Can anyone tell me what is the use of following statement and how it works in Zend Framework?
setCredentialTreatment('SHA1(CONCAT(?,
salt))');
Try like this:
$auth = Zend_Auth::getInstance();
$authAdapter = new Zend_Auth_Adapter_DbTable(
Zend_Db_Table::getDefaultAdapter(),
'users',
'username',
'password',
"CONCAT('$this->_salt', sha(?))"
);
$authAdapter->setIdentity($username)
->setCredential($password);
setCredentialTreatment tells the auth adapter how to check the user supplied password against the one in the database (or whatever passwords are being checked again). In your example, the ? is the placeholder representing the password and CONCAT() and SHA1() are both database functions. So this example will append the salt to the user-entered password and then hash them using SHA1.
This will result in a database query that looks similar to this:
SELECT id FROM users WHERE email = 'user@example.com' AND password = SHA1(CONCAT('password',salt))
You use setCredentialTreatment() to change how the passwords are checked. For example if your passwords are just straight MD5 hashes, you'd instead use:
setCredentialTreatment('MD5(?)');
来源:https://stackoverflow.com/questions/10701026/how-setcredentialtreatment-works-in-zend-framework