public function loginAction()
{
if (Zend_Auth::getInstance()->hasIdentity()) {
return $this->_redirect('/');
}
// process the form
$form = new Application_Form_Login();
if ($this->getRequest()->isPost() && $form->isValid($_POST)) {
// check if the user exists
$user_mapper = new Application_Model_UserMapper();
$qry = "\n SElECT *\n FROM user\n WHERE username = :credential\n OR email = :credential";
$params = array('credential' => $form->getValue('credential'));
$user = $user_mapper->query($qry, $params);
if ($user) {
$user = new Application_Model_User($user[0]);
// if the account is not active, prompt the user to activate the account
if (!$user->getActive()) {
$this->_helper->FlashMessenger('User Not Activated');
return $this->_redirect('/registration/confirm/id/' . $user->getId());
}
// authenticate the user
$db = Zend_Registry::get('db_default');
$credential_choice = $params['credential'] == $user->getUsername() ? 'username' : 'email';
$adapter = new Zend_Auth_Adapter_DbTable($db, 'user', $credential_choice, 'password_hash');
$adapter->setIdentity($form->getValue('credential'));
$adapter->setCredential(hash('sha256', $user->getPassword_salt() . $form->getValue('password')));
$zend_auth = Zend_Auth::getInstance();
$result = $zend_auth->authenticate($adapter);
if ($result->isValid()) {
// store session information in database
$session_mapper = new Application_Model_SessionMapper();
$session = new Application_Model_Session(array('user_id' => $user->getId(), 'ip_address' => $_SERVER['REMOTE_ADDR'], 'login_timestamp' => date('Y-m-d H:i:s')));
$session_mapper->save($session);
// store user information in session variable
$session = new Zend_Session_Namespace('user');
$session->user = $user->get_array();
$this->_helper->FlashMessenger('Successful Login');
return $this->_redirect('/');
} else {
echo "Authentication failed.";
}
} else {
echo "Invalid username/email";
}
}
$this->view->form = $form;
}
