Getting Started with Zend_Auth

This tutorial is intended to show the basics of integrating Zend_Auth into an application using a login form. Zend_Auth is responsible for authentication which is the process of identifying an individual based on their credentials (usually a username and password).

It has been tested on version 1.10 of Zend Framework. It may not work on any version prior to version 1.10.

Zend_Auth is separated into a core component and a set of adapters. The adapters contain the actual code for authorising a user again a given system, such as HTTP, a database, LDAP etc. Once successfully logged in, the Zend_Auth core object allows access to the identity which is a set of fields that contain the information gained at login, such as username. The exact fields within the identity depend upon the adapter that was used. For instance, the HTTP adapter will return the username and realm whereas the database table adapter has access to the entire the entire table row.

In this tutorial, we will look at what needs to be done to log in using authentication against a database table.

The users table

The first thing we need is a database table, called users. It doesn’t need to be complicated, so the schema looks like this (in MySQL):

CREATE TABLE IF NOT EXISTS users (
  id int(11) NOT NULL AUTO_INCREMENT,
  username varchar(50) NOT NULL,
  password varchar(50) NOT NULL,
  salt varchar(50) NOT NULL,
  role varchar(50) NOT NULL,
  date_created datetime NOT NULL,
  PRIMARY KEY (id)
)

We also need a user that can log in:

INSERT INTO users (username, password, salt, role, date_created) 
VALUES ('admin', SHA1('passwordce8d96d579d389e783f95b3772785783ea1a9854'),
	'ce8d96d579d389e783f95b3772785783ea1a9854', 'administrator', NOW());

This user has a username of 'admin' and a password of 'password'. In order to improve security, we are using a "salt" value with the password that the user uses to log in with. This results in an SHA1 key that is not reversible with http://www.sha1-lookup.com. The actual value of the salt doesn't really matter, as long as it's random. I've used the SHA1 value of a random number.

Run these statements in a MySQL client such as phpMyAdmin or the standard MySQL command-line client. (Arguably, you should pick a better username and password!)

Auth controller and login form

Obviously, we'll need a Zend Framework project, so let's start off with the zf command line tool:


zf create project zf-auth-tutorial

I will assume you know how to configure your web server to make a ZF project work. If not, look at my tutorial.

You also need to configure the database in application.ini:


resources.db.adapter = "Pdo_Mysql"
resources.db.params.charset = "utf8"
resources.db.params.host = "localhost"
resources.db.params.username = "rob"
resources.db.params.password = "123456"
resources.db.params.dbname = "zfauthtutorial"

(Obviously, you should use your own database credentials and set the database to the same one as where you created the users table earlier!)

We will implement our login and log out functionality within a separate controller, AuthController. Change directory to the zf-auth-tutorial root and use the zf command line tool to create the controller file and view script:


zf create controller Auth

This creates the AuthController class in application/controllers/AuthController.php including an indexAction and associated view script which we'll use for the logging in process.

We'll also need a log-in form, so back to the zf command line tool:


zf create form Login

This creates our Application_Form_Login form in application/forms/Login.php. We need to add three elements to it: username text field, password password field and a submit button:


class Application_Form_Login extends Zend_Form
{
public function init()
{
$this->setName("login");
$this->setMethod('post');

$this->addElement('text', 'username', array(
'filters' => array('StringTrim', 'StringToLower'),
'validators' => array(
array('StringLength', false, array(0, 50)),
),
'required' => true,
'label' => 'Username:',
));

$this->addElement('password', 'password', array(
'filters' => array('StringTrim'),
'validators' => array(
array('StringLength', false, array(0, 50)),
),
'required' => true,
'label' => 'Password:',
));

$this->addElement('submit', 'login', array(
'required' => false,
'ignore' => true,
'label' => 'Login',
));
}
}

We now need to load the form in the controller and render in the view script. The code required is not dissimilar from the form handling explained in my Zend Framework tutorial and looks like this:

application/controllers/AuthController.php

// ...
public function indexAction()
{
$form = new Application_Form_Login();
$request = $this->getRequest();
if ($request->isPost()) {
if ($form->isValid($request->getPost())) {
// do something here to log in
}
}
$this->view->form = $form;
}
// ...

The associated view script is:
application/views/scripts/auth/index.phtml

< ?php $this->headTitle('Login'); ?>

Login

< ?php echo $this->form->setAction($this->url()); ?>

With a little bit of CSS, http://localhost/zf-auth-tutorial/public/auth gives us a login form like this:

Login form

Authenticating

In order to authenticate, we need to replace our comment of "// do something here to log in" with some real code! For simplicity's sake, we're going to put the code required into the AuthController, though in a bigger application, you may want to consider using a service layer object.

We'll create a method called _process() to do the work so start by updating indexAction() in AuthController.php:

application/controllers/AuthController.php

// ...
public function indexAction()
{
$form = new Application_Form_Login();
$request = $this->getRequest();
if ($request->isPost()) {
if ($form->isValid($request->getPost())) {
if ($this->_process($form->getValues())) {
// We're authenticated! Redirect to the home page
$this->_helper->redirector('index', 'index');
}
}
}
$this->view->form = $form;
}
// ...

As you can see, we have added a call to our protected _process() method and then if it returns true, we redirect to the home page using the redirector action helper.

The _process() method looks like this:

application/controllers/AuthController.php

// ...
protected function _process($values)
{
// Get our authentication adapter and check credentials
$adapter = $this->_getAuthAdapter();
$adapter->setIdentity($values['username']);
$adapter->setCredential($values['password']);

$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($adapter);
if ($result->isValid()) {
$user = $adapter->getResultRowObject();
$auth->getStorage()->write($user);
return true;
}
return false;
}
// ...

This code uses another method _getAuthAdapter() to set up the Zend_Auth_Adapter_DbTable object that will be used to do the actual authentication. Once we have it, we use the setIdentity method to tell it the username that the user has entered and the setCredential method to tell it the password.

Having told the adapter all that it needs, we then grab the Zend_Auth object using $auth = Zend_Auth::getInstance(); which shows that Zend_Auth is a Singleton. Zend_Auth's authenticate method is used to test if the supplied username and password is correct.

If it is, then we retrieve the data (as a stdClass) from the users table for this user using getResultRowObject() and then store it to the auth adapter for use in all subsequent requests.

The code for _getAuthAdapter() is:

application/controllers/AuthController.php

// ...
protected function _getAuthAdapter() {

$dbAdapter = Zend_Db_Table::getDefaultAdapter();
$authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);

$authAdapter->setTableName('users')
->setIdentityColumn('username')
->setCredentialColumn('password')
->setCredentialTreatment('SHA1(CONCAT(?,salt))');

return $authAdapter;
}
// ...

We instantiate a Zend_Auth_Adapter_DbTable, passing it the default database adapter from Zend_Db_Table which was helpfully configured for us by Zend_Application as a result of the application.ini settings. We can tell tell it to use the users table and that the identity column and credential columns are username and password respectively.

We use setCredentialTreatment to tell the adapter that the password is stored as an SHA1 and that the value in the salt field should be concatenated to the supplied password when authenticating. If you don't want to use a salt or SHA1 hashing, then removing this line will allow you to use plain text passwords in your database.

The user can now log in by going to http://localhost/zf-auth-tutorial/auth and filling in the correct username and password.

Who is logged in?

Now that the user is logged in, it's not uncommon to display the user's name and provide a link to log out. We could do this as a view helper like this:

application/views/helpers/LoggedInAs.php

class Zend_View_Helper_LoggedInAs extends Zend_View_Helper_Abstract
{
public function loggedInAs ()
{
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$username = $auth->getIdentity()->username;
$logoutUrl = $this->view->url(array('controller'=>'auth',
'action'=>'logout'), null, true);
return 'Welcome ' . $username . '. Logout';
}

$request = Zend_Controller_Front::getInstance()->getRequest();
$controller = $request->getControllerName();
$action = $request->getActionName();
if($controller == 'auth' && $action == 'index') {
return '';
}
$loginUrl = $this->view->url(array('controller'=>'auth', 'action'=>'index'));
return 'Login';
}
}

This code is fairly simple. The important thing is that we retrieve the Zend_Auth object and the test if a user is logged in using hasIdentity(). If the user is logged in, then we use getIdentity() to retrieve the data that we loaded earlier – in this case the username.

We can then use it in our layout.phtml like this:

Logout

In order to log out, we create another action, logoutAction in our AuthController:


zf create action logout Auth

This creates the logoutAction method in the AuthController class. The code is trivial:

application/controllers/AuthController.php

// ...
public function logoutAction()
{
Zend_Auth::getInstance()->clearIdentity();
$this->_helper->redirector('index'); // back to login page
}
// ...

The clearIdentity method of Zend_Auth performs the logout and then we redirect wherever we want the user to go. In this case, I've chosen the login page.

That's all you need to know to get started with Zend_Auth and add authentication to your application. To decide when your application needs the user to be logged in, I recommend using the Zend_Acl component.

Code

A working Zend Framework project of this tutorial is available:

Previous versions of this tutorial

Changelog

2.0 (26/Jul/2010)
New version for Zend Framework 1.10

77 thoughts on “Getting Started with Zend_Auth

  1. Hi Rob,

    Great quickstart tutorial for those new to Zend_Auth, can I suggest just one minor change, something that should be in every login form.

    A CSRF token field in the form would finish this up nicely :)

    Regards,
    Nick

  2. Do we really need _process method? Can we not override the isValid method in Application_Form_Login and add the functionality of _process?

  3. Waqas: The authentication logic doesn't belong in the form, it belongs in the AuthController.

    While your approach would work, the form is simply responsible for displaying itself, collecting and validating the input (in terms of field contents, not database validity).

    It's a personal choice I suppose but I think the authentication code is in the right place, logically.

  4. It all depends on how you look at it. You could create a service class to handle to authentication, use the controller or use the form. Personally, I've done all the at various times, but for smaller apps, find that using the form to handle the processing of the response to the form isn't a bad design.

    I would create a process() method in the for rather than overriding isValid() though.

    Regards,

    Rob…

  5. First of all, thanks for this tutorial, your previous one!

    Finally thank you also for your book as well, I am reading it right now, and it is really good! I am just having some difficulties in trying to catching up the new best practices introduced in the last versions of ZF and integrate them with the code in your book, but thanks to these tutorials I am proceeding fast :)

    Just a question: you mentioned the possibility to create the service class to implement the authentication mechanism… in the zf's mvc structure, where you would insert this class? between the models?
    If I have understand correctly, it would be something like that:

    (inside authcontroller)
    $authenticator = new Application_models_myAuthenticator();
    if ($authenticator->process($form->getValues()))
    //we are authenticated
    else
    //we are not authenticated

    and inside application/models/ you would have a myAuthenticator.php implementing the process method you wrote in your tutorial

    If there is a better way (or more standard way) to do it, I would be glad to know it!

  6. instead of "This creates our Application_Form_Login form in application/controllers/Login.php" should be "This creates our Application_Form_Login form in application/forms/Login.php"

  7. I do prefer use bootstrapper to check my user for the whole bunch of modules

    $view = $this->getResource('view');
    if (Zend_Auth::getInstance()->hasIdentity()) {
    $view->user = Zend_Auth::getInstance()->getIdentity();
    }

  8. Hello,

    I am struggling to learn Zend Framework, however I feel it very hard to learn and it feels like there is so much 'not needed'-code.

    I mean, I could do a login script in pure php in a few lines of code.

    The struggling to learn the zend framework gets harder when everything I do in it, is much easier to do in pure php.

    Do you have any reviews or any guides, anyhting I can read about the framework to make me wanna learn it more?

  9. Hi Henric,

    I guess that the one you have is a common feeling for people trying to learn their first framework.
    So many new classes, files, and methodologies…

    However frameworks have big advantages overall:

    1)Once you learn well at least one MVC framework like Zend, learning others will be much faster
    2)For a very small application the code necessary to use Zend might seem much more than the code normally required, but the more you use a framework the more you will understand that for non trivial applications they can really speed up development time, giving you a lot of pieces of functionality out of the box, a structure that is really easy to maintain and expand, and a common set of best practices that you are obliged to follow, that will dramatically reduce developing time and problems…

    It is just a matter of going through it the first times, the next ones it will be much faster

  10. Rob your two guides have been absolutely invaluable to starting out with Zend, I have a long way to go but I haven't found a comparable beginner's resource!

  11. Hi, what do you think about swith the code in action with this one:

    $form = new Application_Form_Login();
    $request = $this->getRequest();
    if ($request->isPost()&&$form->isValid($request->getPost())) {
    // do something here to log in
    }
    else{
    $this->view->form = $form;
    }

  12. Ideas for a portable routine, that works with other databases? Specifically, SQLite. Maybe PDO::sqliteCreateFunction can be implemented into ZF? For the missing functions, like SHA1.

  13. Hi,
    Thanks for the tutorial. It helped a lot.
    I have one issue though:
    I wasn't able to generate the 'invalid username/password' message in case the user entered a wrong combination. Am I doing something wrong or does this code not handle that?

  14. Thanks for the tutorial.
    For testing authentication in views/layouts I ceated a view helper:
    [[
    class Zend_View_Helper_IsAuthenticated extends Zend_View_Helper_Abstract {
    /**
    * Test if the user has been authenticated
    * @return bool
    */
    public function isAuthenticated ()
    {
    $auth = Zend_Auth::getInstance();
    return $auth->hasIdentity();
    }
    }
    ]]
    And now I can make different content for authenticated/anonymous users:
    [[
    isAuthenticated() ): ?>
    ….
    ]]
    Question: is there any simpler way to do that?
    Thanks. Cheers,r

  15. Hi and thanks for the tutorial. I'm using 1.10.7 of the zend framework. I've followed this tutorial closely, but all I get when viewing is 'View script for controller Auth and script/action name index'

    Any idea why?

  16. Hi Paul,

    That's because I missed a bit in this tutorial – sorry!

    I've added the view script (application/views/scripts/auth/index.phtml) to the tutorial now.

    Regards,

    Rob…

  17. Hi Rob.

    I must say I sympathise totally with Henric's comment above. However, I hasten to add, your excellent tutorials on Akrabat have eased the way and mitigated my grief tremendously. So after going through your getting started tutorial, I felt emboldened enough to tackle authentication.

    My question is: how would one make the log-in page the default page and then pass the user on to the next page if, and only if, they've successfully logged in?

    As things stand now, I have an application, very similar to your albums example in the first tutorial, which is triggered by the default ‘index’ controller. Now, following this log-in tutorial, I have an auth controller. Separately the two bits work fine via localhost/myapp/public and localhost/myapp/public/auth respectively, except that I would want the auth bit to come first and then, following a successful login, proceed to the albums page.

    A supplementary question would be how does one prevent the user from going straight to the albums page without going through the log-in page first.

    I apologise for what I’m sure are very newbie questions. As Henric pointed out, were one to use “regular” php, none of this would be a problem at all. It’s just trying to get my head around how things are/should be done in the Zend Framework.

    Thanks again for all the help you’ve provided thus far. I'm hoping you can oblige me further by answering these two questions for me.

  18. Les,

    Create a Front Controller plugin. Use the dispatchLoopStartup() hook.

    Test Zend_Auth::getInstance()->hasIdentity(). If there isn't an identity and the current request is not for the login form, then redirect to the login form.

    Regards,

    Rob…

  19. GREAT tutorial. You always come up with some great stuff Rob!

    Thank you very much for sharing your knowledge with us.

    Keep up the good work!

  20. Great tutorial, as were your others.

    It would be nice (imo) to see a date at the top of the tutorial; I hate reading through tutorials only to find out at the end that the information is completely out of date. Of course, this wasn't the case here and you listed it was tested in 1.10, which helps immensely, but it's still nice to see when something was posted right at the top.

    Thanks again for taking the time to write these up.

    1. Hi BDN,

      I don't tend to like prominent dates to be honest as it colours people's judgement too much. I much prefer to note which version of ZF applies.

      Regards,

      Rob…

  21. Hi Rob
    Thanks for another great tutorial, your guides have helped massively with getting my head around how ZF works.

    Quick question through, like Les, I'd like to authenticate before allowing users into certain parts of the website. If you try to gain access to another part of the site without logging in your forced back to the login page. So far so usual. I just didn't understand your response to Les though, I've no idea where to begin?

    Thanks
    G

  22. Hi Rob,

    very good tutorial. it works!

    I found your PDF with the Auth and ACL tutorial.
    When I try it I get an error:
    Fatal error: Class 'Application_Acl' not found in projectapplicationpluginsAcl.php on line 18
    I my application.ini I have:
    appnamespace = "Application"
    resources.frontController.plugins.acl = Application_Plugin_Acl

    I was searching and searching and searching but I don't no what I'm doing wrong here.

    Thanks
    Max

  23. Hi Rob,

    I found another PDF the TekX-ZF-tutorial.
    And now it works!

    Now I'am trying to use the ACL for my navigation. I load my navigation in my bootstrap but I don't know how do I set the ACL when I implemented the ACL and Auth the way you did in your tutorial.

    Thanks
    Max

  24. is this natural when I var_dump($_SESSION);
    I get this:

    rray(1) { ["Zend_Auth"]=> array(1) { ["storage"]=> object(stdClass)#48 (6) { ["id"]=> string(1) "1" ["username"]=> string(5) "admin" ["password"]=> string(40) "cb3aefbdffbc81588f3d43c394428b16d4346b44" ["salt"]=> string(40) "ce8d96d579d389e783f95b3772785783ea1a9854" ["role"]=> string(13) "administrator" ["date_created"]=> string(19) "2010-11-04 21:10:22" } } }

    the password is in the session how to get around this? and can I set my custom session for this?

  25. Hi Rob,

    It would be great if you would extend the tutorial a little and give us a good way to create those user accounts as well.

    The tutorial itself is really great. thanks.

    Raffael

  26. hi rob,

    i did this as you said beut at the end I'm getting a error called "Uncaught exception 'Zend_Loader_PluginLoader_Exception' with message 'Plugin by name 'LoggedInAs' was not found in the registry;".

    please tell me what's the reason for this.

    thank you.
    I love to your tutorials. those very simple and very clear.

    Dinesh

  27. hi Rob,

    I'm very sorry and I found the issue. It was my stupid work. forgot to place <?php mark on top of the view helper :)

    thank you

    Dinesh

  28. Hi,

    How do you store user data in AuthController.php

    if ($result->isValid()) {
    $user = $adapter->getResultRowObject();
    $auth->getStorage()->write($user);
    return true;
    }

    if he has more than one role.

    I have
    Users table
    Roles table and
    UserRoles table

    Please help me.

    -PM

  29. One thing is omitted which many might want in their Auth code. If you want to code in a "remember me" checkbox, after:
    $auth->getStorage()->write($user);
    you can add
    Zend_Session::rememberMe();
    Which will cause the session to persist even after the user has closed the browser(the session id cookie is valid for a long time)

  30. Hello,

    First of all, thanks for the great tutorial, it saved me hours and hours of pain working out the authentication. I just have one question. You have defined the SHA1 method and salt for leaving a password in a database at the beginning of the article. How would the registration work in that case? I mean, if a random user is to register, how would you add the salt to their password?

    I know it's a noob question, but I am pretty new at Zend and have to work out the nooks and crannies of it…

    Thanks in advance for the possible claifications of this (to you a minor, but to me a major) issue.

  31. Hello from France !
    First I have made the Tutorial: Getting Started with Zend Framework 1.10 in its french translation from developpez.com.

    Then I've put exactly the code you give in the same application of the first tutorial but instead of redirect to the index page (albums list), I have a blank page.

    I've added the following parameter in .htaccess :
    SetEnv APPLICATION_ENV development
    and now I have this error :
    Fatal error: Call to undefined function iconv_strlen() in /var/www/html/tutoriel-zf/library/Zend/Validate/StringLength.php on line 236

    What do you think could be wrong ?

    Thanks in advance.

  32. EDIT
    The error is due to the validators in form Login.php on username and password fields.

    I've commented them and nox it works fine.

    But why is there a problem with the validators ?

  33. Great help for beginner.. I would like to add code below code in helper file, so any unauthorized access will be redirected to login page in case user not logged in trying to access secure page..

    $loginUrl = $this->view->url(array('controller'=>'auth', 'action'=>'index'));
    "window.location='".$loginUrl."'";

  34. @Shadab:
    Never redirect by JavaScript. That would be easy for hackers.

    Just handle in nicely in you AuthController like this way:

    if (!Zend_Auth::getInstance()->hasIdentity())
    $this->_redirect('/'); // Will go to your indexpage.

  35. I'm always getting an Exception: "A value for the identity was not provided prior to authentication with Zend_Auth_Adapter_DbTable"

    Does anybody know where the problem is ?

  36. The supplied parameters to Zend_Auth_Adapter_DbTable failed to produce a valid sql statement, please check table and column names for validity.

  37. Hi there!

    Thank you very much for your tutorial, clear and very useful.

    I am new to Zend and I an wondering what's the best way to solve a particular problem with Zend_Auth. I have a login form in my website header (ie in the layout). Basically, I would like the user to be able to log in on any page of the website and to be kept on the page he tried to log in.

    Here is the solution I have in mind:

    I create an AuthController just as in your example. The login form action attribute is set to this controller.

    I also create an action helper, which hooks at pre-dispatch. This action helper will create the form with an hidden field containing the current URL and set the form in a view variable to be displayed in the layout.

    When the authentification controller is called, it checks if login & password are ok and on success redirects to the url in the hidden field.

    Is this way of doing it seems fine to you or am I missing something ?

    Thanks!

  38. Is it possible to secure the entire website, whit a login screen that overpowers de layoutscript?
    I can manage this with checking the auth in every init from every controller, but how can i make the login screen apart from the layoutscript so the unauth. guests can't see the menu etc defined in the layout.phtml

  39. I've worked with a second layout now, just for the index of the authController. But there must be an other solution where i don't need to check it everytime in every init of every controller.

    Btw, I also would like to know the question from Julien. Is there a way to put the login form elsewhere, like on every 'guestpage'. Again you can manage this with checking the login in every init, but then you need to put the process etc in every controller, looks like overkill.

  40. Hello,
    I have ZF 1.11.3 and problem with this tutorial.
    I see error:

    Fatal error: Call to a member function setTableName() on a non-object in …..

  41. Hi,

    could you please make an example about how you can implement this to secure a page?

  42. Hello Rob,

    First of all, thank you for your tutorials. They give us good start points.

    I must point out that there is a problem with setCredentialTreatment('SHA1(CONCAT(?,salt))') with MySQL 5.5 but it works with MySQL 5.1 !

    It seems that, with a MySQL 5.5 server, it is not possible to use the salt.
    The error is : "The supplied parameters to Zend_Auth_Adapter_DbTable failed to produce a valid sql statement, please check table and column names for validity."

    I can't say more, i'm not a specialist.

    Regards,

  43. hi rob, this nice tutorial, but i get a little bit in this line 34 AuthController.php

    $result = $auth->authenticate($adapter);

    if i disable this line and set true, it run properly.

    BR,
    IB

  44. How do this using pdo_odbc to access SQL Server from linux.
    The remote server does not have the pdo_mssql only pdo_odbc and pdo_dblib.
    've Searched the net a solution but so far without the continuous solution.

    thanks

  45. Hello,

    I received the same error as above Zend_Auth_Adapter_DbTable failed to produce a valid sql statement, please check table and column names for validity.

    What is the solution for this error?

  46. How does one go about adding users to the db? I want a form where the users supply their names and passwords and are then added to the db.Have you already done that tutorial and I just can't find it? This series has been a Godsend for a newbie like me.

  47. waterfallrain : if you put the field works.
    $authAdapter->setTableName('users')
    ->setIdentityColumn('username')
    ->setCredentialColumn('password')
    ->setCredentialTreatment(new Zend_Db_Expr('SHA1(CONCAT(password,salt))'));

  48. @waterfallrain, mifsud, joe, oripuma :
    I think the problem is the data encoding for SQL and some recent changes mifsud linked to. Check your mysql version and if it is less than 5.5.3, try this table instead

    CREATE TABLE IF NOT EXISTS users (
    id int(11) NOT NULL AUTO_INCREMENT,
    username varchar(50) NOT NULL,
    password varbinary(50) NOT NULL,
    salt varbinary(50) NOT NULL,
    role varchar(50) NOT NULL,
    date_created datetime NOT NULL,
    PRIMARY KEY (id)
    );

    The difference is the salt and password are varbinary instead of varchar. mysql<5.5.3 returns binary strings for sha(), md5() and some others. Newer versions of mysql return ascii strings and can use varchar for salt and password.
    I'm no expert on mysql so if I'm wrong, please correct me, though this code worked for me.

    @Rob, Thanks for these tutorials. They've been a big help to me.

  49. For mssql 2005 I used
    setCredentialTreatment("SUBSTRING(master.dbo.fn_varbintohexstr(HashBytes('SHA1', cast(?+salt as varchar(50)))), 3, 50)")

    Anyone see any problems I'm overlooking?

  50. Rob
    Thanks for the tutorial.
    How would I use the hasidentity to tell my database who has completed the entry form that i have created.
    I currently have
    $data = array(
    'supervisor' => $_POST['$identity']
    along with all of the other post commands. Everything works with the exception of the $identity. I want to know who entered all of the information without them entering their name again.
    Any information would be appreciated.

  51. Hello rob. Great tutes. Like many your tutorials have helped me learn zf!

    I have built an app using auth and acl. I would like to add an option to keep a user logged in next time they visit the site. If I was coding normally I would create a cookie to read next visit, then log them in.

    Since I'm using zend auth I'm not sure how to incorporate such a feature.

    What would you suggest?

    Thnx Richard.

  52. I am very new to zend and I am stock at auth. I need some help as I tried out this tutorial I am getting the message,"An error occurred

    Application error" when I click on the submit button. There must be something I am doing wrong since every seems to be getting. Please help me with my laziness

  53. Hello Mukoro Godwin, i have the same problem with the tutorial, an error 500 when i try to log-in… Have you found any solution?
    Thx
    Victor

  54. Victor, thanks so much after reading your response I discover my database was also encoded in latin_swedish… and I made the changes and it worked. I am grateful.

    I would move on but how this was the problem I need to research because up till my database have be working well

  55. Your tutorials about ZF are the best that one can find online. Thank you very much, and keep up with the good work!

  56. Hi Rob,
    Great tuts, a question about the Zend Framework in Action Book, this covers ZF1.5 are you updating the book or writing a book to support 1.11 at any point?

  57. Hey Rob,

    First and forward: THANK YOU! The greatest tutorials for beginners in Zend framework around the web. Honestly.

    In case the following has already been mentioned, pls just ignore or delete my comment.

    I was having difficulties with the auth tutorial, adding the "LoggedInAs" helper. In your tutorial, you state the Helper-Class without "" at the beginning and end. While this makes sense, as you call "loggedInAs(); ?> " in your layout file to access the helper, it didn't work for me.

    I had to put "" into the LoggedInAs.php file (at the beginning and end) in order to not receive a
    "Fatal error: Uncaught exception 'Zend_Loader_PluginLoader_Exception' with message 'Plugin by name 'LoggedInAs' was not found in the registry; used paths: Zend_View_Helper_: Zend/View/Helper/;D:/xampp/htdocs/zf-auth-tutorial/application/viewshelpers/'"

    Do you know the reason? Maybe you would like to add this into the tutorial or give me a hint, why it didn't work for me your way.

    Thanks again for the great tuts!
    Sven

  58. INSERT INTO users (username, password, salt, role, date_created)
    VALUES ('admin', SHA1('passwordce8d96d579d389e783f95b3772785783ea1a9854'),
    'ce8d96d579d389e783f95b3772785783ea1a9854', 'administrator', NOW());

    Maybe its wrong…

Comments are closed.