Created by Evan Coury and the ZF-Commons team
ZfcUser is a user registration and authentication module for Zend Framework 2. Out of the box, ZfcUser works with Zend\Db, however alternative storage adapter modules are available (see below). ZfcUser provides the foundations for adding user authentication and registration to your ZF2 site. It is designed to be very simple and easy to extend.
More information and examples are available on the ZfcUser Wiki
Please use below table to figure out what version of ZfcUser you should use.
ZfcUser version | Supported Zend Framework version | Status |
---|---|---|
1.x | <= 2.5 | Security-fixes only |
2.x | >= 2.6 < 3 | bug-fixes, security-fixes |
3.x | >= 3 | New features, bug-fixes, security-fixes |
By default, ZfcUser ships with support for using Zend\Db for persisting users. However, by installing an optional alternative storage adapter module, you can take advantage of other methods of persisting users:
./vendor/
../vendor/
directory.Add this project and ZfcBase in your composer.json:
"require": {
"zf-commons/zfc-user": "^3.0"
}
Now tell composer to download ZfcUser by running the command:
$ php composer.phar update
Enabling it in your application.config.php
file.
<?php
return array(
'modules' => array(
// ...
'ZfcUser',
),
// ...
);
Then Import the SQL schema located in ./vendor/zf-commons/zfc-user/data/schema.sql
(if you installed using the Composer) or in ./vendor/ZfcUser/data/schema.sql
.
Coming soon...
Coming soon...
./config/autoload/database.local.php
:<?php
return array(
'db' => array(
'driver' => 'PdoMysql',
'hostname' => 'changeme',
'database' => 'changeme',
'username' => 'changeme',
'password' => 'changeme',
),
'service_manager' => array(
'factories' => array(
'Zend\Db\Adapter\Adapter' => 'Zend\Db\Adapter\AdapterServiceFactory',
),
),
);
Navigate to http://yourproject/user and you should land on a login page.
DO NOT CHANGE THE PASSWORD HASH SETTINGS FROM THEIR DEFAULTS unless A) you have done sufficient research and fully understand exactly what you are changing, AND B) you have a very specific reason to deviate from the default settings.
If you are planning on changing the default password hash settings, please read the following:
The password hash settings may be changed at any time without invalidating existing user accounts. Existing user passwords will be re-hashed automatically on their next successful login.
WARNING: Changing the default password hash settings can cause serious problems such as making your hashed passwords more vulnerable to brute force attacks or making hashing so expensive that login and registration is unacceptably slow for users and produces a large burden on your server(s). The default settings provided are a very reasonable balance between the two, suitable for computing power in 2013.
The ZfcUser module has some options to allow you to quickly customize the basic
functionality. After installing ZfcUser, copy
./vendor/zf-commons/zfc-user/config/zfcuser.global.php.dist
to
./config/autoload/zfcuser.global.php
and change the values as desired.
The following options are available:
ZfcUser\Entity\User
.false
.false
.true
.false
.true
. (Note,
right now this only utilizes a weak Zend\Text\Figlet CAPTCHA, but I have plans
to make all Zend\Captcha adapters work.)10
(about 10 hashes per second on an i5).NOTICE These instructions are currently out of date.
By default, the user registration uses the Figlet captcha engine. This is because it's the only one that doesn't require API keys. It's possible to change out the captcha engine with DI. For example, to change to Recaptcha, you would add this to one of your configuration files (global.config.php, module.config.php, or a dedicated recaptcha.config.php):
<?php
// ./config/autoload/recaptcha.config.php
return array(
'di'=> array(
'instance'=>array(
'alias'=>array(
// OTHER ELEMENTS....
'recaptcha_element' => 'Zend\Form\Element\Captcha',
),
'recaptcha_element' => array(
'parameters' => array(
'spec' => 'captcha',
'options'=>array(
'label' => '',
'required' => true,
'order' => 500,
'captcha' => array(
'captcha' => 'ReCaptcha',
'privkey' => RECAPTCHA_PRIVATE_KEY,
'pubkey' => RECAPTCHA_PUBLIC_KEY,
),
),
),
),
'ZfcUser\Form\Register' => array(
'parameters' => array(
'captcha_element'=>'recaptcha_element',
),
),
),
),
);