Zend Form old password verification

StackOverflow https://stackoverflow.com/questions/20431054

Question

How can i check if a specific record exists with Zend_Validate_Db_RecordExists?

Here is my code, i want to match old password before user changes it

 $oldpassexist = new Zend_Validate_Db_RecordExists(array(
            'table' => 'user',
            'field' => 'password',
                /** check if password matches
                 *  WHERE user_id = Auth::getuser()->id AND password = md5(THIS FIELD ENTRY) 
                 */
        ));
Was it helpful?

Solution

Adding another where clause is pretty easy. Zend_Validate_Db_RecordExists allows you to modify the Zend_Db_Select object that it uses internally. So you could write:

$oldpassexist = new Zend_Validate_Db_RecordExists(array(
        'table' => 'user',
        'field' => 'password',
    ));

// reset the where clause used by Zend_Validate_Db_RecordExists
$oldpassexist->getSelect()->reset('where');

// set user_id and password. :value is a named parameter that will be 
// substituted by the value passed to the isValid method
$oldpassexist->getSelect()->where('user_id = ?', Auth::getuser()->id);
$oldpassexist->getSelect()->where('password = MD5(:value)');

Which will query both the password as hashed MD5 as well as the user_id field. However, I think this solution is not really elegant. I would probably write my own Validator for this. In any case you should write thorough test cases to detect if the behavior of Zend_Validate_Db_RecordExists changes one day.

OTHER TIPS

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top