February 25, 2021
Hot Topics:

Managing User Accounts with the Zend Framework

  • By Jason Gilmore
  • Send Email »
  • More Articles »

Managing User Accounts with the Zend Framework - Introduction

Today's consumer sure has become the discerning sort, hasn't he? No longer content with a standard product made for the masses, today's buyer seeks out wares capable of being modified to fit specific tastes and desires. iPod engraving, customized Scions, and even monogrammed postage stamps are just a few examples of the lengths companies (and consumers) are going to, to make the marketplace their very own.

With the Web a crucial part of our everyday lives, not to mention a major part of the societal marketplace, it doesn't come as a surprise that consumers have come to expect as much from the virtual world as they do of the physical. Custom sports scores, localized news, and tailor-made product catalogs are all typical features on today's web sites. Of course, barring the employment of The Amazing Kreskin, Web site developers require a way to match a user to his online preferences. The standard way to do so is by providing the user with a means for creating and logging into an account. This account serves as the glue which ties the user to his actions performed while navigating the Web site, such as purchasing an e-book, identifying his hometown as Columbus, Ohio, or specifying that he'd like to see only sports-related news hailing from Pittsburgh.

Creating a user account feature is a bit more involved than simply creating a database table for hosting account information, and plugging it into the requisite registration and login forms. You'll also need to think about safeguarding against bogus accounts by requiring the user to confirm his e-mail address before the account is activated, maintaining the user's session while he's navigating the Web site, providing a simple mechanism for logging out of an account, and allowing users to easily recover forgotten passwords. Recognizing the commonplace need for such features, the Zend Framework is bundled with a great component named Zend_Auth which significantly reduces the time required to create and manage user accounts. In this tutorial I'll show you how to create the building blocks for managing user accounts, showing you how to register users, and allow them to both login and logout of your Web site.

Creating the User Registration Feature

In order to create a user registration feature, we'll need a place to store the account information. The most logical place to do so is within a database table specially designated for this purpose. A sample MySQL table schema for such a purpose might look like this:

CREATE TABLE account {
 first_name VARCHAR(100) NOT NULL,
 last_name VARCHAR(100) NOT NULL,
 email VARCHAR(100) NOT NULL,
 pswd CHAR(32) NOT NULL,
 recovery_key CHAR(32) DEFAULT ""

Nothing in this table should be too surprising, except for perhaps the pswd and recovery_key columns. The pswd column is defined as a CHAR(32) because the user's password will always be stored in hashed format using PHP's md5() function, making it highly unlikely the plaintext password will be recovered should an attacker somehow gain access to the database. The md5() function will convert any string to a 32-character hash, giving reason to the type definition. The recovery_key column will be used later in this tutorial to hold a random 32-character string which will be used to confirm the user's identity in case he initiates the password recovery sequence. I'll talk more about this particular column in a bit.

Of course, you'll probably need to extend the account table to include other pertinent information, such as the user's address, phone number, or birthdate. For the purposes of this tutorial I'm focusing on just the bare minimum requirements, so don't be afraid to add to this table as you see fit.

Page 1 of 3

This article was originally published on November 16, 2009

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date