Managing User Accounts with the Zend Framework
Keep in mind that this is only one of several possible ways to create the registration logic. As a rule though I suggest following the "fat model, thin controller" approach as demonstrated here. Zend Framework project lead Matthew Weier O'Phinney published a great blog post about this very matter here.
Creating the User Login Feature
With the prerequisite steps out of the way, we're ready
to bring the Zend_Auth
component into the
picture. Zend_Auth
serves several purposes,
including providing a simple-to-use mechanism for verifying
a user's provided login credentials (typically an e-mail
address and password), and then initiating a session which
will allow you to determine whether the user is currently
logged into the Web site. Presuming a typical login form
prompting the user to provide his e-mail address and
password, the following login action will use the
Zend_Auth
component to process the login:
01 public function loginAction() 02 { 03 04 if ($this->getRequest()->isPost()) { 05 06 $email = $this->_request->getPost('email'); 07 $password = $this->_request->getPost('password'); 08 09 if (empty($email) || empty($password)) { 10 $this->view->errors[] = "Please provide your e-mail address and password."; 11 } else { 12 13 $db = Zend_Db_Table::getDefaultAdapter(); 14 $authAdapter = new Zend_Auth_Adapter_DbTable($db); 15 16 $authAdapter->setTableName('account'); 17 $authAdapter->setIdentityColumn('email'); 18 $authAdapter->setCredentialColumn('pswd'); 19 $authAdapter->setCredentialTreatment('MD5(?)'); 20 21 $authAdapter->setIdentity($email); 22 $authAdapter->setCredential($password); 23 24 $auth = Zend_Auth::getInstance(); 25 $result = $auth->authenticate($authAdapter); 26 27 // Did the participant successfully login? 28 if ($result->isValid()) { 29 30 $this->_redirect('/'); 31 32 } else { 33 $this->view->errors[] = "Login failed. Have you confirmed your account?"; 34 } 35 36 } 37 38 } 39 }
Let's review this code:
- Line 16 identifies the table named used to store the account information. In our case, that table name is account.
- Line 17 defines the table column which contains the user's "login". We're using an e-mail address, so I've identified that column as email.
- Line 18 defines the table column which contains the user's password.
- Line 19 determines how the password will be identified within the table. Because we've used the
md5()
function to hash the password, the credential treatment is set as you see it here. - Lines 21 and 22 assign the provided e-mail address and password to the adapter's identity and credential properties.
- Line 24 determines whether the user is already logged in, and if not attempts to authenticate him using the
authenticate()
method. - Finally, the
isValid()
method is used to determine whether the provided credentials were valid. If so, we'll redirect the user to the home page. Otherwise, errors will be output to the login page.
Determining if a User is Logged In
Determining if a user is logged in is easily done using
Zend_Auth's getIdentity()
method:
$user = Zend_Auth::getInstance()->getIdentity();
You can place this call in a controller's
init()
method or elsewhere to determine if the
user is logged in. If $user
is set, you'll be
able to retrieve for instance his e-mail address or primary
key by referencing the $user
object's e-mail or
id properties, respectively.
Creating the Logout Mechanism
Finally, to log the user out of the site, just create an action named for instance logout, and point a hyperlink to it:
public function logoutAction() { Zend_Auth::getInstance()->clearIdentity(); $this->_redirect('/'); }
Conclusion
Managing user accounts is made incredibly easy using the
powerful Zend_Auth
component. Hopefully this
tutorial provided you with the foundation for giving users
access to the custom content they desire!
Resources
- The
Zend_Auth
Component: The Zend Framework's Zend_Auth component documentation - The
Zend_Session
Component: The Zend Framework's Zend_Session component documentation - PHP's Session Handling Capabilities: The PHP manual's session handling documentation
About the Author
Jason Gilmore is founder of EasyPHPWebsites.com, and author of the popular book, "Easy PHP Websites with the Zend Framework". Formerly Apress' open source editor, Jason fostered the development of more than 60 books, along the way helping to transform their open source line into one of the industrys most respected publishing programs. Over the years he's authored several other books, including the best-selling Beginning PHP and MySQL: From Novice to Professional (currently in its third edition), Beginning PHP and PostgreSQL: From Novice to Professional, and Beginning PHP and Oracle: From Novice to Professional.Jason is a cofounder and speaker chair of CodeMash, a nonprofit organization tasked with hosting an annual namesake developers conference, and was a member of the 2008 MySQL Conference speaker selection board.
Jason has published more than 100 tutorials and articles within prominent publications such as Developer.com, Linux Magazine, and TechTarget.
Page 3 of 3
This article was originally published on November 16, 2009