ZF-1680: Zend_Auth_Adapter_DbTable authenticate active users only
In most cases, when a user signs-up to a website, he becomes active only after confirmation (for example after providing a code that has been sent via email). Before confirmation, there is a field "status" in the users table set to "off" or "inactive". As soon as the user confirms his account, the "status" field is set to "on" or "active".
The problem with the authenticate() method is that it only checks the identity, credential and applies an optional treatment. So in the case described above, an unactive user would be authenticated successfully.
I think there should be a 5th optional parameter, some kind of "where" statement. Example:
$authAdapter->setTableName('doby') ->setIdentityColumn('username') ->setCredentialColumn('password') ->setCondition('status = ?', $statusValue); // $statusValue = 'on'
As the framework works actually, to have the authenticate method work as expected, I need to have 2 tables: one with the unconfirmed users, and one with the confirmed, and then searching the confirmed table for authentication. This is not very practical.
I hope you find this proposal interesting and useful.