Zend_Auth_Adapter_DbTable and PHP crypt

Question

I am hashing my passwords in a Zend php application using PHP crypt(). However, I can't think of a solution for using this hash with Zend_Auth_Adapter_DbTable. Assuming I have a password hash stored after being run with crypt()...

    //Salt and hash...
    $salt = '$2a$07$'.$this->getSalt();
    $data['password'] = crypt($user_object->password, $salt);
    $this->_db_table->insert($data);

    //Authentication...
    $dbAdapter = Zend_Db_Table::getDefaultAdapter();
    $authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);
    $authAdapter->setTableName('users')
                ->setIdentityColumn('username')
                ->setCredentialColumn('password')
                //Now what? Possibly...
                ->setCredentialTreatment(/* But how? */);

How can I use the Zend_Auth_Adapter_DbTable table object with this kind of salting and hashing strategy? I've looked around, but can't really find any solutions outside of MD5 and SHA type hashing...

Answer 1

If you are storing the Salt in the user table, you should create your own adapter

If you have the salt somewhere else you just need to encrypt the password and then just pass it to the adapter with

$authAdapter->setCredential($cryptedPassword);

I have the same issue a couple of weeks ago, i ended up creating my own adapter, extending Zend_Auth_Adapter_DbTable

I actually backported the ZF2 Bcrypt lib but you should be able to use it with crypt method.

Take a look if you want AuthAdapter-DbTableBcrypt