Something like that. Besides checking the username and password, you'll also have to check the credentials of the user, just like you described before.
On Sat, Jun 20, 2009 at 20:07, dziobacz<aaabbbcccda...@gmail.com> wrote: > > I thought of course about section 'Check the user password with an > external method' hehe :) > > How can I change it: $user = LDAP::getUser($username); ?? > sfGuardUser::getUser($username) or what ? > > > > On 20 Cze, 19:41, Gábor Fási <maerl...@gmail.com> wrote: >> Nope, I meant the one above: "Check the user password with an external >> method" >> I guess anywhere in your lib folder, just make sure it's static, >> callable and the autoload finds it. >> >> On Sat, Jun 20, 2009 at 19:15, dziobacz<aaabbbcccda...@gmail.com> wrote: >> >> > Is this section: 'Change the algorithm used to store passwords' on >> >http://www.symfony-project.org/plugins/sfGuardPlugin?? >> > But where can I place this function checkLDAPPassword($username, >> > $password) ? In which file ? >> >> > On 20 Cze, 18:49, Gábor Fási <maerl...@gmail.com> wrote: >> >> No, you shouldn't. >> >> Check the docs again instead: you can tell sfGuard what function to >> >> call to check the username/password, and there you can check if the >> >> given user is admin or not. The error message will say that the given >> >> user/pass is invalid instead of your 'only admin may login', but I >> >> think that's good enough. >> >> >> On Sat, Jun 20, 2009 at 18:45, dziobacz<aaabbbcccda...@gmail.com> wrote: >> >> >> > I know about credentials - but with credentials user CAN login but he >> >> > hasn't acces permission to pages. I thought about that user CAN'T >> >> > login if he isn't admin or if was banned. You think that I shouldn't >> >> > modify signin() method ?? >> >> >> > On 20 Cze, 17:32, Alexandru-Emil Lupu <gang.al...@gmail.com> wrote: >> >> >> check this out.http://www.symfony-project.org/plugins/sfGuardPlugin >> >> >> <http://www.symfony-project.org/plugins/sfGuardPlugin>by modifing the >> >> >> sfGuardPlugin, you make a mistake, because you woun't be able to >> >> >> update it. >> >> >> >> <http://www.symfony-project.org/plugins/sfGuardPlugin> >> >> >> >> Secure some modules or your entire application in security.yml >> >> >> >> default: >> >> >> is_secure: on >> >> >> >> Check out the docs & mail list archive, there is a "has_credentials" or >> >> >> "require credential' setting for your yaml config. >> >> >> alecs >> >> >> >> On Sat, Jun 20, 2009 at 5:56 PM, dziobacz <aaabbbcccda...@gmail.com> >> >> >> wrote: >> >> >> >> > Standard signin() method looks: >> >> >> >> > class BasesfGuardAuthActions extends sfActions >> >> >> > { >> >> >> > public function executeSignin($request) >> >> >> > { >> >> >> > $user = $this->getUser(); >> >> >> > if ($user->isAuthenticated()) >> >> >> > { >> >> >> > return $this->redirect('@homepage'); >> >> >> > } >> >> >> >> > $class = sfConfig::get('app_sf_guard_plugin_signin_form', >> >> >> > 'sfGuardFormSignin'); >> >> >> > $this->form = new $class(); >> >> >> >> > if ($request->isMethod('post')) >> >> >> > { >> >> >> > $this->form->bind($request->getParameter('signin')); >> >> >> > if ($this->form->isValid()) >> >> >> > { >> >> >> > $values = $this->form->getValues(); >> >> >> > $remember = isset($values['remember']) ? $values['remember'] : >> >> >> > false; >> >> >> >> > $this->getUser()->signin($values['user'], $remember); >> >> >> >> > $signinUrl = sfConfig::get >> >> >> > ('app_sf_guard_plugin_success_signin_url', >> >> >> > $user->getReferer($request- >> >> >> > >getReferer())); >> >> >> >> > return $this->redirect('' != $signinUrl ? $signinUrl : >> >> >> > '@homepage'); >> >> >> > } >> >> >> > } >> >> >> > else >> >> >> > { >> >> >> > if ($request->isXmlHttpRequest()) >> >> >> > { >> >> >> > $this->getResponse()->setHeaderOnly(true); >> >> >> > $this->getResponse()->setStatusCode(401); >> >> >> >> > return sfView::NONE; >> >> >> > } >> >> >> >> > $user->setReferer($request->getReferer()); >> >> >> >> > $module = sfConfig::get('sf_login_module'); >> >> >> > if ($this->getModuleName() != $module) >> >> >> > { >> >> >> > return $this->redirect($module.'/'.sfConfig::get >> >> >> > ('sf_login_action')); >> >> >> > } >> >> >> >> > $this->getResponse()->setStatusCode(401); >> >> >> > } >> >> >> > } >> >> >> >> > .................... >> >> >> > } >> >> >> >> > In my application admin has 'high' credentials. So in >> >> >> > \sf_sandbox\apps >> >> >> > \frontend\modules I created sfGuardAuth\actions\actions.class.php >> >> >> > with that code: >> >> >> >> > class sfGuardAuthActions extends BasesfGuardAuthActions >> >> >> > { >> >> >> > public function executeSignin($request) >> >> >> > { >> >> >> > $user = $this->getUser(); >> >> >> > if ($user->isAuthenticated()) >> >> >> > { >> >> >> > return $this->redirect('@homepage'); >> >> >> > } >> >> >> >> > $class = sfConfig::get('app_sf_guard_plugin_signin_form', >> >> >> > 'sfGuardFormSignin'); >> >> >> > $this->form = new $class(); >> >> >> >> > if ($request->isMethod('post')) >> >> >> > { >> >> >> > $this->form->bind($request->getParameter('signin')); >> >> >> > if ($this->form->isValid()) >> >> >> > { >> >> >> > $values = $this->form->getValues(); >> >> >> > $remember = isset($values['remember']) ? $values['remember'] : >> >> >> > false; >> >> >> >> > $this->getUser()->signin($values['user'], $remember); >> >> >> >> > $signinUrl = sfConfig::get >> >> >> > ('app_sf_guard_plugin_success_signin_url', >> >> >> > $user->getReferer($request- >> >> >> > >getReferer())); >> >> >> >> > /////////////////////////////////////////////////////////////////////////////////// >> >> >> > //MINE ADDED CODE: >> >> >> >> > if(!$this->getUser()->hasCredential('high')) >> >> >> > { >> >> >> > $this->getUser()->setFlash('news1', 'Only >> >> >> > admin can >> >> >> > login.'); >> >> >> > $this->getUser()->setAuthenticated(false); >> >> >> > } >> >> >> >> > ///////////////////////////////////////////////////////////////////////////////////// >> >> >> >> > return $this->redirect('' != $signinUrl ? $signinUrl : >> >> >> > '@homepage'); >> >> >> > } >> >> >> > } >> >> >> > else >> >> >> > { >> >> >> > if ($request->isXmlHttpRequest()) >> >> >> > { >> >> >> > $this->getResponse()->setHeaderOnly(true); >> >> >> > $this->getResponse()->setStatusCode(401); >> >> >> >> > return sfView::NONE; >> >> >> > } >> >> >> >> > $user->setReferer($request->getReferer()); >> >> >> >> > $module = sfConfig::get('sf_login_module'); >> >> >> > if ($this->getModuleName() != $module) >> >> >> > { >> >> >> > return $this->redirect($module.'/'.sfConfig::get >> >> >> > ('sf_login_action')); >> >> >> > } >> >> >> >> > $this->getResponse()->setStatusCode(401); >> >> >> > } >> >> >> > } >> >> >> >> > } >> >> >> >> > Something like that or I should change something ? It works but is it >> >> >> > correct ? I want make sure because security is very important. >> >> >> >> -- >> >> >> I am on twitter:http://twitter.com/alecslupu >> >> >> I am on linkedIn:http://www.linkedin.com/in/alecslupu >> >> >> Tel: (+4)0748.543.798 >> >> > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
