我正在开发一个Silex应用程序,现在我处于安全阶段.我已经阅读了我在网上发现的关于这个主题的所有文档,但我有很多疑问,如果可能的话,我希望有人能帮助我.
基本上我跟着this tutorial from Johann Reinke.
自然而然的是Silex documentation:
也是我在谷歌上发现的一切.
但是,我认为Silex仍然缺乏大量文档,我在很多方面都迷失了.
我的代码:
$app->register(new Silex\Provider\SessionServiceProvider(),array( 'session.storage.save_path' => __DIR__.'/../vendor/sessions',)); $app->register(new Silex\Provider\DoctrineserviceProvider(),array( 'db.options' => array( 'driver' => 'pdo_MysqL','host' => 'localhost','dbname' => 'dbname','user' => 'someuser','password' => 'somepass','charset' => 'utf8',),)); $app['security.encoder.digest'] = $app->share(function ($app) { return new MessageDigestPasswordEncoder('sha1',false,1); }); $app['security.firewalls'] = array( 'acceso' => array( 'pattern' => '^/confirmar','form' => array('login_path' => '/acceso','check_path' => '/confirmar/comprobar_acceso'),'logout' => array('logout_path' => '/confirmar/salir'),'users' => $app->share(function() use ($app) { return new Acme\User\UserProvider($app['db']); }),); $app->register(new Silex\Provider\SecurityServiceProvider(array( 'security.firewalls' => $app['security.firewalls'],'security.access_rules' => array( array('^/confirmar','ROLE_USER'),)));
我对控制器有很多疑问:
$app->match('/acceso',function(Request $request) use ($app) {
$username = $request->get('_username');
$password = $request->get('_password');
if ('POST' == $request->getmethod())
{
$user = new Acme\User\UserProvider($app['db']);
$encoder = $app['security.encoder_factory']->getEncoder($user);
// compute the encoded password
$encodedPassword = $encoder->encodePassword($password,$user->getSalt());
// compare passwords
if ($user->password == $encodedPassword)
{
// set security token into security
$token = new UsernamePasswordToken($user,$password,'',array('ROLE_USER'));
$app['security']->setToken($token);
//return $app->redirect('/jander');
// redirect or give response here
} else {
// error Feedback
}
}
return $app['twig']->render('login.twig',array(
'error' => $app['security.last_error']($request),'last_username' => $app['session']->get('_security.last_username'),));
})
->bind('acceso');
这是我的班级,用户提供者:
// src/Acme/User/UserProvider.PHP namespace Acme\User; use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\User; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\Exception\UnsupportedUserException; use Doctrine\DBAL\Connection; class UserProvider implements UserProviderInterface { private $conn; public function __construct(Connection $conn) { $this->conn = $conn; } public function loadUserByUsername($username) { $stmt = $this->conn->executeQuery('SELECT * FROM compradores WHERE idemail = ?',array(strtolower($username))); if (!$user = $stmt->fetch()) { throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.',$username)); } return new User($user['idemail'],$user['pass'],explode(',',$user['roles']),true,true); } public function refreshUser(UserInterface $user) { if (!$user instanceof User) { throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.',get_class($user))); } return $this->loadUserByUsername($user->getUsername()); } public function supportsClass($class) { return $class === 'Symfony\Component\Security\Core\User\User'; } }
我的表格:
<form action="{{ path('confirmar_comprobar_acceso') }}" method="post">
{{ error }}
<input type="text" name="_username" value="{{ last_username }}" />
<input type="password" name="_password" value="" />
<input type="submit" />
</form>
这是我的MysqL表:
id int(15) idemail varchar(255) nombre varchar(255) apellidos varchar(255) telefono int(11) activo tinyint(4) pass varchar(40) roles varchar(255) iva tinyint(4) nifcif varchar(255)
尝试登录时,我总是收到“Bad credentials”响应.有任何想法吗?谢谢,干杯!
在40个字符处,您的密码字段“pass”可能会截断加密的密码.尝试将字段更改为varchar(255)
原文地址:https://www.jb51.cc/php/137477.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
