Fatal编程技术网
  • php/
  • Php Silex,安全防火墙和自定义用户提供程序的错误凭据

Php Silex,安全防火墙和自定义用户提供程序的错误凭据

php

Php Silex,安全防火墙和自定义用户提供程序的错误凭据,php,silex,Php,Silex,我在尝试使用安全防火墙和自定义用户提供程序登录时有错误的凭据。 这是我的密码 $app->register(new SecurityServiceProvider(), array( 'security.firewalls' => array( 'admin' => array( 'pattern' => '^/admin', 'form' => array('l

我在尝试使用安全防火墙和自定义用户提供程序登录时有错误的凭据。 这是我的密码

$app->register(new SecurityServiceProvider(), array(
        'security.firewalls' => array(
            'admin' => array(
                'pattern' => '^/admin',
                'form' => array('login_path' => '/login', 'check_path' => '/admin/login_check'),
                'logout' => array('logout_path' => '/admin/logout'), // url to call for logging out
                'users' => $app->share(function() use ($app) {
                    // Specific class user\UserProvider
                    return new UserProvider();

                }),
            )
        ),
        'security.access_rules' => array(
            // You can rename ROLE_ADMIN as you wish
            array('^/admin', 'ROLE_ADMIN'),
        )
    ));

    $app['security.encoder.digest'] = $app->share(function ($app) {
        // use the sha1 algorithm
        // don't base64 encode the password
        // use only 1 iteration
        return new MessageDigestPasswordEncoder('sha1', false, 1);
    });
我的路线:

    $app->get("/login", "site\controllers\SiteController::login");
    $app->post("/admin/login_check", "admin\controllers\AdminController::loginCheck");
我的sitecontroller功能:

public function login(Application $app, Request $request) {
    return $app['twig']->render('site/views/login.html.twig', array(
        'error' => $app['security.last_error']($request),
        'last_username' => $app['session']->get('_security.last_username'),
    ));
  }
我的看法是:

<form action="{{ path('admin_login_check') }}" method="post">
    {{ error }}
    <input type="text" name="username" value="{{ last_username }}" />
    <input type="password" name="password" value="" />
    <input type="submit" />
</form>
我的自定义用户提供程序:

<?php
namespace user\models;
use app\config\PDOFactory;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\User;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;

class UserProvider extends PDOFactory implements UserProviderInterface {

    public function loadUserByUsername($username)
    {           
        $response = $this->db->prepare('SELECT * FROM users WHERE username = ?');
        $response->execute(array(strtolower($username)));
        if (!$user = $response->fetch()) {
            throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username));
        }
        return new User($user['username'], $user['password'], explode(',', $user['roles']), true, true, true, true);
    }

    public function refreshUser(UserInterface $user)
    {
        if (!$user instanceof User) {
            throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user)));
        }

        return $this->loadUserByUsername($user->getUsername());
    }

    public function supportsClass($class)
    {
        return $class === 'Symfony\Component\Security\Core\User\User';
    }

}
在尝试登录时,我认为我无法从admincontroller访问loginCheck函数,因为它不会回显任何内容:

public function loginCheck(Application $app, Request $request) {
    echo 'LOGIN-CHECK';
    $username = $request->get('username');
    $password = $request->get('password');
    $password = $app['security.encoder.digest']->encodePassword($password, '');
    $userProvider = new UserProvider();
    $user = $userProvider->loadUserbyUsername($username);
    if ($user->getPassword() == $password){
        return $app['twig']->render('admin/views/index.html.twig');
    }
    else{
        return $app['twig']->render('site/views/login.html.twig', array(
            'error' => $app['security.last_error']($request),
            'last_username' => $app['session']->get('_security.last_username'),
        ));
    }
  }
我的密码是“admin”,我使用以下代码为数据库表生成密码:

echo $app['security.encoder.digest']->encodePassword('admin', '');
你能告诉我怎么了吗

编辑: 我的错误在于我的观点,它没有在帖子名称前使用下划线

<form action="{{ path('admin_login_check') }}" method="post">
            {{ error }}
            <input type="text" name="_username" value="{{ last_username }}" />
            <input type="password" name="_password" value="" />
            <input type="submit" />
        </form>


{{error}}
对于登录检查路径,我不需要任何路由或任何控制器功能。它由安全防火墙管理。
谢谢你的帮助

首先,启用日志记录(通过并设置
$app['debug']=true;
并检查日志,如果启用了日志记录,安全组件将发出大量信息

其次,您不必为check_路径创建控制器(甚至不必创建路由,即安全提供程序),并且(只要您不覆盖默认的身份验证提供程序,但您不希望仅为了使用登录表单而使用该路由)

话虽如此,为了调试您的代码,您可以尝试这样做,一旦这样做起作用,请再次更改它(当然,您需要更新db表上的密码字段),但最有可能的是日志会告诉您发生了什么(如果您仍然丢失了日志,也只需发布它)

echo $app['security.encoder.digest']->encodePassword('admin', '');

<form action="{{ path('admin_login_check') }}" method="post">
            {{ error }}
            <input type="text" name="_username" value="{{ last_username }}" />
            <input type="password" name="_password" value="" />
            <input type="submit" />
        </form>