epwzf20

15// If account is found, generate recovery key and mail it to

16// the user

17if ($account)

18{

19

20// Generate a random password

21$account->setRecovery($this->_helper->generateID(32));

23$this->em->persist($account);

24$this->em->flush();

25

26// Create a new mail object

27$mail = new Zend_Mail();

29// Set the e-mail from address, to address, and subject

30$mail->setFrom(Zend_Registry::get('config')->email->support);

31$mail->addTo($form->getValue('email'));

32$mail->setSubject("GameNomad: Generate a new password");

33

34// Retrieve the e-mail message text

35include "_email_lost_password.phtml";

37// Set the e-mail message text

38 $mail->setBodyText($email);

39

40// Send the e-mail

41$mail->send();

42

43$this->_helper->flashMessenger

44->addMessage('Check your e-mail for further instructions');

45$this->_helper->redirector('login', 'account');

46

47 }

48

49} else {

50$this->view->errors = $form->getErrors();

51}

The e-mail message sent to the user is found within the file _email_lost_password.phtml (and included into the lost action on line 34). When sent to the user the e-mail looks similar to that found in Figure 8.3.

associated with the recovery key passed along as part of the one-time URL. If an account is found, a random eight-character password will be generated and sent to the e-mail address associated with the account. The recover action code is presented next. As was the case with the lost action, there's nothing new worth discussing in the recover action, so I'll just provide the code for your perusal:

09$account = $this->em->getRepository('Entities\Account')

10->findOneByRecovery($key);

11

12// If account is found, generate recovery key and mail it to

13// the user

14if ($account)

15{

16

17// Generate a random password

18$password = $this->_helper->generateID(8);

19$account->setPassword($password);

20

21// Erase the recovery key

22$account->setRecovery("");

24// Save the account

25$this->em->persist($account);

26$this->em->flush();

27

28// Create a new mail object

29$mail = new Zend_Mail();

30

31// Set the e-mail from address, to address, and subject

32$mail->setFrom(Zend_Registry::get('config')->email->support);

33$mail->addTo($account->getEmail());

34$mail->setSubject("GameNomad: Your password has been reset");

36// Retrieve the e-mail message text

37include "_email_recover_password.phtml";

39// Set the e-mail message text

40 $mail->setBodyText($email);

41

42 // Send the e-mail

45$this->_helper->flashMessenger->addMessage(

46Zend_Registry::get('config')->messages

47->account->password->reset

48);

49$this->_helper->redirector('login', 'account');

55// Either a blank key or non-existent key was provided

56$this->_helper->flashMessenger->addMessage(

57Zend_Registry::get('config')

58->messages->account->password->nokey

59);

60$this->_helper->redirector('login', 'account');

61

62 }

Testing Your Work

While a user may forgive the occasionally misaligned graphic or other minor error, broken account management features are sure to be wildly frustrating and perhaps grounds for checking out a competing website. Therefore given the mission-critical importance of the features introduced in this chapter, you're going to want to put them through a rigorous testing procedure to make sure everything is working properly. In this section I'll guide you through several of the most important tests.

Making Sure the Login Form Exists

Because it's not possible for the user to login if the login form is inexplicably missing, consider running a simple sanity check to confirm the login form is indeed being rendered within the login view. You can use the assertQueryCount() method to confirm that a particular element and associated DIV ID exist within the rendered page, as demonstrated here:

public function testLoginActionContainsLoginForm()

{

$this->dispatch('/account/login'); $this->assertQueryCount('form#login', 1); $this->assertQueryCount('input[name~="email"]', 1); $this->assertQueryCount('input[name~="password"]', 1); $this->assertQueryCount('input[name~="submit"]', 1);

}

Testing the Login Process

Logically you'll want to make sure your login form is operating flawlessly, as there are few issues more frustrating to users than the inability to access their account due to no fault of their own. Thankfully it's really easy to determine whether the login form has successfully authenticated a user, because the action will only redirect the user to the home page if the credentials are deemed valid. The following test will POST a set of valid credentials to the Account controller's login action. Because they are valid, we will assert that the redirection has indeed occurred (using the assertRedirectTo() method).

public function testValidLoginRedirectsToHomePage()

{

$this->request->setMethod('POST') ->setPost(array(

'email' => 'wj@wjgilmore.com', 'pswd' => 'secret',

'public' => 0 ));

$this->dispatch('/account/login');

$this->assertController('account'); $this->assertAction('login');

$this->assertRedirectTo('/account/friends');

}

Because chances are you're going to want to test parts of the application which are only available to authenticated users, you can create a private method within your test controller which can be executed as desired within other tests, thereby consolidating the login-specific task. For instance, here's what my login-specific method looks like:

private function _loginValidUser()

{

$this->request->setMethod('POST') ->setPost(array(

'email' => 'wj@wjgilmore.com', 'pswd' => 'secret',

'public' => 0

));

Nonetheless, repeatedly manually entering this data in order to thoroughly test the registration form is an impractical use of time, and so you can instead create a test which can verify that the form is properly receiving valid registration data and adding it to the database. Of course, this is only part of the registration process, because the user also needs to confirm his e-mail address by clicking on a one-time URL before he can login to the GameNomad website. I'll talk more about the matter of model manipulation in Chapter 11. For the moment let's focus on making sure the form is working properly.

We know that the action should redirect the user to the login page if registration is successful, and so can create a test which determines whether the redirection occurs following registration:

public function testUsersCanRegisterWhenUsingValidData()

{

$this->request->setMethod('POST')

$this->dispatch('/account/register');

$this->assertRedirectTo('/account/login');

}

Test Your Knowledge

Test your understanding of the concepts introduced in this chapter by answering the following questions. You can find the answers in the back of the book.

•Explain how Zend_Auth knows which table and columns should be used when authenticating a user against a database.

•At a minimum, what are the five features you'll need to implement in order to offer basic user account management capabilities?

•Talk about the important role played by the account table's recovery column within several features described within this chapter.

Chapter 9. Creating Rich User Interfaces with JavaScript and Ajax

There's no use hiding it; I hate JavaScript. In years past, its frightful syntax and awkward debugging requirements had brought me to the sheer edge of insanity on more than one occasion. I'm not alone; the language is widely acknowledged for its ability to cause even the most even-tempered programmer to spew profanity. To put the scope of the frustration brought about by this language another way, consider the impressive promotion of non-violent protest espoused by the likes of John Lennon. I speculate this penchant for pacifism was at least in part attributed to his unfamiliarity with JavaScript.

Yet today there is really no way to call yourself a modern web developer and avoid the language. In fact, while you might over the course of various projects alternate between several web frameworks such as the Zend Framework, Grails (http://www.grails.org/) and Rails (http:// www.rubyonrails.org/), JavaScript will likely be the common thread shared by all projects. This is because JavaScript is the special sauce behind the techniques used to create highly interactive web pages collectively known as Ajax.

Ajax makes it possible to build websites which behave in a manner similar to desktop applications, which offer a far more powerful and diverse array of user interface features such as data grids, autocomplete, and interactive graphs. Indeed, users of popular services such as Gmail, Flickr, and Facebook have quickly grown accustomed to these cutting-edge features. In order to stay competitive, you'll want to integrate similar features into your website so as to help attract and maintain an audience who has come to consider rich interactivity the norm rather than a novelty.

This puts us in a bit of a quandary: coding in JavaScript can be a drag, but it's become an unavoidable part of modern web development. Fortunately, many other programmers have come to the same conclusion, and so have put a great deal of work into building several powerful JavaScript frameworks which go a long way towards streamlining JavaScript's scary syntax.

In this chapter I'll introduce you JavaScript and the Ajax development paradigm, focusing on the popular jQuery JavaScript framework (http://www.jquery.com). jQuery happens to be so easy to use that it almost makes JavaScript development fun!