This is quick example of how to do a very simple authentication in Zend Framework. It doesn't user external database for getting the credentials, although you can make it very easily to read data in the Auth adapter from an external file or MySQL database.

So, firstly we will create our authentication adapter:
// library/My/Auth/Adapter.php

class My_Auth_Adapter implements Zend_Auth_Adapter_Interface {
protected $_username;
protected $_password;

public function __construct($options){

public function authenticate(){

if(!isset($users[$this->_username])) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND,$this->_username);

if(isset($users[$this->_username]) && $users[$this->_username] != $this->_password) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID,$this->_username);

if(isset($users[$this->_username]) && $users[$this->_username] == $this->_password) {
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS,$this->_username);

return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED,$this->_username);
Next, we'll create a login form:
// library/My/Form/LoginForm.php

class My_Form_LoginForm extends Zend_Form {
public function init()
$username = $this->addElement('text', 'username', array(
'filters' => array('StringTrim', 'StringToLower'),
'validators' => array(
array('StringLength', false, array(3, 20)),
'required' => true,
'label' => 'Username:',

$password = $this->addElement('password', 'password', array(
'filters' => array('StringTrim'),
'validators' => array(
array('StringLength', false, array(6, 20)),
'required' => true,
'label' => 'Password:',

$login = $this->addElement('submit', 'login', array(
'required' => false,
'ignore' => true,
'label' => 'Login',

// We want to display a 'failed authentication' message if necessary;
// we'll do that with the form 'description', so we need to add that
// decorator.
array('HtmlTag', array('tag' => 'dl', 'class' => 'zend_form')),
array('Description', array('placement' => 'prepend')),
Next, we have to tell ZF where to find our custom classes, so we put in the bootstrap.php:

// application/bootstrap.php

/* Set up autoload so we don't have to explicitely require each Zend Framework class */
require_once "../library/Zend/Loader/Autoloader.php";
$autoloader = Zend_Loader_Autoloader::getInstance();

And now the final touch, the controller. We'll need there two things:

  • preDispatch hook to check if the user is authenticated (i'm assuming that every action in AdminController needs authentication)
  • login action that is in fact displaying and processing the form

So, here goes:

hasIdentity()) {
            // If the user is not authenticated redirect to the login form
        	if ('login' != $this->getRequest()->getActionName()) {
	public function indexAction(){

	public function  loginAction(){
        $request = $this->getRequest();
	$this->view->form = new My_Form_LoginForm(array('method' => 'post'));
        // Check if we have a POST request
        // if not, display login form
        if (!$request->isPost()) {
        	return $this->render("login");

        // Get our form and validate it
        if (!$this->view->form->isValid($request->getPost())) {
            // Invalid entries - render form
            return $this->render('login'); // re-render the login form

        // Get our authentication adapter and check credentials
        $adapter = new My_Auth_Adapter($this->view->form->getValues());
        $auth    = Zend_Auth::getInstance();
        $result  = $auth->authenticate($adapter);
        if (!$result->isValid()) {
            // Invalid credentials
            $this->view->form->setDescription('Wrong login!');
            return $this->render('login'); // re-render the login form

        // We're authenticated! Redirect to the admin/index action 
        $this->_helper->redirector('index', 'admin');
    public function  logoutAction(){
        $this->_helper->redirector('index','index'); // back to login page

That's all!
But remember, this is only a simple authentication.
You have to remember about making it more secure via enforcing HTTPS connection!