Code snippets for symfony 1.x

Navigation

Refine Tags

Snippets tagged "http"

Using HTTP authentification with sfGuardPlugin

Here is how I did this... Create a sfGuardAuth module in your application and edit the actions.class.php file as follow.

The trick is to not try to overwrite the sfGuardAuth/signin action, as it use validation. As well it allow you to use the "normal" signin way (form and etc).

require_once(sfConfig::get('sf_plugins_dir').'/sfGuardPlugin/modules/sfGuardAuth/lib/BasesfGuardAuthActions.class.php');
 
class sfGuardAuthActions extends BasesfGuardAuthActions
{
  public function executeHTTPSignin()
  {
    // get somme interesting stuff!
    $request = $this->getRequest();
    $response = $this->getResponse();
    $user = $this->getUser();
 
    // An HTTP authenticated user cannot logout (browser always send authentification datas)
    // So we must be sure that the user has seen the HTTP authentification box before
    if ( $user->getAttribute('request_authentification') )
    {
      // If authentification datas has been sent
      if ( isset( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) )
      {
        // If correct username given
        $guarduser = sfGuardUserPeer::retrieveByUserName( $_SERVER['PHP_AUTH_USER'] );
        if ( $guarduser instanceof sfGuardUser )
        {
          // If correct Password given
          if ( ($guarduser instanceof sfGuardUser) and ($guarduser->checkpassword( $_SERVER['PHP_AUTH_PW'] )) )
          {
            // we can signin the user and redirect it
            $user->signin( $guarduser );
            $user->setAttribute('request_authentification',false);
            $this->redirect( sfConfig::get('app_sf_guard_plugin_success_signin_url','@homepage') );
            throw new sfStopException;
          }
        }
      }
    }
 
    // else, popup the authentification box
    $user->setAttribute('request_authentification',true);
    $response->setHttpHeader( 'WWW-Authenticate', 'Basic realm="Identification"' );
    $response->setHttpHeader( 'HTTP/1.0', '401 Unauthorized' );
 
    // This will be displayed if the user cancel the authentification process
    $this->forward( 'sfGuardAuth', 'password' );
    throw new sfStopException;
  }
 
  public function executePasswowd()
  {
    # Implement this action as usual...
  }
}
 

Enjoy... (I hope)

by jugjug on 2008-03-03, tagged authenticate  http  sfguard 

Detect an Ajax request

A simple way to detect an ajax request.

In your action class.

$this->isAjaxCall = $this->getRequest()->isXmlHttpRequest();
 

I put the above line in my preExecute where needed, this way the variable is accessible by action and views.

Inside a template you can use the following as well:

$sf_request->isXmlHttpRequest()
 
by Fuad Arafa on 2006-10-27, tagged ajax  http  request 
(2 comments)

How to add HTTP Auth to symfony

Here is a little hack to use http auth when credentials or auth is insufficient:

public function executeSecure()
  {
    if (!$this->getUser()->hasAttribute("secure_referer"))
        $this->getUser()->setAttribute("secure_referer", $this->getRequest()->getReferer());
 
    if (!isset($_SERVER['PHP_AUTH_USER']))
    {
      header('WWW-Authenticate: Basic realm="Member Area"');
      header('HTTP/1.0 401 Unauthorized');
 
      return sfView::NONE;
    }
    else
    {   
        if ($this->getUser()->tryLogin($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']))
        {
            return $this->redirect($this->getUser()->getAttribute("secure_referer"));
        }
        else
        {
          header('WWW-Authenticate: Basic realm="Member Area"');
          header('HTTP/1.0 401 Unauthorized');
 
          return sfView::NONE;
        }
    }
  }

No template is needed, as everytime you access it will redirect to the referer. Then change in app/yourapp/config/settings.yml the secure_module and secure_action to match this module.

You will need a myUser::tryLogin function that returns a boolean saying "auth is ok" or "bad auth"

And then you're done :p

[from my Wiki Post ab out that]

by Romain Dorgueil on 2006-05-25, tagged authentication  credentials  http  user 
(7 comments)