Code snippets for symfony 1.x


Refine Tags

Snippets tagged "authenticate"

Using HTTP authentification with sfGuardPlugin

Here is how I did this... Create a sfGuardAuth module in your application and edit the actions.class.php file as follow.

The trick is to not try to overwrite the sfGuardAuth/signin action, as it use validation. As well it allow you to use the "normal" signin way (form and etc).

class sfGuardAuthActions extends BasesfGuardAuthActions
  public function executeHTTPSignin()
    // get somme interesting stuff!
    $request = $this->getRequest();
    $response = $this->getResponse();
    $user = $this->getUser();
    // An HTTP authenticated user cannot logout (browser always send authentification datas)
    // So we must be sure that the user has seen the HTTP authentification box before
    if ( $user->getAttribute('request_authentification') )
      // If authentification datas has been sent
      if ( isset( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) )
        // If correct username given
        $guarduser = sfGuardUserPeer::retrieveByUserName( $_SERVER['PHP_AUTH_USER'] );
        if ( $guarduser instanceof sfGuardUser )
          // If correct Password given
          if ( ($guarduser instanceof sfGuardUser) and ($guarduser->checkpassword( $_SERVER['PHP_AUTH_PW'] )) )
            // we can signin the user and redirect it
            $user->signin( $guarduser );
            $this->redirect( sfConfig::get('app_sf_guard_plugin_success_signin_url','@homepage') );
            throw new sfStopException;
    // else, popup the authentification box
    $response->setHttpHeader( 'WWW-Authenticate', 'Basic realm="Identification"' );
    $response->setHttpHeader( 'HTTP/1.0', '401 Unauthorized' );
    // This will be displayed if the user cancel the authentification process
    $this->forward( 'sfGuardAuth', 'password' );
    throw new sfStopException;
  public function executePasswowd()
    # Implement this action as usual...

Enjoy... (I hope)

by jugjug on 2008-03-03, tagged authenticate  http  sfguard