I thought of course about section 'Check the user password with an external method' hehe :)
How can I change it: $user = LDAP::getUser($username); ?? sfGuardUser::getUser($username) or what ? On 20 Cze, 19:41, Gábor Fási <maerl...@gmail.com> wrote: > Nope, I meant the one above: "Check the user password with an external method" > I guess anywhere in your lib folder, just make sure it's static, > callable and the autoload finds it. > > On Sat, Jun 20, 2009 at 19:15, dziobacz<aaabbbcccda...@gmail.com> wrote: > > > Is this section: 'Change the algorithm used to store passwords' on > >http://www.symfony-project.org/plugins/sfGuardPlugin?? > > But where can I place this function checkLDAPPassword($username, > > $password) ? In which file ? > > > On 20 Cze, 18:49, Gábor Fási <maerl...@gmail.com> wrote: > >> No, you shouldn't. > >> Check the docs again instead: you can tell sfGuard what function to > >> call to check the username/password, and there you can check if the > >> given user is admin or not. The error message will say that the given > >> user/pass is invalid instead of your 'only admin may login', but I > >> think that's good enough. > > >> On Sat, Jun 20, 2009 at 18:45, dziobacz<aaabbbcccda...@gmail.com> wrote: > > >> > I know about credentials - but with credentials user CAN login but he > >> > hasn't acces permission to pages. I thought about that user CAN'T > >> > login if he isn't admin or if was banned. You think that I shouldn't > >> > modify signin() method ?? > > >> > On 20 Cze, 17:32, Alexandru-Emil Lupu <gang.al...@gmail.com> wrote: > >> >> check this out.http://www.symfony-project.org/plugins/sfGuardPlugin > >> >> <http://www.symfony-project.org/plugins/sfGuardPlugin>by modifing the > >> >> sfGuardPlugin, you make a mistake, because you woun't be able to update > >> >> it. > > >> >> <http://www.symfony-project.org/plugins/sfGuardPlugin> > > >> >> Secure some modules or your entire application in security.yml > > >> >> default: > >> >> is_secure: on > > >> >> Check out the docs & mail list archive, there is a "has_credentials" or > >> >> "require credential' setting for your yaml config. > >> >> alecs > > >> >> On Sat, Jun 20, 2009 at 5:56 PM, dziobacz <aaabbbcccda...@gmail.com> > >> >> wrote: > > >> >> > Standard signin() method looks: > > >> >> > class BasesfGuardAuthActions extends sfActions > >> >> > { > >> >> > public function executeSignin($request) > >> >> > { > >> >> > $user = $this->getUser(); > >> >> > if ($user->isAuthenticated()) > >> >> > { > >> >> > return $this->redirect('@homepage'); > >> >> > } > > >> >> > $class = sfConfig::get('app_sf_guard_plugin_signin_form', > >> >> > 'sfGuardFormSignin'); > >> >> > $this->form = new $class(); > > >> >> > if ($request->isMethod('post')) > >> >> > { > >> >> > $this->form->bind($request->getParameter('signin')); > >> >> > if ($this->form->isValid()) > >> >> > { > >> >> > $values = $this->form->getValues(); > >> >> > $remember = isset($values['remember']) ? $values['remember'] : > >> >> > false; > > >> >> > $this->getUser()->signin($values['user'], $remember); > > >> >> > $signinUrl = sfConfig::get > >> >> > ('app_sf_guard_plugin_success_signin_url', $user->getReferer($request- > >> >> > >getReferer())); > > >> >> > return $this->redirect('' != $signinUrl ? $signinUrl : > >> >> > '@homepage'); > >> >> > } > >> >> > } > >> >> > else > >> >> > { > >> >> > if ($request->isXmlHttpRequest()) > >> >> > { > >> >> > $this->getResponse()->setHeaderOnly(true); > >> >> > $this->getResponse()->setStatusCode(401); > > >> >> > return sfView::NONE; > >> >> > } > > >> >> > $user->setReferer($request->getReferer()); > > >> >> > $module = sfConfig::get('sf_login_module'); > >> >> > if ($this->getModuleName() != $module) > >> >> > { > >> >> > return $this->redirect($module.'/'.sfConfig::get > >> >> > ('sf_login_action')); > >> >> > } > > >> >> > $this->getResponse()->setStatusCode(401); > >> >> > } > >> >> > } > > >> >> > .................... > >> >> > } > > >> >> > In my application admin has 'high' credentials. So in \sf_sandbox\apps > >> >> > \frontend\modules I created sfGuardAuth\actions\actions.class.php > >> >> > with that code: > > >> >> > class sfGuardAuthActions extends BasesfGuardAuthActions > >> >> > { > >> >> > public function executeSignin($request) > >> >> > { > >> >> > $user = $this->getUser(); > >> >> > if ($user->isAuthenticated()) > >> >> > { > >> >> > return $this->redirect('@homepage'); > >> >> > } > > >> >> > $class = sfConfig::get('app_sf_guard_plugin_signin_form', > >> >> > 'sfGuardFormSignin'); > >> >> > $this->form = new $class(); > > >> >> > if ($request->isMethod('post')) > >> >> > { > >> >> > $this->form->bind($request->getParameter('signin')); > >> >> > if ($this->form->isValid()) > >> >> > { > >> >> > $values = $this->form->getValues(); > >> >> > $remember = isset($values['remember']) ? $values['remember'] : > >> >> > false; > > >> >> > $this->getUser()->signin($values['user'], $remember); > > >> >> > $signinUrl = sfConfig::get > >> >> > ('app_sf_guard_plugin_success_signin_url', $user->getReferer($request- > >> >> > >getReferer())); > > >> >> > /////////////////////////////////////////////////////////////////////////////////// > >> >> > //MINE ADDED CODE: > > >> >> > if(!$this->getUser()->hasCredential('high')) > >> >> > { > >> >> > $this->getUser()->setFlash('news1', 'Only > >> >> > admin can > >> >> > login.'); > >> >> > $this->getUser()->setAuthenticated(false); > >> >> > } > > >> >> > ///////////////////////////////////////////////////////////////////////////////////// > > >> >> > return $this->redirect('' != $signinUrl ? $signinUrl : > >> >> > '@homepage'); > >> >> > } > >> >> > } > >> >> > else > >> >> > { > >> >> > if ($request->isXmlHttpRequest()) > >> >> > { > >> >> > $this->getResponse()->setHeaderOnly(true); > >> >> > $this->getResponse()->setStatusCode(401); > > >> >> > return sfView::NONE; > >> >> > } > > >> >> > $user->setReferer($request->getReferer()); > > >> >> > $module = sfConfig::get('sf_login_module'); > >> >> > if ($this->getModuleName() != $module) > >> >> > { > >> >> > return $this->redirect($module.'/'.sfConfig::get > >> >> > ('sf_login_action')); > >> >> > } > > >> >> > $this->getResponse()->setStatusCode(401); > >> >> > } > >> >> > } > > >> >> > } > > >> >> > Something like that or I should change something ? It works but is it > >> >> > correct ? I want make sure because security is very important. > > >> >> -- > >> >> I am on twitter:http://twitter.com/alecslupu > >> >> I am on linkedIn:http://www.linkedin.com/in/alecslupu > >> >> Tel: (+4)0748.543.798 > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
