Zend_Auth_Adapter_DbTable and crypt($pass, $salt)

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Zend_Auth_Adapter_DbTable and crypt($pass, $salt)

Piotr Kabaciński
Hello,

Is it possible to force DbTable adapter to not verify password, just to
check if there is given login name or tu set my own verify-password method?
I have in user table column password but this password is crypted by php
function crypt().
Problem is becouse of salt. I can't compare crypted password before I
get salt in it.

Earlier i did something like this:
$ROW = "SELECT login, pass FROM user WHERE login=$login";
if ($ROW['pass'] == crypt($pass, $ROW['pass']))
   //it's ok

Have you ever had such a problem? Of course i can write my own adapter
or extends it on Zend_Auth_Adapter_DbTable but would me nice if this one
works fine.

greetings
--
Piotr Kabacinski
[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Zend_Auth_Adapter_DbTable and crypt($pass, $salt)

Hector Virgen
I haven't tested it, but you can probably use the credentialTreatment option, but it'd be a bit of a hack:

<?php
$authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);

$authAdapter
    ->setTableName('users')
    ->setIdentityColumn('username')
    ->setCredentialColumn('password') ->setCredentialTreatment('password') ;
?>
That (i think) would result in a SQL query that looks something like this:

SELECT * FROM users WHERE username = 'bob' AND password = password


On Sat, Oct 25, 2008 at 9:04 AM, Piotr Kabaciński <[hidden email]> wrote:
Hello,

Is it possible to force DbTable adapter to not verify password, just to check if there is given login name or tu set my own verify-password method?
I have in user table column password but this password is crypted by php function crypt().
Problem is becouse of salt. I can't compare crypted password before I get salt in it.

Earlier i did something like this:
$ROW = "SELECT login, pass FROM user WHERE login=$login";
if ($ROW['pass'] == crypt($pass, $ROW['pass']))
 //it's ok

Have you ever had such a problem? Of course i can write my own adapter or extends it on Zend_Auth_Adapter_DbTable but would me nice if this one works fine.

greetings
--
Piotr Kabacinski
[hidden email]




--
-Hector
--
Hector Virgen
Reply | Threaded
Open this post in threaded view
|

Re: Zend_Auth_Adapter_DbTable and crypt($pass, $salt)

Piotr Kabaciński
Hector Virgen wrote:

> I haven't tested it, but you can probably use the credentialTreatment
> option, but it'd be a bit of a hack:
>
> <?php
>
> |$authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);
>
>
> $authAdapter
>     ->setTableName('users')
>     ->setIdentityColumn('username')
>     ->setCredentialColumn('password')
>     ->setCredentialTreatment('password')
> ;|
>
> ?>
>
> That (i think) would result in a SQL query that looks something like this:
>
> SELECT * FROM users WHERE username = 'bob' AND password = password

In fact it's a little bit tricky but works. At last i wrote class which
override 2 methods: _authenticateCreateSelect() and
_authenticateValidateResult()

Now it works like i want at first.

thanks for advice
bye
--
Piotr Kabacinski
[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Zend_Auth_Adapter_DbTable and crypt($pass, $salt)

Arkanoid
I'm looking for the exact same thing. Could you post the class you made?

Thanks!