Comments on: Logging in users via Zend_Auth without Sessions in PHP / Zend Framework http://marcuswelz.com/2009/01/03/logging-in-users-via-zend_auth-without-sessions-in-php-zend-framework/ software imagineer Thu, 10 May 2012 04:35:59 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Roland Deschain http://marcuswelz.com/2009/01/03/logging-in-users-via-zend_auth-without-sessions-in-php-zend-framework/comment-page-1/#comment-5524 Roland Deschain Sun, 19 Sep 2010 16:12:59 +0000 http://metaversedeveloper.com/?p=274#comment-5524 it's sort of deadpost, but i just found this code and it is very useful, Thanks! I just want to suggest, that line 167 should look like : <code>$this->_cached = base64_decode($contents);</code> so you can read string insteand of coded string using Zend_Auth::getInstance()->getIdentity Cheers :) it's sort of deadpost, but i just found this code and it is very useful, Thanks!
I just want to suggest, that line 167 should look like :
$this->_cached = base64_decode($contents);
so you can read string insteand of coded string using Zend_Auth::getInstance()->getIdentity
Cheers :)

]]> By: marcus http://marcuswelz.com/2009/01/03/logging-in-users-via-zend_auth-without-sessions-in-php-zend-framework/comment-page-1/#comment-1439 marcus Wed, 06 May 2009 00:06:13 +0000 http://metaversedeveloper.com/?p=274#comment-1439 Thanks for pointing that out, Cliff, I appreciate it. I've updated the code. As one might imagine, the base64 encoding was an untested last-minute change that I am not using in my production code because of the overhead. Keeping the identity (say, just a username) in clear text also allows for some neat features, such as the ability to read it out via Javascript and update otherwise static HTML with a seemingly dynamic header. I'll save that for another post. Thanks for pointing that out, Cliff, I appreciate it. I've updated the code.

As one might imagine, the base64 encoding was an untested last-minute change that I am not using in my production code because of the overhead.

Keeping the identity (say, just a username) in clear text also allows for some neat features, such as the ability to read it out via Javascript and update otherwise static HTML with a seemingly dynamic header. I'll save that for another post.

]]> By: Cliff http://marcuswelz.com/2009/01/03/logging-in-users-via-zend_auth-without-sessions-in-php-zend-framework/comment-page-1/#comment-1224 Cliff Tue, 28 Apr 2009 12:31:03 +0000 http://metaversedeveloper.com/?p=274#comment-1224 Just a heads up. In line 189 (writing the cookie): you base64_encode() the $contents _after_ you've created the MD5 hash. In line 166 (reading the cookie): you don't base64_decode() the $contents before performing the MD5 to compare against the checksum held in the cookie. Line 166-167 should be: if (md5(base64_decode($contents) . $now . $this->_secret) == $checksum) { $this->_cached = $contents; } ~ Cliff Just a heads up.

In line 189 (writing the cookie): you base64_encode() the $contents _after_ you've created the MD5 hash.

In line 166 (reading the cookie): you don't base64_decode() the $contents before performing the MD5 to compare against the checksum held in the cookie.

Line 166-167 should be:
if (md5(base64_decode($contents) . $now . $this->_secret) == $checksum) {
$this->_cached = $contents;
}

~ Cliff

]]>