check this out. http://www.symfony-project.org/plugins/sfGuardPlugin <http://www.symfony-project.org/plugins/sfGuardPlugin>by modifing the sfGuardPlugin, you make a mistake, because you woun't be able to update it.
<http://www.symfony-project.org/plugins/sfGuardPlugin> Secure some modules or your entire application in security.yml default: is_secure: on Check out the docs & mail list archive, there is a "has_credentials" or "require credential' setting for your yaml config. alecs On Sat, Jun 20, 2009 at 5:56 PM, dziobacz <aaabbbcccda...@gmail.com> wrote: > > Standard signin() method looks: > > class BasesfGuardAuthActions extends sfActions > { > public function executeSignin($request) > { > $user = $this->getUser(); > if ($user->isAuthenticated()) > { > return $this->redirect('@homepage'); > } > > $class = sfConfig::get('app_sf_guard_plugin_signin_form', > 'sfGuardFormSignin'); > $this->form = new $class(); > > if ($request->isMethod('post')) > { > $this->form->bind($request->getParameter('signin')); > if ($this->form->isValid()) > { > $values = $this->form->getValues(); > $remember = isset($values['remember']) ? $values['remember'] : > false; > > $this->getUser()->signin($values['user'], $remember); > > $signinUrl = sfConfig::get > ('app_sf_guard_plugin_success_signin_url', $user->getReferer($request- > >getReferer())); > > return $this->redirect('' != $signinUrl ? $signinUrl : > '@homepage'); > } > } > else > { > if ($request->isXmlHttpRequest()) > { > $this->getResponse()->setHeaderOnly(true); > $this->getResponse()->setStatusCode(401); > > return sfView::NONE; > } > > $user->setReferer($request->getReferer()); > > $module = sfConfig::get('sf_login_module'); > if ($this->getModuleName() != $module) > { > return $this->redirect($module.'/'.sfConfig::get > ('sf_login_action')); > } > > $this->getResponse()->setStatusCode(401); > } > } > > .................... > } > > > In my application admin has 'high' credentials. So in \sf_sandbox\apps > \frontend\modules I created sfGuardAuth\actions\actions.class.php > with that code: > > > class sfGuardAuthActions extends BasesfGuardAuthActions > { > public function executeSignin($request) > { > $user = $this->getUser(); > if ($user->isAuthenticated()) > { > return $this->redirect('@homepage'); > } > > $class = sfConfig::get('app_sf_guard_plugin_signin_form', > 'sfGuardFormSignin'); > $this->form = new $class(); > > if ($request->isMethod('post')) > { > $this->form->bind($request->getParameter('signin')); > if ($this->form->isValid()) > { > $values = $this->form->getValues(); > $remember = isset($values['remember']) ? $values['remember'] : > false; > > $this->getUser()->signin($values['user'], $remember); > > $signinUrl = sfConfig::get > ('app_sf_guard_plugin_success_signin_url', $user->getReferer($request- > >getReferer())); > > > /////////////////////////////////////////////////////////////////////////////////// > //MINE ADDED CODE: > > if(!$this->getUser()->hasCredential('high')) > { > $this->getUser()->setFlash('news1', 'Only admin can > login.'); > $this->getUser()->setAuthenticated(false); > } > > > ///////////////////////////////////////////////////////////////////////////////////// > > return $this->redirect('' != $signinUrl ? $signinUrl : > '@homepage'); > } > } > else > { > if ($request->isXmlHttpRequest()) > { > $this->getResponse()->setHeaderOnly(true); > $this->getResponse()->setStatusCode(401); > > return sfView::NONE; > } > > $user->setReferer($request->getReferer()); > > $module = sfConfig::get('sf_login_module'); > if ($this->getModuleName() != $module) > { > return $this->redirect($module.'/'.sfConfig::get > ('sf_login_action')); > } > > $this->getResponse()->setStatusCode(401); > } > } > > } > > > Something like that or I should change something ? It works but is it > correct ? I want make sure because security is very important. > > > -- I am on twitter: http://twitter.com/alecslupu I am on linkedIn: http://www.linkedin.com/in/alecslupu Tel: (+4)0748.543.798 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
