public function indexAction() { if (Zend_Auth::getInstance()->hasIdentity()) { return $this->_redirect('/'); } // process the form $form = new Application_Form_Register(); if ($this->getRequest()->isPost()) { if ($form->isValid($_POST)) { if ($form->getValue('password') == $form->getValue('password_confirm')) { /** * Check if a user with the given username or email already * exists */ $user_mapper = new Application_Model_UserMapper(); $user = $user_mapper->findByUsername($form->getValue('username')); $email = $user_mapper->findByEmail($form->getValue('email')); if (!$user && !$email) { $values = $form->getValues(); $user_mapper = new Application_Model_UserMapper(); $user = new Application_Model_User($values); // Hash the password with a random salt $user->setPassword_salt(mcrypt_create_iv(64)); $user->setPassword_hash(hash('sha256', $user->getPassword_salt() . $form->getValue('password'))); $user->setActive(0); // Insert the account into the database $user_mapper->save($user); $user = $user_mapper->findByUsername($user->getUsername()); if ($user) { $user = $user[0]; // prompt the user to activate the account $this->_helper->FlashMessenger('Successful Registration'); return $this->_redirect('/registration/confirm/id/' . $user->getId()); } } else { if ($user) { print "A user with this user name already exists."; } if ($email) { print "A user with this email already exists."; } } } else { print "The password was not confirmed."; } } else { print 'Invalid form'; } } $this->view->form = $form; }
public function loginAction() { if (Zend_Auth::getInstance()->hasIdentity()) { return $this->_redirect('/'); } // process the form $form = new Application_Form_Login(); if ($this->getRequest()->isPost() && $form->isValid($_POST)) { // check if the user exists $user_mapper = new Application_Model_UserMapper(); $qry = "\n SElECT *\n FROM user\n WHERE username = :credential\n OR email = :credential"; $params = array('credential' => $form->getValue('credential')); $user = $user_mapper->query($qry, $params); if ($user) { $user = new Application_Model_User($user[0]); // if the account is not active, prompt the user to activate the account if (!$user->getActive()) { $this->_helper->FlashMessenger('User Not Activated'); return $this->_redirect('/registration/confirm/id/' . $user->getId()); } // authenticate the user $db = Zend_Registry::get('db_default'); $credential_choice = $params['credential'] == $user->getUsername() ? 'username' : 'email'; $adapter = new Zend_Auth_Adapter_DbTable($db, 'user', $credential_choice, 'password_hash'); $adapter->setIdentity($form->getValue('credential')); $adapter->setCredential(hash('sha256', $user->getPassword_salt() . $form->getValue('password'))); $zend_auth = Zend_Auth::getInstance(); $result = $zend_auth->authenticate($adapter); if ($result->isValid()) { // store session information in database $session_mapper = new Application_Model_SessionMapper(); $session = new Application_Model_Session(array('user_id' => $user->getId(), 'ip_address' => $_SERVER['REMOTE_ADDR'], 'login_timestamp' => date('Y-m-d H:i:s'))); $session_mapper->save($session); // store user information in session variable $session = new Zend_Session_Namespace('user'); $session->user = $user->get_array(); $this->_helper->FlashMessenger('Successful Login'); return $this->_redirect('/'); } else { echo "Authentication failed."; } } else { echo "Invalid username/email"; } } $this->view->form = $form; }