Home/ Questions/Q 6005093
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T01:21:16+00:00

I have a web application with a homemade user module. Users are stored in

  • 0

I have a web application with a homemade user module. Users are stored in a MySQL database with passwords binary encoded (by default sha256, however we have support for other algorithms; e.g. password stored as MD5 string).

So far so good, but now we want to act our application as OpenId provider, providing the accounts from our user module.

Since we use Zend Framework i guessed it shouldnt be that hard to write a custom storage adapater using a database backend (i.e. OurNamespace_OpenId_Provider_Storage_Db extends Zend_OpenId_Provider_Storage) however Zend_OpenId_Provider::login(id, password) is delagating to Zend_OpenId_Provider_Storage::checkUser(id, md5(id.password))

So in OurNamespace_OpenId_Provider_Storage_Db::checkUser() the second argument, the password, is provided as md5 string including a salt (openid) which i cannot check in our own user table.. passwords are stored differently…

What would be common/best practice to solve this issue/workaround it?

Thanks in advance!

// Roland

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I had the same problem as you. Since we cannot just extend Zend_OpenId_Provider and overwrite checkUser(), I fixed it in an ugly way.

    I copied Zend_OpenId_Provider to NameSpace_OpenId_Provider, edited checkUser(), and used that instead.

    PS: Somebody filed a bug, maybe we will see something out of it. http://framework.zend.com/issues/browse/ZF-10232

    • 0