Ive just finished my new Authentication Adapter which uses Salted Passwords stored in DB to make theapplication more secure.

After reading documentations and a few Tutorials, ive found out that Zend_Auth comes with support for that type of passwords out of the box which is really nice and handy.

Here is a short tutorial for the use of Salted Passwords with the Zend Auth DB Table Adapter

First create a MySQL Table with the following fields:

username, password, passwordsalt

in your bootstrap.php or index.php File instantiate the Zend_Auth instance

// Somewhere in your bootstrab or index file (but after Registry Instantiate)
Zend_Loader::loadClass( 'Zend_Auth');
Zend_Registry::getInstance()->set( 'Zend_Auth', Zend_Auth::getInstance() );
 
// Attach a Storage to the Authadapter
Zend_Loader::loadClass( 'Zend_Auth_Storage_Session' );
 Zend_Registry::getInstance()->Zend_Auth->setStorage( new Zend_Auth_Storage_Session( 'usersession' ) );

Create a LoginController.php file in your application directory

require_once( 'Zend/Controller/Action.php' );
class My_LoginController extends Zend_Controller_Action
{
    public function indexAction() {
        // Display your loginform here
    }
    public function loginAction() {
        // I assume that you have already create a working DB Adapter.
        // I use $dbadaper for my Zend_Db Adapter
 
        // Get the Database Table Adapter for Zend_Auth
        Zend_Loader::loadClass( 'Zend_Auth_Adapter_DbTable' );
        $authadapter = new Zend_Auth_Adapter_DbTable( $dbadapter );
 
        // Assign the authentication informations to the adapter
        $authadapter
             ->setTableName( 'usertable' )
             ->setIdentityColumn( 'username' )
             ->setCredentialColumn( 'password' )
             ->setCredentialTreatment( "MD5( CONCAT( MD5( ? ) , MD5( passwordsalt ) ) )");
 
        // Give the adapter the username and the password
        $username = $this->_getParam( 'username' );
        $password = $this->_getParam( 'password' );
        $authadapter
            ->setIdentity( $username )
            ->setCredential( $password );
 
        // Check it
        $result = Zend_Registry::getInstance()->Zend_Auth->authenticate( $authadapter );
 
        if ( $result->isValid() ) {
            // It is a valid login, store it in the auth storage, but dont save the password and the salt
            Zend_Registry::getInstance()->Zend_Auth->getStorage()->write(
                $authadapter->getResultRowObject( null, array( 'password', 'passwordsalt' ) );
            // Redirect to start page
            $this->_redirect( '/' );
        } else {
            // Not valid, show the loginform
            $this->view->errormessage = "Username or Password false.";
            return $this->indexAction();
        }
    }
}
?>