As there’s nothing special about this form, following the screenshot I’ll skip the code and move on to the controller action used to process this form information.

Zend Framework Registration Form
Figure 1. A simple user registration form

Processing the User Registration

With the account table, model, and registration form in place, it’s time to write the code which will validate the user’s registration information and create the account. For the purposes of this exercise presume the the form action points to an action named register created within a controller named account:

  01 public function registerAction()
02 {
03 // Create array for errors
04 $this->view->errors = array();
06 if ($this->getRequest()->isPost()) {
08 $customer = new Default_Model_Customer();
10 $result = $customer->save($this->_request->getPost());
12 if (! is_array($result)) {
14 $this->view->created = 1;
16 } else {
18 $this->view->errors = $result;
20 $this->view->firstName = $this->_request->getPost(‘first-name’);
21 $this->view->lastName = $this->_request->getPost(‘last-name’);
22 $this->view->email = $this->_request->getPost(’email’);
23 $this->view->pswd = $this->_request->getPost(‘pswd’);
24 $this->view->userName = $this->_request->getPost(‘username’);
26 }
28 }
30 }

Let’s review some of the stickier parts of this action:

  • Line 04 initializes an array which will contain any errors triggered throughout the data validation process.
  • If the registration form has been submitted, line 06 will detect the POSTed data, setting the validation and account creation process into motion.
  • Line 10 attempts to create the user account by calling a method named save(), which resides in the Account model. This method contains all of the validation and insertion logic, allowing us to maintain a thin controller containing remarkably little code. I’ll show you what the save() method looks like in a moment. For the moment just keep in mind that if an array is returned from the method call, one or more errors occurred, so we’ll assign them to a view variable (line 18) and populate some variables for redisplay in the form. Otherwise we’ll create a view variable named $this->view->created which will serve as an indicator to inform the user of a successfully created account.

The account model’s save() method looks like this:

  01 public function save(array $data)
02 {
04 // Initialize the errors array
05 $errors = array();
07 // First Name
08 if (! Zend_Validate::is($data[’first-name’], ‘NotEmpty’)) {
09 $errors[] = “Please provide your first name.”;
10 }
12 // Last Name
13 if (! Zend_Validate::is($data[’last-name’], ‘NotEmpty’)) {
14 $errors[] = “Please provide your last name.”;
15 }
17 // Does Email already exist?
18 if (Zend_Validate::is($data[’email’], ‘EmailAddress’)) {
20 $result = $this->findByEmail($data[’email’]);
22 if ($result != false) {
23 $errors[] = “An account using this e-mail address already exists.”;
24 }
26 } else {
27 $errors[] = “Please provide a valid e-mail address.”;
28 }
30 // Password must be at least 6 characters
31 $valid_pswd = new Zend_Validate_StringLength(6,20);
32 if (! $valid_pswd->isValid($data[’pswd’])) {
33 $errors[] = “Your password must be 6-20 characters.”;
34 }
36 // If no errors, insert the
37 if (count($errors) == 0) {
39 $data = array (
40 ‘first_name’ => $data[’first-name’],
41 ‘last_name’ => $data[’last-name’],
42 ’email’ => $data[’email’],
43 ‘pswd’ => md5($data[’pswd’]),
44 ‘recovery_key’ => ”
45 );
47 return $this->insert($data);
49 } else {
50 return $errors;
51 }
53 }

All of this should look pretty straightforward, so I won’t dive into a line-by-line breakdown, other than to say that the findByEmail() is a simple method found in the model which verifies that an account using the provided e-mail address doesn’t already exist.

Keep in mind that this is only one of several possible
ways to create the registration logic. As a rule though I
suggest following the “fat model, thin controller” approach
as demonstrated here. Zend Framework project lead Matthew
Weier O’Phinney published a great blog post about this very
matter here.

Creating the User Login Feature

With the prerequisite steps out of the way, we’re ready
to bring the Zend_Auth component into the
picture. Zend_Auth serves several purposes,
including providing a simple-to-use mechanism for verifying
a user’s provided login credentials (typically an e-mail
address and password), and then initiating a session which
will allow you to determine whether the user is currently
logged into the Web site. Presuming a typical login form
prompting the user to provide his e-mail address and
password, the following login action will use the
Zend_Auth component to process the login:

01 public function loginAction()
02 {
04 if ($this->getRequest()->isPost()) {
06 $email = $this->_request->getPost(’email’);
07 $password = $this->_request->getPost(‘password’);
09 if (empty($email) || empty($password)) {
10 $this->view->errors[] = “Please provide your e-mail address and password.”;
11 } else {
13 $db = Zend_Db_Table::getDefaultAdapter();
14 $authAdapter = new Zend_Auth_Adapter_DbTable($db);
16 $authAdapter->setTableName(‘account’);
17 $authAdapter->setIdentityColumn(’email’);
18 $authAdapter->setCredentialColumn(‘pswd’);
19 $authAdapter->setCredentialTreatment(‘MD5(?)’);
21 $authAdapter->setIdentity($email);
22 $authAdapter->setCredential($password);
24 $auth = Zend_Auth::getInstance();
25 $result = $auth->authenticate($authAdapter);
27 // Did the participant successfully login?
28 if ($result->isValid()) {
30 $this->_redirect(‘/’);
32 } else {
33 $this->view->errors[] = “Login failed. Have you confirmed your account?”;
34 }
36 }
38 }
39 }

Let’s review this code:

  • Line 16 identifies the table named used to store the account information. In our case, that table name is account.

  • Line 17 defines the table column which contains the user’s “login”. We’re using an e-mail address, so I’ve identified that column as email.

  • Line 18 defines the table column which contains the user’s password.

  • Line 19 determines how the password will be identified within the table. Because we’ve used the md5() function to hash the password, the credential treatment is set as you see it here.

  • Lines 21 and 22 assign the provided e-mail address and password to the adapter’s identity and credential properties.

  • Line 24 determines whether the user is already logged in, and if not attempts to authenticate him using the authenticate() method.

  • Finally, the isValid() method is used to determine whether the provided credentials were valid. If so, we’ll redirect the user to the home page. Otherwise, errors will be output to the login page.

Determining if a User is Logged In

Determining if a user is logged in is easily done using
Zend_Auth’s getIdentity() method:

$user = Zend_Auth::getInstance()->getIdentity();

You can place this call in a controller’s
init() method or elsewhere to determine if the
user is logged in. If $user is set, you’ll be
able to retrieve for instance his e-mail address or primary
key by referencing the $user object’s e-mail or
id properties, respectively.

Creating the Logout Mechanism

Finally, to log the user out of the site, just create an
action named for instance logout, and point a hyperlink to

public function logoutAction()




Managing user accounts is made incredibly easy using the
powerful Zend_Auth component. Hopefully this
tutorial provided you with the foundation for giving users
access to the custom content they desire!


About the Author

Jason Gilmore is founder of, and author of the popular book, “Easy PHP Websites
with the Zend Framework
“. Formerly Apress‘ open source
editor, Jason fostered the development of more than 60
books, along the way helping to transform their open source
line into one of the industry’s most respected publishing
programs. Over the years he’s authored several other books,
including the best-selling Beginning PHP
and MySQL: From Novice to Professional
(currently in its
third edition), Beginning PHP
and PostgreSQL: From Novice to Professional
, and Beginning PHP
and Oracle: From Novice to Professional

Jason is a cofounder and speaker chair of CodeMash, a nonprofit
organization tasked with hosting an annual namesake
developer’s conference, and was a member of the 2008 MySQL
Conference speaker selection board.

Jason has published more than 100 tutorials and articles
within prominent publications such as, Linux Magazine, and TechTarget.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories