|

»

»

Zend Framework Community

»

Faking Authentication in Zend_Auth

View: New views

3 Messages — Rating Filter: Alert me

	Faking Authentication in Zend_Auth by wes007 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I'm verifying a user's account by having them click a link in an email they are sent. When they confirm their account, is there a built-in method that I can call to log them in without requiring them to enter their password? Thanks, Wes
	Re: Faking Authentication in Zend_Auth by Michael B Allen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On 3/22/08, wes007 <wes.ratcliff@...> wrote: > > I'm verifying a user's account by having them click a link in an email they > are sent. > > When they confirm their account, is there a built-in method that I can call > to log them in without requiring them to enter their password? No. I would just have them enter the password they just provided during registration. But I suppose you could generate a short-lived one-time md5 hash and include that in a link in the email like: http://www.example.com/user/activate/9e107d9d372bb6826bd81d3542a419d6 And use that as the basis for automatically logging in the user. But the security of such a method would be questionable. Anyone who intercepted the email would have a opportunity to steal the account. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/
	Re: Faking Authentication in Zend_Auth by wes007 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thanks for the replies, I wasn't sure if I was just overlooking a feature or if I needed to implement my own. I extended the DBTable adapter and added the ability to use a token as authentication. This also is handy for "remember me" functionality in a cookie which I also needed. Thanks again, Wes

LightInTheBox - Buy quality products at wholesale price!