0

我有一个登录表单,通过数据库检查用户电子邮件和密码,如果匹配,则允许用户登录。问题是它检查与数据库中任何密码匹配的电子邮件或与任何电子邮件匹配的密码在数据库中。我希望它检查这个特定的用户电子邮件以匹配他的密码,而不是匹配数据库中存在的任何密码。

这是我的控制器,我认为我做错了:

$loginForm = new Application_Form_UserLogin();
if ($this->getRequest()->isPost('loginForm'))
    {   
        $email_adrress = $this->getRequest()->getParam('email_address');
        $password = $this->getRequest()->getParam('password');

        /************ Login Form ************/
        if ($loginForm->isValid($this->getRequest()->getParams()))
        {
            $user = $this->_helper->model('Users')->createRow($loginForm->getValues()); 
            $user = $this->_helper->model('Users')->fetchRowByFields(array('email' => $email_adrress, 'hash' => $password));

            if($user) 
            {
                Zend_Session::rememberMe(86400 * 14);
                Zend_Auth::getInstance()->getStorage()->write($user);
                $this->getHelper('redirector')->gotoRoute(array(), 'invite');
                return;
            } 
            else {
            }               
        }
    }$this->view->loginForm = $loginForm;

我的表格:

class Application_Form_UserLogin extends Zend_Form
{
public $email, $password, $submit;

public function init()
{       
    $this->setName('loginForm');        

    $EmailExists = new Zend_Validate_Db_RecordExists(
            array(
                'table' => 'users',
                'field' => 'email'
            )
        );

    //$EmailExists->setMessage('Invalid email address, please try again. *');

    $PasswordExists = new Zend_Validate_Db_RecordExists(
            array(
                'table' => 'users',
                'field' => 'hash'
            )
        );

    $PasswordExists->setMessage('Invalid password, please try again. *');

    $this->email = $this->createElement('text', 'email_address')
                     ->setLabel('Email')
                     ->addValidator($EmailExists)
                     ->addValidator('EmailAddress')
                     ->setRequired(true);

    $this->password = $this->createElement('text', 'password')
                     ->setLabel('Password')
                     ->addValidator($PasswordExists)
                     ->setRequired(true);


    $this->submitButton = $this->createElement('button', 'btn_login')
                            ->setLabel('Login')
                            ->setAttrib('type', 'submit');

    $this->addElements(array($this->email, $this->password, $this->submit));

    $elementDecorators = array(
        'ViewHelper'
    );
    $this->setElementDecorators($elementDecorators);
}

}

4

2 回答 2

0

我不熟悉您尝试这样做的方式。fetchRowByFields 方法是您自己编写的吗?如果是这样,不看代码就很难帮助你。

您是否考虑过使用 Zend Framework 提供的机制对数据库执行身份验证?

Zend Framework 官方手册包含一个关于如何实现认证的简短教程:http: //framework.zend.com/manual/1.12/en/learning.multiuser.authentication.html

你使用一个带有 Zend_Auth 类的适配器来做你想做的事。

于 2013-01-08T20:32:35.243 回答
0

我不会将此登录处理添加为其中一个元素的验证器。相反,我将Zend_Auth使用您的用户模型、电子邮件和密码作为构造函数参数创建一个身份验证适配器。然后,在控制器中,调用Zend_Auth::authenticate($adapter).

就像是:

class Application_Model_AuthAdapter implements Zend_Auth_Adapter_Interface
{
    protected $userModel;   
    protected $email;
    protected $pass;

    public function __construct($userModel, $email, $pass)
    {
        $this->userModel = $userModel;
        $this->email = $email;
        $this->pass = $pass;
    }

    public function authenticate()
    {
        $user = $this->userModel->getByEmailAndPassword($this->email, $this->pass);
        if ($user){
            return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $user);
        } else {
            return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, null);
        }
    }
}

然后在你的控制器中:

public function loginAction()
{
    $form = new Application_Form_UserLogin();
    if ($this->_request->isPost()) {
        if ($form->isValid($this->_request->getPost())) {
            $data = $form->getValues();
            $email = $data['email'];
            $pass = $data['pass'];
            $userModel = $this->_helper->model('Users');
            $authAdapter = new Application_Model_AuthAdapter($userModel, $email, $pass);
            $result = Zend_Auth::getInstance()->authenticate($adapter);
            if ($result->isValid()){
                // $user= $result->getIdentity(). Use it how you like.
                // Redirect someplace
            } else {
                $this->view->error = 'Invalid login';
            }
        }
    }
    $this->view->form = $form;
}

有关更多详细信息,请参阅Zend_Auth 参考

于 2013-01-08T21:04:28.727 回答