public function indexAction()
{
if (Zend_Auth::getInstance()->hasIdentity()) {
return $this->_redirect('/');
}
// process the form
$form = new Application_Form_Register();
if ($this->getRequest()->isPost()) {
if ($form->isValid($_POST)) {
if ($form->getValue('password') == $form->getValue('password_confirm')) {
/**
* Check if a user with the given username or email already
* exists
*/
$user_mapper = new Application_Model_UserMapper();
$user = $user_mapper->findByUsername($form->getValue('username'));
$email = $user_mapper->findByEmail($form->getValue('email'));
if (!$user && !$email) {
$values = $form->getValues();
$user_mapper = new Application_Model_UserMapper();
$user = new Application_Model_User($values);
// Hash the password with a random salt
$user->setPassword_salt(mcrypt_create_iv(64));
$user->setPassword_hash(hash('sha256', $user->getPassword_salt() . $form->getValue('password')));
$user->setActive(0);
// Insert the account into the database
$user_mapper->save($user);
$user = $user_mapper->findByUsername($user->getUsername());
if ($user) {
$user = $user[0];
// prompt the user to activate the account
$this->_helper->FlashMessenger('Successful Registration');
return $this->_redirect('/registration/confirm/id/' . $user->getId());
}
} else {
if ($user) {
print "A user with this user name already exists.";
}
if ($email) {
print "A user with this email already exists.";
}
}
} else {
print "The password was not confirmed.";
}
} else {
print 'Invalid form';
}
}
$this->view->form = $form;
}
public function loginAction()
{
if (Zend_Auth::getInstance()->hasIdentity()) {
return $this->_redirect('/');
}
// process the form
$form = new Application_Form_Login();
if ($this->getRequest()->isPost() && $form->isValid($_POST)) {
// check if the user exists
$user_mapper = new Application_Model_UserMapper();
$qry = "\n SElECT *\n FROM user\n WHERE username = :credential\n OR email = :credential";
$params = array('credential' => $form->getValue('credential'));
$user = $user_mapper->query($qry, $params);
if ($user) {
$user = new Application_Model_User($user[0]);
// if the account is not active, prompt the user to activate the account
if (!$user->getActive()) {
$this->_helper->FlashMessenger('User Not Activated');
return $this->_redirect('/registration/confirm/id/' . $user->getId());
}
// authenticate the user
$db = Zend_Registry::get('db_default');
$credential_choice = $params['credential'] == $user->getUsername() ? 'username' : 'email';
$adapter = new Zend_Auth_Adapter_DbTable($db, 'user', $credential_choice, 'password_hash');
$adapter->setIdentity($form->getValue('credential'));
$adapter->setCredential(hash('sha256', $user->getPassword_salt() . $form->getValue('password')));
$zend_auth = Zend_Auth::getInstance();
$result = $zend_auth->authenticate($adapter);
if ($result->isValid()) {
// store session information in database
$session_mapper = new Application_Model_SessionMapper();
$session = new Application_Model_Session(array('user_id' => $user->getId(), 'ip_address' => $_SERVER['REMOTE_ADDR'], 'login_timestamp' => date('Y-m-d H:i:s')));
$session_mapper->save($session);
// store user information in session variable
$session = new Zend_Session_Namespace('user');
$session->user = $user->get_array();
$this->_helper->FlashMessenger('Successful Login');
return $this->_redirect('/');
} else {
echo "Authentication failed.";
}
} else {
echo "Invalid username/email";
}
}
$this->view->form = $form;
}
