Zend_Form password confirmation with .ini config - Can it be done?

Question

I set out writing a ZF (v1.10.3) application and chose to use Zend_Config_Ini to generate my Zend_Form objects. This was all well and good until I had to test for identical password inputs. This is the part that's misbehaving right now:

elements.password.type = password

elements.password2.type = password
elements.password2.options.validators.identical.validator = "Identical"
elements.password2.options.validators.identical.options.token = password

Instead of comparing the values of these two elements, it compares password2's value against the literal string "password". So any password except "password" gives me the following validation error:

The token 'password' does not match the given token '*******'

Is there a right way to do this? The only example of using Zend_Validate_Identical with Zend_Config_Ini that I found via Google was from a German website, and someone appeared to recommend the exact same "solution" as my failing code above.

I know there are plenty of ways to do this in PHP code, but I've committed myself pretty heavily to INI configuration at this point, and I'd rather not abandon it or make an exception unless I absolutely have to.

[EDIT] Here is my full newUserForm.ini:

method = "post"
id = "newUserForm"
accept-charset = "utf-8"

elements.username.type = "text"
elements.username.options.label = "Username"
elements.username.options.required = true
elements.username.options.validators.alnum = "Alnum"
elements.username.options.validators.strlen.validator = "StringLength"
elements.username.options.validators.strlen.options.min = "3"
elements.username.options.validators.strlen.options.max = "32"

elements.email.type = "text"
elements.email.options.label = "Email address"
elements.email.options.required = true
elements.email.options.validators.email.validator = "EmailAddress"

elements.password.type = "password"
elements.password.options.label = "Password"
elements.password.options.required = true
elements.password.options.validators.strlen.validator = "StringLength"
elements.password.options.validators.strlen.options.min = "6"

elements.password2.type = "password"
elements.password2.options.label = "Password (confirm)"
elements.password2.options.required = true
elements.password2.options.validators.identical.validator = "Identical"
elements.password2.options.validators.identical.options.token = password

elements.submit.type = "submit"
elements.submit.options.label = "Submit"

And here is my controller action:

public function indexAction()
{
    $formConfig = new Zend_Config_Ini(APPLICATION_PATH.'/configs/newUserForm.ini');
    $newUserForm = new Zend_Form($formConfig);
    $request = $this->getRequest();
    if ($request->isPost()) {
        if ($newUserForm->isValid($request->getPost())) {
            // create new user here
            $this->_helper->redirector('index', 'index');
        }
    }
    $this->view->newUserForm = $newUserForm;
}

Answer 1

I just tried this using something similar to your code and it seemed to work fine. I'm using ZF 1.10.6. So either there was an issue that has been fixed inbetween those two versions (but I can't see anything similar in the bug tracker), or there's something else in your code that's causing a problem. Can you post your full ini file and form code?

Here was my minimalist test script, for reference. Perhaps you could see if this works for you:

<?php
$view = new Zend_View();

$config = new Zend_Config_Ini('formtest.ini');
$form = new Zend_Form($config->user->signup);
$form->setView($view);

if (!empty($_POST)) {
    var_dump($form->isValid($_POST));
    var_dump($form->getValues());
}

echo $form;

formtest.ini:

user.signup.action = ""
user.signup.method = "post"
user.signup.elements.password.type = password
user.signup.elements.password2.type = password
user.signup.elements.password2.options.validators.identical.validator = "Identical"
user.signup.elements.password2.options.validators.identical.options.token = password
user.signup.elements.submit.type = "submit"

In this test, the form validates only if password2 is blank, or the two fields match. Also the error I get if they don't match is "The two given tokens do not match", which doesn't quite match yours. Not sure if that is relevant.