Hello,
I have an authenfication controller in every module and each controller has
an authenfication script in its ini method. Now i wanted to change this ...
i wanted to use a plugin which should authentificate the user, so i wont
have to add the code in each ini method.
Heres the auth controller code:
function loginAction() {
print_r('<br />Session before:<br />');
Zend_Debug::dump($_SESSION);
$translate = Zend_Registry::get('Translate');
$layout = 'authlayout';
$this->changelayout($layout);
$form = new Admin_Form_AuthForm();
$form->setTranslator($translate);
$form->submit->setLabel('AUTH_SUBMIT');
$this->view->form = $form;
print_r('<br />Session after:<br />');
Zend_Debug::dump($_SESSION);
$config = Zend_Registry::get('Configuration');
$secret = $config['website']['secret'];
if($this->_request->isPost()) {
$formData = $this->_request->getPost();
if($form->isValid($formData)) {
$username =
$this->_request->getPost('login');
$password =
$this->_request->getPost('password').$secret;
$rememberme =
$this->_request->getPost('rememberme');
$dbAdapter =
Zend_Registry::get('dbAdapter');
$authAdapter = new
Zend_Auth_Adapter_DbTable($dbAdapter);
$authAdapter ->setTableName('auth');
$authAdapter ->setIdentityColumn('login');
$authAdapter
->setCredentialColumn('password');
// $authAdapter
->setcredentialTreatment('MD5(CONCAT(?, '.$secret.'))');
$authAdapter
->setcredentialTreatment('MD5(?)');
$authAdapter ->setIdentity($username);
$authAdapter ->setCredential($password);
$auth =
Zend_Auth::getInstance();
$result =
$auth->authenticate($authAdapter);
if($result->isValid()) {
//$data =
$authAdapter->getResultRowObject(null, 'password');
$data =
$authAdapter->getResultRowObject(array('authid',
'login','role', 'realname', 'gender', 'country', 'website', 'last_visit ',
'registration_date'));
$auth->getStorage()->write($data);
if ($rememberme) {
setcookie("Zend_Auth_RememberMe", 1209600, time()+86400, '/'); // set
cookie for 24h
}
$moduleName =
$this->getRequest()->getModuleName();
$language =
Zend_Registry::get('Language');
$this->_redirect('/'.$language.'/'.$moduleName);
} else {
$this->view->message =
$translate->_("AUTH_FAILED");
}
} else {
$form->populate(array());
}
}
}
---------------------------------------
before i had this code in each ini method, in every controller:
function preDispatch() {
// AUTH PREDISPATCHING
$auth = Zend_Auth::getInstance();
if (!$auth->hasIdentity()) {
$language = Zend_Registry::get('Language');
$this->_redirect('/'.$language.'/admin/login/');
}
}
---------------------------------------
heres the code from my auth plugin:
public function dispatchLoopStartup(Zend_Controller_Request_Abstract
$request) {
$this->auth = Zend_Auth::getInstance();
if (!$this->auth->hasIdentity()) {
$request->setModuleName('admin');
$request->setControllerName('auth');
$request->setActionName('login');
}
}
----------------------------
the form code:
class Admin_Form_AuthForm extends Zend_Form {
public function __construct($options = null) {
parent::__construct($options);
$this->setName('authform')
->setAttrib('accept-charset', 'UTF-8');
// ZEND FORM HASH CSRF PROTECTION
$config = Zend_Registry::get('Configuration');
$salt = $config['website']['secret'];
$hash = new Zend_Form_Element_Hash('hash', 'no_csrf_foo',
array('salt' => $salt));
$hash->clearDecorators();
$hash->setDecorators(
array(
'ViewHelper',
)
);
$login = new Zend_Form_Element_Text('login');
$login ->setLabel('AUTH_LOGIN')
->addFilter('StripTags')
->addFilter('StringTrim')
->setRequired(true)
->addValidator('NotEmpty')
->setAttrib('onblur',
'if(this.value==\'\'){this.value=\'suchbegriff
eingeben\';};')
->setAttrib('onfocus',
'if(this.value==\'suchbegriff
eingeben\'){this.value=\'\';};');
$password = new Zend_Form_Element_Password('password');
$password ->setLabel('AUTH_PASSWORD')
->addFilter('StripTags')
->addFilter('StringTrim')
->setRequired(true)
->addValidator('NotEmpty');
$remember = new Zend_Form_Element_Checkbox('rememberme');
$remember ->setLabel('AUTH_REMEMBER')
->addFilter('StripTags');
$submit = new Zend_Form_Element_Submit('submit');
$this->addElements(array($hash, $login, $password, $remember,
$submit));
}
}
----------------------------
If i open my browser and enter www.mysite.dev/admin/ (its a virtualhost on
my dev server), it opens show the form i have in my login action, the form
has an hash, but the session is empty, there is no hash in the session, so
if i click on the login button, the form validation fails.
before, when i was using the ini methods, i entered www.mysite.dev/admin/
and got redirected to www.mysite.dev/admin/login/ there was always a hash in
the session, and after clicking on login i got authentificated and also
redirected back to the www.mysite.dev/admin/ page.
but since i started using the plugin it doesnt work anymore, as i said, if i
open the page www.mysite.dev/admin/ its shows the form, but the session has
no hash, if i reload the page, then the session has a hash and validation of
the form does not fail anymore, the problem only occurs, if i start a fresh
browser session (closed all browser windows / tabs before)
any idea whats wrong? ;)
--
View this message in context:
http://www.nabble.com/authentification-plugin-fails%2C-because-form-hash-is-not-in-session--tp23672630p23672630.html
Sent from the Zend Framework mailing list archive at Nabble.com.
