Managing User Accounts with the Zend Framework

By Jason Gilmore

Keep in mind that this is only one of several possible ways to create the registration logic. As a rule though I suggest following the "fat model, thin controller" approach as demonstrated here. Zend Framework project lead Matthew Weier O'Phinney published a great blog post about this very matter here.

Creating the User Login Feature

With the prerequisite steps out of the way, we're ready to bring the Zend_Auth component into the picture. Zend_Auth serves several purposes, including providing a simple-to-use mechanism for verifying a user's provided login credentials (typically an e-mail address and password), and then initiating a session which will allow you to determine whether the user is currently logged into the Web site. Presuming a typical login form prompting the user to provide his e-mail address and password, the following login action will use the Zend_Auth component to process the login:

  01 public function loginAction()
  02 {
  03  
  04  if ($this->getRequest()->isPost()) {
  05   
  06    $email = $this->_request->getPost('email');
  07    $password = $this->_request->getPost('password');
  08   
  09    if (empty($email) || empty($password)) {
  10      $this->view->errors[] = "Please provide your e-mail address and password.";
  11    } else {      
  12    
  13      $db = Zend_Db_Table::getDefaultAdapter();
  14      $authAdapter = new Zend_Auth_Adapter_DbTable($db);
  15    
  16      $authAdapter->setTableName('account');
  17      $authAdapter->setIdentityColumn('email');
  18      $authAdapter->setCredentialColumn('pswd');
  19      $authAdapter->setCredentialTreatment('MD5(?)');
  20    
  21      $authAdapter->setIdentity($email);
  22      $authAdapter->setCredential($password);
  23    
  24      $auth = Zend_Auth::getInstance();
  25      $result = $auth->authenticate($authAdapter);
  26    
  27      // Did the participant successfully login?
  28      if ($result->isValid()) {      
  29 
  30        $this->_redirect('/'); 
  31         
  32      } else {
  33        $this->view->errors[] = "Login failed. Have you confirmed your account?";
  34      }
  35    
  36   }
  37   
  38  }  
  39 }

Let's review this code:

Line 16 identifies the table named used to store the account information. In our case, that table name is account.
Line 17 defines the table column which contains the user's "login". We're using an e-mail address, so I've identified that column as email.
Line 18 defines the table column which contains the user's password.
Line 19 determines how the password will be identified within the table. Because we've used the md5() function to hash the password, the credential treatment is set as you see it here.
Lines 21 and 22 assign the provided e-mail address and password to the adapter's identity and credential properties.
Line 24 determines whether the user is already logged in, and if not attempts to authenticate him using the authenticate() method.
Finally, the isValid() method is used to determine whether the provided credentials were valid. If so, we'll redirect the user to the home page. Otherwise, errors will be output to the login page.

Determining if a User is Logged In

Determining if a user is logged in is easily done using Zend_Auth's getIdentity() method:

$user = Zend_Auth::getInstance()->getIdentity();

You can place this call in a controller's init() method or elsewhere to determine if the user is logged in. If $user is set, you'll be able to retrieve for instance his e-mail address or primary key by referencing the $user object's e-mail or id properties, respectively.

Creating the Logout Mechanism

Finally, to log the user out of the site, just create an action named for instance logout, and point a hyperlink to it:

public function logoutAction()
{
  
 Zend_Auth::getInstance()->clearIdentity();
 $this->_redirect('/');
    
}

Conclusion

Managing user accounts is made incredibly easy using the powerful Zend_Auth component. Hopefully this tutorial provided you with the foundation for giving users access to the custom content they desire!

Resources

The Zend_Auth Component: The Zend Framework's Zend_Auth component documentation
The Zend_Session Component: The Zend Framework's Zend_Session component documentation
PHP's Session Handling Capabilities: The PHP manual's session handling documentation

About the Author

Jason Gilmore is founder of EasyPHPWebsites.com, and author of the popular book, "Easy PHP Websites with the Zend Framework". Formerly Apress' open source editor, Jason fostered the development of more than 60 books, along the way helping to transform their open source line into one of the industry’s most respected publishing programs. Over the years he's authored several other books, including the best-selling Beginning PHP and MySQL: From Novice to Professional (currently in its third edition), Beginning PHP and PostgreSQL: From Novice to Professional, and Beginning PHP and Oracle: From Novice to Professional.

Jason is a cofounder and speaker chair of CodeMash, a nonprofit organization tasked with hosting an annual namesake developer’s conference, and was a member of the 2008 MySQL Conference speaker selection board.

Jason has published more than 100 tutorials and articles within prominent publications such as Developer.com, Linux Magazine, and TechTarget.

Page 3 of 3