public function loginAction() { if (Zend_Auth::getInstance()->hasIdentity()) { return $this->_redirect('/'); } // process the form $form = new Application_Form_Login(); if ($this->getRequest()->isPost() && $form->isValid($_POST)) { // check if the user exists $user_mapper = new Application_Model_UserMapper(); $qry = "\n SElECT *\n FROM user\n WHERE username = :credential\n OR email = :credential"; $params = array('credential' => $form->getValue('credential')); $user = $user_mapper->query($qry, $params); if ($user) { $user = new Application_Model_User($user[0]); // if the account is not active, prompt the user to activate the account if (!$user->getActive()) { $this->_helper->FlashMessenger('User Not Activated'); return $this->_redirect('/registration/confirm/id/' . $user->getId()); } // authenticate the user $db = Zend_Registry::get('db_default'); $credential_choice = $params['credential'] == $user->getUsername() ? 'username' : 'email'; $adapter = new Zend_Auth_Adapter_DbTable($db, 'user', $credential_choice, 'password_hash'); $adapter->setIdentity($form->getValue('credential')); $adapter->setCredential(hash('sha256', $user->getPassword_salt() . $form->getValue('password'))); $zend_auth = Zend_Auth::getInstance(); $result = $zend_auth->authenticate($adapter); if ($result->isValid()) { // store session information in database $session_mapper = new Application_Model_SessionMapper(); $session = new Application_Model_Session(array('user_id' => $user->getId(), 'ip_address' => $_SERVER['REMOTE_ADDR'], 'login_timestamp' => date('Y-m-d H:i:s'))); $session_mapper->save($session); // store user information in session variable $session = new Zend_Session_Namespace('user'); $session->user = $user->get_array(); $this->_helper->FlashMessenger('Successful Login'); return $this->_redirect('/'); } else { echo "Authentication failed."; } } else { echo "Invalid username/email"; } } $this->view->form = $form; }