CODEWITHSUNDEEP
phpzend-frameworkzend-formzend-validate
8bitjunkie
8bitjunkie

Reputation: 13245

Zend - Can you use a validator to check a username password combination in a Zend_Form?

I have examined Zend Framework: Zend_Validate_Db_RecordExists and Zend_Validate_Db_NoRecordExists, and observed that you can check columns in a database table to see if the value in your form appears in a named column.

I have also observed that you can exclude a row based on the value of another column in the same row.

Is it possible to validate that a password matches a username using these validators?

So far, in my form, if a user inputs a correct username and a correct password (but not neccessarily the password for this username!) the form validates the input. Obviously for a login form or a username/token activation form, the token or password must match the username in the same row!

Thanks.

$this->addElement('text', 'handle', array( 

    'label' => 'Username:', 

    'required' => true, 

    'filters' => array('StringTrim'), 

    'validators' => array(  

        array(

            'NotEmpty', true, array('messages' => 'You must enter your username.')

        ),

        array(

                'Db_RecordExists', 

                false, 

                array (

                    'member_activation',

                    'member_username'
                    )

                )

        )           

    ));

$this->addElement('text', 'validationCode', array( 

    'label' => 'Code:', 

    'required' => true, 

    'filters' => array('StringTrim'), 

    'validators' => array(  

        array(

            'NotEmpty', true, array('messages' => 'You must enter your validation code.')

        ),

        array(

                'Db_RecordExists', 

                false, 

                array (

                    'member_activation',

                    'member_validationcode'
                    )

                )

        )           

    ));

Upvotes: 1

Views: 922

Answers (2)

jere
jere

Reputation: 4304

If you stick validation in your Zend_Form you are making it dependant on your underlying Framework which (from a Domain Driven Design point of view) is not a good thing since you are coupling part of your domain logic to an external resource of your application.

Upvotes: 0

timdev
timdev

Reputation: 62894

Could you shoehorn authentication into Zend_Validate? Absolutely?

Should you? Hell no.

If you do, you're commingling concerns. The Zend_Validate_Db_RecordExists stuff is actually kind of border-line, but it's convenient.

But once you go down the road you're considering, almost everything becomes validation, when it really isn't. You could find yourself shoehorning all sorts of things, like ACL checks, etc.

Validation should be concerned, almost always, with the format of things. Adding dependencies on data-persistence, and ACL system, or anything else, is just going to increase cohesion. That will make it harder to test, debug, or change your code.

Use Zend_Validate for validation stuff. Make sure strings aren't too long. Make sure these ints are >= 0. Make sure that a US phone number has ten digits.

But if you need to do deeper checks, that dig into your persistence layer, and are all about your business logic, you're better off doing that somewhere far away from simple form validation.

Upvotes: 2

Related Questions