#db CREATE TABLE IF NOT EXISTS users ( id int(11) NOT NULL AUTO_INCREMENT, username varchar(50) NOT NULL, password varchar(50) NOT NULL, salt varchar(50) NOT NULL, role varchar(50) NOT NULL, date_created datetime NOT NULL, PRIMARY KEY (id) ) INSERT INTO users (username, password, salt, role, date_created) VALUES ('admin', SHA1('passwordce8d96d579d389e783f95b3772785783ea1a9854'), 'ce8d96d579d389e783f95b3772785783ea1a9854', 'administrator', NOW()); //to improve security, we are using a "salt" value with the password that the user uses to log in with #Application/modules/user/controllers/AuthController.php <?php class User_AuthController extends Zend_Controller_Action { public function indexAction() { $form = new Forms_Login(); $request = $this->getRequest(); if ($request->isPost()) { if ($form->isValid($request->getPost())) { $data = $form->getValues(); $db = Zend_Registry::get('dbAdapter'); $authAdapter = new Zend_Auth_Adapter_DbTable($db); $authAdapter->setTableName('user') ->setIdentityColumn('username') ->setCredentialColumn('password') ->setCredentialTreatment('SHA1(CONCAT(?, salt))') ; $authAdapter->setIdentity($data['username']); $authAdapter->setCredential($data['password']); $result = Zend_Auth::getInstance()->authenticate($authAdapter); if ($result) { switch($result->getCode()) { case Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND: echo 'identity not found'; break; case Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID: echo 'wrong password'; break; case Zend_Auth_Result::SUCCESS: $this->_redirect(_APP_URL . '/default/frontend/index'); break; default: echo 'auth failed'; break; } } } } $this->view->loginForm = $form; } } #Application/modules/user/Forms/Login.php <?php class Forms_Login extends Zend_Form { public function init() { $this->setName("login"); $this->setMethod('post'); $this->addElement('text', 'username', array( 'filters' => array('StringTrim', 'StringToLower'), 'validators' => array( array('StringLength', false, array(0, 50)), ), 'required' => true, 'label' => 'Username:', )); $this->addElement('password', 'password', array( 'filters' => array('StringTrim'), 'validators' => array( array('StringLength', false, array(0, 50)), ), 'required' => true, 'label' => 'Password:', )); $this->addElement('submit', 'login', array( 'required' => false, 'ignore' => true, 'label' => 'Login', )); } } #Application/modules/user/views/scripts/auth/login.phtml <?php echo $this->loginForm; #login url http://zfsite/user/auth