Authentication fails in Zend for account confirmation

Question

I am stuck with this problem. When the login credentials are authenticated in my zend application , I also want to check if the account has been confirmed or not. Confirmed is a boolean column in my account table and is set to False by default. I am trying to achieve this through following code..but it is not working

    $db = Zend_Db_Table::getDefaultAdapter();
    $authAdapter = new Zend_Auth_Adapter_DbTable($db);
    $authAdapter->setTableName('Account');
    $authAdapter->setIdentityColumn('Email');
    $authAdapter->setCredentialColumn('Password');
    $authAdapter->setCredentialTreatment('Confirmed = 1');
    $authAdapter->setIdentity($data['email']);
    $authAdapter->setCredential($data['password']);
    $auth = Zend_Auth::getInstance();
    $result = $auth->authenticate($authAdapter);

    if ($result->isValid()) {
        if ($data['public'] == "1") {
            Zend_Session::rememberMe(Zend_Registry::getInstance()->constants->sessiontime);
        } else {
            Zend_Session::forgetMe();
        }
        return TRUE;
    } else {
        return FALSE;
    }

Despite the account not confirmed the authentication passes. Please tell me where am I wrong

Answer 1

The credential treatment parameter specifies how the password should be checked. You can override this to add additional clauses, but you still need to include the password bit. Really I wouldn't have expected your method to authenticate any users, so this may not be the main issue, but try:

$authAdapter->setCredentialTreatment('MD5(?) AND Confirmed = 1');

Changing the MD5 bit for however your passwords are encrypted. That should generate a query along the lines of:

... WHERE Email = 'xxx' AND Password = MD5(?) AND Confirmed = 1