Until now I have stored all passwords in plain text because the site is not live and I decided to wait for the new password api.
I have this code working for passwords in plain text:
<?php
$dbAdapter = Zend_Db_Table::getDefaultAdapter();
$authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);
$authAdapter->setTableName('account')
->setIdentityColumn('account_id')
->setCredentialColumn('account_password');
// Get our authentication adapter and check credentials
$adapter = $authAdapter;
$adapter->setIdentity($values['account_id']);
$adapter->setCredential($values['password']);
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($adapter);
if ($result->isValid()) {
$user = $adapter->getResultRowObject();
$auth->getStorage()->write($user);
return true;
}
return false;
According to docs I should implement my own adapter and probably just change to make use of password_verify().
I'm missing the big picture here to how everything is working together.
My question is:
$authAdaper or $authAny high level (or low level :D) example code would be appreciated.
All best Adam
If you are looking to modify the way in which your authentication operates by adding the password_hash encryption then you will need to do so within PHP.
As you still wish to use database authentication I think recreating this as a new adapter would be overkill. You could however, extend the current database adapter, such as:
class My_Auth_Adapter_DbTable extends Zend_Auth_Adapter_DbTable
{
public function setCredential($credential)
{
$this->_credential = password_hash($credential);
return $this;
}
}
This means that any password provided to the adapter will always be encrypted with the password_hash function.
This could however be acomplished outside the adapter by hashing the password prior to the call to setCredential.
$options = array('salt' => $config->passwordSalt);
$hashPassword = password_hash($plainTextPassword, PASSWORD_BCRYPT, $options);
$adpater->setCredential($hashPassword);
This method will allow you to modify the optional parameters before passing to the adapter.
Lastly, it is worth mentioning that the setCredentialTreatment method is normally used to provided password encryption, which is performed within the SQL statement (meaning you will need to use the MySQL commands and not password_hash).
$authAdapter->setTableName('user')
->setIdentityColumn('email')
->setCredentialColumn('password')
->setCredentialTreatment(sprintf("MD5(CONCAT(?,'%s'))", $config->passwordSalt));