So you’re using Zend and you must be thinking, there has to be an easy way to authenticate users! Well, you can use Zend Auth and it makes it pretty damn easy. The basic concept is that it assumes that you have a combination of either a username/password, email/password or a combination of the two to authenticate your users. If you have something other than those combinations you may want to look at extending Zend_Auth instead of directly using it(that however it outside the scope of this tutorial). First off this tutorial assumes a couple things. One, that you know about the standard Zend Directory structure and two, that you have already setup a login form and are now working on authenticating the user. We’ll start off in the index action of your LoginController. That way you have the url as /login. First off we’ll check if the request is a post request:

if ($request->isPost()) {
}

Next we’ll use the “isValid” method call on your form. This uses the parameters you set when you created the form to validate each element. We pass in the post parameters into the isValid to do the verification like follows:

if ($loginForm->isValid($request->getPost())) {
}

This will go inside of your isPost if statement. Next we’re going to grab the parameters that we want to validate with. In this case we’ll use the username/password combination. We’ll then grab an instance of the database adapter and create a Zend_Auth_Adapter_DbTable object that we pass in the database adapter to.

// get the username and password from the form
$username = $loginForm->getValue('username');
$password = $loginForm->getValue('password');
 
// Create the adapter and zend auth instance
$dbAdapter = Zend_Db_Table::getDefaultAdapter();
$authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);

Now is where the heavy lifting happens. We need to pass some items into the $authAdapter so that it knows what to use to authenticate the user. WE do that by passing it a tableName, an Identity Column, a Credential Column and a Credential Treatment like follows:

$authAdapter->setTableName('User')
            ->setIdentityColumn('username')
            ->setCredentialColumn('password')
            ->setCredentialTreatment('MD5(?)');
 
// pass to the adapter the submitted username and password
$authAdapter->setIdentity($username)
            ->setCredential($password);

In this tutorial I’m just using an MD5 for the password however there are a plethora of other options available to use. Next we need to get our Zend_Auth instance and call the “authenticate” method while passing in the $authAdapter we created earlier. We then call the “isValid” method on the $auth adapter to return a boolean.

$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($authAdapter);
 
if ($result->isValid()) {
}

Now we know that the user has been authenticated. So there was a row in the database that matched the user’s credentials. We can now proceed to set the user session values and redirect them to the location you want them to go. We’re going to grab all the user’s information from the database(excluding their password) to set to the session.

// get all info about this user from the login table
// ommit only the password, we don't need that
$userInfo = $authAdapter->getResultRowObject(null, 'password');
 
// the default storage is a session with namespace Zend_Auth
$authStorage = $auth->getStorage();
$authStorage->write($userInfo);
 
$authNamespace = new Zend_Session_Namespace('Zend_Auth');
$authNamespace->username = $username;
 
$this->_redirect('/dashboard');

Finally we need to set an error message if the user enters invalid credentials. We do that in the else statement of the $result->isValid call.

else {
    $errorMessage = "Wrong username or password provided. Please try again.";
}

We can now use that error message in our view by going $this->view->errorMessage = $errorMessage. All together it looks something like this:

/**
 * Index Action to display the login form and
 * uses AJAX call to validate + authenticate the user
 */
public function indexAction()
{
    // If we're already logged in, just redirect  
    if (Zend_Auth::getInstance()->hasIdentity()) {  
        $this->_redirect('/dashboard');  
    }  
 
    $request = $this->getRequest();  
    $loginForm = $this->getLoginForm();  
 
    $errorMessage = "";  
 
    if ($request->isPost()) {
        if ($loginForm->isValid($request->getPost())) {
            // get the username and password from the form
            $username = $loginForm->getValue('username');
            $password = $loginForm->getValue('password');
 
            $dbAdapter = Zend_Db_Table::getDefaultAdapter();
            $authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);
 
            $authAdapter->setTableName('User')
                	->setIdentityColumn('username')
                    	->setCredentialColumn('password')
                    	->setCredentialTreatment('MD5(?)');
 
            // pass to the adapter the submitted username and password
            $authAdapter->setIdentity($username)
                    	->setCredential($password);
 
            $auth = Zend_Auth::getInstance();
            $result = $auth->authenticate($authAdapter);
 
    	    // is the user a valid one?
       	    if ($result->isValid()) {
	        // get all info about this user from the login table
	        // ommit only the password, we don't need that
	        $userInfo = $authAdapter->getResultRowObject(null, 'password');
 
	        // the default storage is a session with namespace Zend_Auth
	        $authStorage = $auth->getStorage();
	        $authStorage->write($userInfo);
 
	        $authNamespace = new Zend_Session_Namespace('Zend_Auth');
	        $authNamespace->username = $username;
 
	        $this->_redirect('/dashboard');
            } else {
    		$errorMessage = "Wrong username or password provided. Please try again.";
	    }
	}
    }
    $this->view->errorMessage = $errorMessage;
    $this->view->loginForm = $loginForm;
}

As always feel free to post any questions in the comments section below.