symfony framework forum

[leonidas79]

hello everyone
i want know is there is a way to use sfGuard for my own user model and benefit from all sfguard options . i used it for the backend application and it works fine , but i want use it for the frontend application with my own login form.
i tied it but the problem is that when a user is authenticated in the frontend application he can accesss to the backened cos in my login action i used $this->getUser()->setAuthenticated(true);

i hope i'm clear enough , thx for help

[claudia_k]

Shouldn't it be enough to change the cookie names for frontend and backend? Then the frontend and backend apps should require separate logins. I have not tried that (yet) though so I would appreciate if you could post the results.

Good luck

Claudia

[halfer]

You can also override the sfGuardAuth module in your application, and use your own form. I do this in 1.0, and would be surprised if it were not possible in 1.3/1.4.

[leonidas79]

thx for ur answer , but it didn't work , i don't why
if i'm logged in the frontend app and switch to the backend app i have the "Credentials Required,This page is in a restricted area." page , it's cos when i'm logged in the frontend app i set setAuthenticated to true , but it shouldn't mix both sessions i guess.

let me know plz if there is another solution for this case.

thank you

[lucasaba]

Didi you try to change the cookie name in the backend application as suggested by claudia_k ?

To me it works.

Code: Select all

//project/backend/config/factories.yml
all:
  [...]
  storage:
    class: sfSessionStorage
    param:
      session_name: backend_cookie_name


[leonidas79]

thank you so much
it's working , when i tried claudia_k's solution i did a mistake in factories.yml file , now with ur sample code it's working fine.
i have another question : how to prevent users in frontend app to access some actions unless they are authenticated ? ( ps: i'm not using sfguard in the frontend app , i have a custom form for authentication )

thank you all for helping

[lucasaba]

If you're not using sfGuard you can add credential during login.
I always use sfGuard but, if I recall well, that's how it should work: in your myUser.class.php, based on your rules, you can call the function:

Code: Select all

$this->addCredential('permit_some_action');


Then, again in the module you want to protect, add a config folder and create e security.yml file like this:

Code: Select all

//project/apps/frontend/module_to_protect/config/security.yml
name_of_the_action:
  credentials: permit_some_action


This should work....

[leonidas79]

i tried to add credentials during login but it's not working

Code: Select all

public function executeIndex(sfWebRequest $request) {
        $this->form = new LoginForm();
        if ($request->isMethod('post')) {
            $this->form->bind($request->getParameter('login'));
            if ($this->form->isValid()) {
                $login  =  $this->form->getValue('login');
                $password  =  $this->form->getValue('password');

                $q = Doctrine_Query::create()
                        ->from('User u')
                        ->where('u.login = ? AND u.password = ?',array($login,$password));

                $users = $q->execute();

                if ($users->count() == 1) {
                    $this->getUser()->setAuthenticated(true);
                    $this->getUser()->addCredential('user');
                    $this->getRequest()->getParameterHolder()->set('user',$users[0]);
                    ....

                }else {
                    $this->getUser()->setFlash('notice', 'Login ou Mot de passe invalid !');
                }
            }

        }
    }

Code: Select all

 public function executeLogout(sfWebRequest $request) {
        $this->user = null;
        $this->clearCredentials();
        $this->setAuthenticated(false);
        $this->redirect('connexion/index');
    }

it seems that the logout is not working , i still have the user in the session and authenticated , is there something wrong in my code ?

thx

[lucasaba]

I think there's an error here:

Code: Select all

public function executeLogout(sfWebRequest $request) {
   //$this->user = null;
   $this->getUser()->clearCredentials()
   //$this->clearCredentials();
   //$this->setAuthenticated(false);
   $this->getUser()->setAuthenticated(false);
   $this->redirect('connexion/index');
}


You call the user object from the action within your module and then un-authenticate it.

[leonidas79]

it's not working , the user is still authenticated after Logout Action.
i don't know why .

[halfer]

I am not clear whether you want your two apps to be accessible on the same cookie. Set them to the same name if so, and you will find that logging into one app will permit access on both.

As per @lucasaba's post, your logout method won't work as it is. You need to execute clearCredentials and setAuthenticated on the user object, not on the action. I wonder though whether this is executed at all, since if you tried it, PHP should halt with a fatal error. So... make sure this action is actually being called!

[leonidas79]

thank you , it' works fine now.
i used clearCredentials and setAuthenticated on the user object.