attempting to do.
Basically, if the user is already logged in, they are past the point of
"authentication", or, "ensuring the validity of an identity to persist".
What you are doing here is a job more specific to the user model itself.
While you are free to piggy back this functionality into the Zend_Auth
layer components, I think it better fits in like this:
Your controller would
class UserService {
public function changePassword(User $u, $oldPassword, $newPassword,
$confirmPassword) {
// ensure passwords are the same, old password is ok
// update the password in the user object
// persist user object somehow
}
}
which would interact with a model via the user object:
class User {
protected $_password;
public function setPassword($password) {}
public function getPassword() {}
}
That way you are not putting this logic inside of authentication.
-ralph
On 11/5/10 9:17 AM, Fozzyuw wrote:
>
> Hi all,
>
> Here's a seemingly simple question.
>
> I have a "update your password" form. It asks for:
>
> * The current password
> * The new password
> * Confirm the new password (repeat it for comparison)
>
> What I do is simple:
>
> Zend_Form validates the password rules and that the confirmation password
> matches.
> I call Zend_Auth to see if the current password is valid.
> I update the password if all things are valid.
>
> The problem I've encountered is that Zend_Auth will kill the session with
> the "->isValid()" method if the password entered is wrong.
>
> In other words, if you want to change your password, and you miss-typed the
> current password, you will be logged out of the account because Zend_Auth
> failed.
>
> Is there a way to simply ask Zend_Auth to validate the credentials without
> effecting the session?
>
> I've not cracked open the Zend_Auth code, but I've tried to search for any
> one asking this same question and I'm either not asking the right keywords
> to search or it's just not that frequently asked.
>
> One obvious thing I can do is simply not use Zend_Auth, just do simple SQL
> password comparison using Zend_Db, which is fine, but I feel like it just
> makes more sense using Zend_Auth.
>
> Thanks in advance for any discussion on this topic!
> Cheers!
> Fozzy
>
>
没有评论:
发表评论