Zend框架的登录表单

Question

我有一个日志的形式，检查通过数据库的用户电子邮件地址和密码，如果匹配，它允许用户登录。问题是，它会检查数据库匹配任何密码的电子邮件或与数据库中任何电子邮件相匹配的密码。我希望它检查这个特定的用户电子邮件以匹配他的密码，不匹配数据库中存在的任何密码。

这里是我的控制器，我认为我没有错：

$loginForm = new Application_Form_UserLogin(); 
if ($this->getRequest()->isPost('loginForm')) 
    { 
     $email_adrress = $this->getRequest()->getParam('email_address'); 
     $password = $this->getRequest()->getParam('password'); 

     /************ Login Form ************/ 
     if ($loginForm->isValid($this->getRequest()->getParams())) 
     { 
      $user = $this->_helper->model('Users')->createRow($loginForm->getValues()); 
      $user = $this->_helper->model('Users')->fetchRowByFields(array('email' => $email_adrress, 'hash' => $password)); 

      if($user) 
      { 
       Zend_Session::rememberMe(86400 * 14); 
       Zend_Auth::getInstance()->getStorage()->write($user); 
       $this->getHelper('redirector')->gotoRoute(array(), 'invite'); 
       return; 
      } 
      else { 
      }    
     } 
    }$this->view->loginForm = $loginForm; 

我的形式：

class Application_Form_UserLogin extends Zend_Form 
{ 
public $email, $password, $submit; 

public function init() 
{  
    $this->setName('loginForm');   

    $EmailExists = new Zend_Validate_Db_RecordExists(
      array(
       'table' => 'users', 
       'field' => 'email' 
      ) 
     ); 

    //$EmailExists->setMessage('Invalid email address, please try again. *'); 

    $PasswordExists = new Zend_Validate_Db_RecordExists(
      array(
       'table' => 'users', 
       'field' => 'hash' 
      ) 
     ); 

    $PasswordExists->setMessage('Invalid password, please try again. *'); 

    $this->email = $this->createElement('text', 'email_address') 
        ->setLabel('Email') 
        ->addValidator($EmailExists) 
        ->addValidator('EmailAddress') 
        ->setRequired(true); 

    $this->password = $this->createElement('text', 'password') 
        ->setLabel('Password') 
        ->addValidator($PasswordExists) 
        ->setRequired(true); 


    $this->submitButton = $this->createElement('button', 'btn_login') 
          ->setLabel('Login') 
          ->setAttrib('type', 'submit'); 

    $this->addElements(array($this->email, $this->password, $this->submit)); 

    $elementDecorators = array(
     'ViewHelper' 
    ); 
    $this->setElementDecorators($elementDecorators); 
} 

}

Answer 1

我不会添加此登录处理为对元件中的一个的验证器。相反，我会创建一个Zend_Auth身份验证适配器，并将您的用户模型，电子邮件和密码作为构造函数参数。然后，在控制器中，拨打Zend_Auth::authenticate($adapter)。

喜欢的东西：

class Application_Model_AuthAdapter implements Zend_Auth_Adapter_Interface 
{ 
    protected $userModel; 
    protected $email; 
    protected $pass; 

    public function __construct($userModel, $email, $pass) 
    { 
     $this->userModel = $userModel; 
     $this->email = $email; 
     $this->pass = $pass; 
    } 

    public function authenticate() 
    { 
     $user = $this->userModel->getByEmailAndPassword($this->email, $this->pass); 
     if ($user){ 
      return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $user); 
     } else { 
      return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, null); 
     } 
    } 
} 

然后在你的控制器：

public function loginAction() 
{ 
    $form = new Application_Form_UserLogin(); 
    if ($this->_request->isPost()) { 
     if ($form->isValid($this->_request->getPost())) { 
      $data = $form->getValues(); 
      $email = $data['email']; 
      $pass = $data['pass']; 
      $userModel = $this->_helper->model('Users'); 
      $authAdapter = new Application_Model_AuthAdapter($userModel, $email, $pass); 
      $result = Zend_Auth::getInstance()->authenticate($adapter); 
      if ($result->isValid()){ 
       // $user= $result->getIdentity(). Use it how you like. 
       // Redirect someplace 
      } else { 
       $this->view->error = 'Invalid login'; 
      } 
     } 
    } 
    $this->view->form = $form; 
} 

详情请参阅Zend_Auth reference。

Answer 2

我不熟悉你想的方式做到这一点。您自己编写的fetchRowByFields方法是？如果是这样，很难在没有看到代码的情况下帮助你。

你有没有考虑使用Zend框架所提供的机制来对数据库进行认证？

Zend框架的官方手册中包含关于如何实现身份验证的简短的教程： http://framework.zend.com/manual/1.12/en/learning.multiuser.authentication.html

您使用的适配器Zend_Auth类，做你想做什么。