bytte wrote:
I've created a basic login system using Zend_Auth and Zend_Acl and now
I'm
wondering what's the best way to expand my login form with these two
extra
functionalities:
- "keep me logged in on this computer" feature
- password reset if visitor has forgotten password
These two things seem pretty standard in every web application that needs
authentication so I had hoped to see these built in into the
framework. Yet
I can't find any documentation on this matter. It would be great if you
could point me in a direction or link to online tuts tackling the matter.
I solved this by creating a second cookie that has a persistent key id
in it. Then in the database I store a record with the key, user is,
expires date, and ip the key came from. If the user is logged out and
they send the persistent key cookie, I look up the record in the
database, if the ip matches (I zero out the lower bits to allow for
class C IP changing), check expire date. If all is good I log user in
automatically.
For password reset I just change the password and email him a new one.
Although I am thinking of the google model now where you ask personal
questions and allow him to change it to something if he answers correctly.
