I am using PhalconPHP and storing values in session after login something like below.
$this->session->start();
$this->session->set('auth', array(
'dealer_id' => $dealers->getDealerId(),
'username' => $dealers->getUserName(),
'language_id' => $dealers->getLanguageId(),
'dealername' => $dealername,
));
session_write_close();
which set the values in session, even just after that if I try printing
print_r($this->session->get('auth'))
it returns
Array
(
[dealer_id] => 78
[username] => swiftmailcomm
[language_id] => 1
[dealername] => Swiftmail Communication
)
But when I try to get this session values using $this->session->get('auth') in ControllerBase in some action it doesn't return anything. It seems to be destroyed.
Module.Php
public function registerServices(\Phalcon\DiInterface $di)
{
$di->set('dispatcher',function(){
$eventsManager = new EventsManager;
/**
* Check if the user is allowed to access certain action using the SecurityPlugin
*/
$eventsManager->attach('dispatch:beforeDispatch', new SecurityPlugin);
/**
* Handle exceptions and not-found exceptions using NotFoundPlugin
*/
$eventsManager->attach('dispatch:beforeException', new NotFoundPlugin);
$dispatcher = new MvcDispatcher;
$dispatcher->setEventsManager($eventsManager);
$dispatcher = new \Phalcon\Mvc\Dispatcher();
$dispatcher->setDefaultNamespace("NBBD_SkyWebTech\Dealer\Controllers\\");
return $dispatcher;
});
/**
* Read configuration
*/
$config = include __DIR__ . "/config/config.php";
//Register Volt as a service
$di['view'] = function () use ($config) {
$view = new View();
$view->setViewsDir($config->application->viewsDir);
//activating volt engine
$view->registerEngines(array(
".volt" => 'voltService'
));
return $view;
};
$di->set('voltService', function($view, $di) use ($config) {
$volt = new Volt($view, $di);
$volt->setOptions(array(
"compiledPath" => $config->application->voltCacheDir,
'compiledSeparator' => '_',
"compiledExtension" => ".compiled"
));
return $volt;
});
/*
* Setting up the view component
$di['view'] = function () use ($config) {
$view = new View();
$view->setViewsDir($config->application->viewsDir);
//activating volt engine
$view->registerEngines(array(
".phtml" => 'voltService'
));
return $view;
}; */
//Set the views cache service
$di->set('viewCache', function() use ($config) {
// Cache the files for 1hour using a Output frontend
$frontCache = new Output(array(
"lifetime" => 3600
));
//Cache data for one day by default
$cache = new File($frontCache, array(
"cacheDir" => $config->application->cacheDir
));
return $cache;
});
//Model Cache
$di->set('modelsCache', function() use ($config) {
//Cache data for one day by default
$frontCache = new \Phalcon\Cache\Frontend\Data(array(
"lifetime" => 3600
));
//Cache data for one day by default
$cache = new File($frontCache, array(
"cacheDir" => $config->application->cacheDir
));
return $cache;
});
//Set up the flash service
$di->set('flash', function() {
return new \Phalcon\Flash\Session(array(
'error' => 'alert alert-danger',
'success' => 'alert alert-success',
'notice' => 'alert alert-info',
));
});
/**
* Start the session the first time some component request the session service
*/
$di->set('session', function () {
$session = new SessionAdapter();
$session->start();
return $session;
});
}
In your declaration of the session service you use the dependency injector method "set". I believe you need to use "setShared" as this makes the session service act as a singleton which will make anything you set in it available to other controllers.
I have this exact setup and it works for me.
I think using the set method is causing it to create new session each time rather than pulling the existing one that contains your data.
$di->setShared('session', function () {
$session = new SessionAdapter();
$session->start();
return $session;
});
Related
I'm using PHP on IIS, Phalcon framework. I have a login controller which I'm working on (yes, password isn't encrypted yet, but that's later) but I can't seem to get it to work.
I have a form action posting to signin/doSignin. This is a snippet of the SigninController.php:
public function doSigninAction(){
//$this->view->disable();
$user = User::findFirst([
'conditions' => 'email = :email: AND password = :password:'
, 'bind' => [
'email' => $this->request->getPost('email')
, 'password' => $this->request->getPost('password')
]
]);
if ($user){
echo 1;
return;
}
echo 2;
What results when I run this code is a blank page that simply reports:
Call to undefined method or service 'getDI'
Something somewhere is not lined up properly for the internals of phalcon, but I don't know what I need to check. When I change the above code to this, I get a proper rendering of the view, printing 1 for the user:
$user = new User()/*::findFirst([
'conditions' => 'email = :email: AND password = :password:'
, 'bind' => [
'email' => $this->request->getPost('email')
, 'password' => $this->request->getPost('password')
]
]);*/;
if ($user){
echo 1;
return;
}
echo 2;
My bootstrap is the following:
<?php
try {
set_include_path('c:/workspace/GIIAnalytics/app/views');
//Autoloader
$loader = new \Phalcon\Loader();
$loader->registerDirs([
'../app/controllers/'
, '../app/models/'
, '../app/config/'
]);
/** For MSSQL connections */
$loader->registerNamespaces([
"Twm\Db\Adapter\Pdo" => "../app/library/db/adapter/"
, "Twm\Db\Dialect" => "../app/library/db/dialect/"
]);
$loader->register();
//Dependancy Injection
$di = new \Phalcon\DI\FactoryDefault();
//Config
$configFile = __DIR__ . '/../app/config/config.json';
$config = json_decode ( file_get_contents ( $configFile ) );
$di->setShared('config',$config);
//MSSQL Database connection
$di->set("db", function() use ($di) {
//Database info
/** For MSSQL connections */
$mc = $di->getDI()->getShared('config')['db'];
$db = new Twm\Db\Adapter\Pdo\Mssql($mc);
return $db;
});
//View
$di->set('view', function(){
$view = new \Phalcon\Mvc\View();
$view->setViewsDir('../app/views');
/*
$view->registerEngines([
'.volt' => '\Phalcon\Mvc\View\Engine\Volt'
]);
*/
return $view;
});
// Router
$di->set('router',function(){
$router = new \Phalcon\Mvc\Router();
$router->mount(new Routes());
return $router;
});
// Session
$di->setShared('session', function() {
$session = new \Phalcon\Session\Adapter\Files();
$session->start();
return $session;
});
//Flash Data (temp data)
$di->set('flash', function() {
$flash = new \Phalcon\Flash\Session([
'error' => 'alert alert-danger'
, 'success' => 'alert alert-success'
, 'notice' => 'alert alert-info'
, 'warning' => 'alert alert-warning'
]);
return $flash;
});
//Metadata
$di['modelsMetadata'] = function() {
$metaData = new \Phalcon\Mvc\Model\MetaData\Memory([
'lifetime' => 86400
, 'prefix' => 'metaData'
]);
return $metaData;
};
// custom dispatcher overrides the default
$di->set('dispatcher', function() use ($di) {
$eventsManager = $di->getShared('eventsManager');
// Custom ACL class
$permission = new Permission();
// Listen for events from the $permission class
$eventsManager->attach('dispatch', $permission);
$dispatcher = new \Phalcon\Mvc\Dispatcher();
$dispatcher->setEventsManager($eventsManager);
return $dispatcher;
});
//Deploy the app
$app = new \Phalcon\Mvc\Application($di);
echo $app->handle()->getContent();
} catch(\Phalcon\Exception $e) {
echo $e->getmessage();
}
?>
How do I fix the dependency problem?
Found the issue. Phalcon is not good about giving you the line for invalid function calls. It was in my db constructor, where I'm doing $di->getDI this got changed (along with the config reader) to this snippet:
//MSSQL Database connection
$di->set("db", function() use ($di) {
//Database info
/** For MSSQL connections */
$mc = (array) $di->getShared('config')->db;
$db = new Twm\Db\Adapter\Pdo\Mssql($mc);
return $db;
});
I've added an ACL to my website but when I test the result of my role variable in the SecurityPlugin.php file I get the result twice.
Why does Phalcon show the var_dump of $role twice? I'm fairly new to this framework and my initial thought was it might me due to routing in Phalcon?
Phalcon version: 3.0.3
\app\plugins\SecurityPlugin.php
use Phalcon\Acl;
use Phalcon\Acl\Role;
use Phalcon\Acl\Adapter\Memory as AclList;
use Phalcon\Acl\Resource;
use Phalcon\Events\Event;
use Phalcon\Mvc\User\Plugin;
use Phalcon\Mvc\Dispatcher;
class SecurityPlugin extends Plugin
{
/**
* Returns an existing or new access control list
*
* #returns AclList
*/
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
// Register roles
$roles = [
'admins' => new Role(
'admins',
'Website administrators'
),
'users' => new Role(
'users',
'Member privileges, granted after sign in.'
),
'guests' => new Role(
'guests',
'Anyone browsing the site who is not signed in is considered to be a "Guest".'
)
];
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array(
'account' => array('*')
);
$privateResourcesAdmin = array(
'admin' => array('*')
);
//Public area resources
$publicResources = array(
'index' => array('*'),
'register' => array('*'),
'errors' => array('show401', 'show404', 'show500'),
'register' => array('*'),
'login' => array('*'),
'logout' => array('*')
);
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
foreach ($privateResourcesAdmin as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to users, admins and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action){
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Grant access to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action){
$acl->allow('users', $resource, $action);
}
}
foreach ($privateResourcesAdmin as $resource => $actions) {
foreach ($actions as $action){
$acl->allow('admins', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* This action is executed before execute any action in the application
*
* #param Event $event
* #param Dispatcher $dispatcher
* #return bool
*/
public function beforeExecuteRoute(Event $event, Dispatcher $dispatcher){
$auth = $this->session->get('auth');
if (!$auth){
$role = 'guests';
} else {
if ($this->session->has("account_type")) {
$type = $this->session->get("account_type");
if($type == 99){
$role = 'admins';
} else {
$role = 'users';
}
}
}
var_dump($role);
$controller = $dispatcher->getControllerName();
$action = $dispatcher->getActionName();
$acl = $this->getAcl();
if (!$acl->isResource($controller)) {
$dispatcher->forward([
'controller' => 'errors',
'action' => 'show404'
]);
return false;
}
$allowed = $acl->isAllowed($role, $controller, $action);
if (!$allowed) {
$dispatcher->forward(array(
'controller' => 'errors',
'action' => 'show401'
));
$this->session->destroy();
return false;
}
}
}
\public\index.php
<?php
use Phalcon\Di\FactoryDefault;
use Phalcon\Mvc\Dispatcher; //Used for ACL list and authorization routing
use Phalcon\Events\Manager as EventsManager; //Used for ACL List
use Phalcon\Mvc\Router; //Used for routing logout page
error_reporting(E_ALL);
define('BASE_PATH', dirname(__DIR__));
define('APP_PATH', BASE_PATH . '/app');
try {
/**
* The FactoryDefault Dependency Injector automatically registers
* the services that provide a full stack framework.
*/
$di = new FactoryDefault();
/**
* Read services
*/
include APP_PATH . "/config/services.php";
/**
* Get config service for use in inline setup below
*/
$config = $di->getConfig();
/**
* Include Autoloader
*/
include APP_PATH . '/config/loader.php';
//This makes sure the routes are correctly handled for authorized/unauthorized in people
/**
* MVC dispatcher
*/
$di->set("dispatcher", function () use ($di) {
// Create an events manager
$eventsManager = $di->getShared('eventsManager');
/**
*Check if the user is allowed to access certain action using the SecurityPlugin
*Listen for events produced in the dispatcher using the Security plugin
*/
$eventsManager->attach(
"dispatch:beforeExecuteRoute",
new SecurityPlugin()
);
// Handle exceptions and not-found exceptions using NotFoundPlugin
$eventsManager->attach(
"dispatch:beforeException",
new NotFoundPlugin()
);
$dispatcher = new Dispatcher();
// Assign the events manager to the dispatcher
$dispatcher->setEventsManager($eventsManager);
return $dispatcher;
}
);
/**
* Handle and deploy the application
*/
$application = new \Phalcon\Mvc\Application($di);
echo $application->handle()->getContent();
} catch (\Exception $e) {
echo $e->getMessage() . '<br>';
echo '<pre>' . $e->getTraceAsString() . '</pre>';
}
Because you are doing forward - so this means there is other action executed again and beforeExecuteRoute fired again - that's why 2 times var_dump
Iḿ trying to make an rest application using Phalcon, i save some of the info
of the logged in user in an session but i don't get this to work, my code:
$this->session->set( Sessions::USERINFO, array (
'login' => true,
'type' => UserTypes::ADMIN,
'username' => $this->user->getUsername(),
'adminid' => $this->user->getAdminID(),
'fullname' => $this->user->getFullName(),
'avatar' => $this->user->getAvatar() )
);
return $this->session->get( Sessions::USERINFO );
When he returns the session it works but when i try to get the session in an other request it returns empty
return array("session" => $this->session->isStarted(),
"session Data" => $this->session->get(Sessions::USERINFO));
isStarted returns true
get returns null
Sessions::USERINFO
is an class with const values
const USERINFO = "userInfo";
Session var creation
$di->setShared( 'session', function () {
$session = new Session();
$session->start();
return $session;
} );
I am using this to save my session:
$obj = $this->request->getJsonRawBody();
$user = Users::findFirstByUsername($obj->username);
if($user) {
if($this->security->checkHash($obj->password, $user->password)) {
unset($user->password);
$this->session->set('auth', $user->toArray());
$response = $user->toArray();
}
else {
$response = array('msg' => 'failed');
}
}
else {
$response = array('error' => 'User not found');
}
$this->setPayload($response);
return $this->render();
And this to recieve information from my session
if($this->session->get('auth')['username']) {
$response = $this->session->get('auth');
}
else {
$response = array('msg' => 'noInfo');
}
$this->setPayload($response);
return $this->render();
This is how I start my session:
$di->set('session', function () {
$session = new SessionAdapter();
$session->start();
return $session;
});
It works just fine, you might want to try this.
I found the problem. Had to enable this in my frondend application:
RestangularProvider.setDefaultHttpFields({
withCredentials: true
});
The frontend was not sending the cookie with every request.
I am extending the session provider in order to persist some required data. I started editing AppServiceProvider's boot method:
\Session::extend('desk', function($app)
{
return new Desk();
});
Desk class looks like:
namespace App\Services;
use Illuminate\Session\ExistenceAwareInterface;
class Desk implements \SessionHandlerInterface, ExistenceAwareInterface{
/**
* The existence state of the session.
* #var bool
*/
protected $exists;
public function close()
{
return true;
}
public function destroy($session_id)
{
$session = $em->find('Session', $session_id);
$em->remove($session);
$em->flush();
return true;
}
public function gc($maxlifetime)
{
// TODO: Implement gc() method.
}
public function open($save_path, $session_id)
{
return true;
}
public function read($session_id)
{
$session = $em->find('Session', $session_id);
if ($sesion !== null){
$this->exists = true;
return $session->getPayload();
}
}
public function write($session_id, $session_data)
{
$session = $em->find('Session', $session_id);
if ($session === null){
$session = new Session($session_id, $session_data);
$em->persist($session);
}
else{
$session->setPayload($session_data);
}
$em->flush();
$this->exists = true;
}
public function setExists($value)
{
$this->exists = $value;
return $this;
}
}
After finish the implementation, I changed the session config to this:
return [
'driver' => 'desk',
'lifetime' => 120,
'expire_on_close' => false,
'encrypt' => false,
'files' => storage_path().'/framework/sessions',
'connection' => null,
'table' => 'sessions',
'lottery' => [2, 100],
'cookie' => 'lote_session',
'path' => '/',
'domain' => null,
'secure' => false,
];
When I load the page there is not problem, but after do a success login request and then, refresh the page, the session expires and the user is a guest again. Do I miss something?
Additional information: if I revert the session driver to "file", everything goes fine.
Well, for others that need/want to extends the session provider like me, pay attention to session's table structure. My mistake was that the payload column was set as:
payload varchar(255) not null
Because of laravel serialization data, the payload value could be has more than 255 characters length, in consequence, it will break the data and make it inconsistent. You can consider:
payload text not null
I've created a module to authenticate a user. Now, after login I go to the index action and the system tells me that the authentication is all working fine. But What I want is to print some more user details from the Users table. When I try:
print_r($this->getServiceLocator()->get('AuthService')->getAdapter()->getResultRowObject());
I get no result. What am I doing wrong?
Thanks for your help.
In my module.php I've the following code(snippet):
public function getServiceConfig()
{
return array(
'abstract_factories' => array(),
'aliases' => array(),
'factories' => array(
// Some more code here but removed for simplicity
// Autentication
'AuthService' => function ($sm) {
$adapter = $sm->get('master_db');
$dbAuthAdapter = new DbAuthAdapter ( $adapter, 'Users', 'email', 'password' );
$auth = new AuthenticationService();
$auth->setAdapter ( $dbAuthAdapter );
return $auth;
},
// Some more code here but removed for simplicity
}
In my IndexController.php I've the following (snippets):
public function indexAction()
{
if(!$this->getServiceLocator()->get('AuthService')->hasIdentity()){
return $this->redirect()->toUrl('login');
}
echo "hello, it works!";
exit;
}
public function loginAction(){
$form = $this->getServiceLocator()->get('LoginForm');
$viewModel = new ViewModel(array('form' =>
$form));
return $viewModel;
}
public function processAction(){
// Lots of code here
if($bcrypt->verify($loginData['password'], $userData->password))
{
$this->getAuthService()
->getAdapter()
->setIdentity($loginData['email'])
->setCredential($userData->password);
$result = $this->getAuthService()->authenticate();
}
// Lots of code here where I check if $result->isValid and route to the
// correct action
}
public function getAuthService() {
if(!isset($this->authservice)) {
$this->authservice = $this->getServiceLocator()->get('AuthService');
}
return $this->authservice;
}
Instead of refering to the authentication result object (which properly only exists in the authentication request) you can simply store user details in the authentication identity (#see http://framework.zend.com/manual/2.1/en/modules/zend.authentication.intro.html).
For your case you could also store user specific details right after the validation of the authentication result in the authentication storage:
if ($result->isValid()) {
//authentication success
$resultRow = $this->authService->getAdapter()->getResultRowObject();
$this->authService->getStorage()->write(array(
'id' => $resultRow->id,
'user_agent' => $request->getServer('HTTP_USER_AGENT'))
);
}
(This information was taken from this authentication tutorial http://samsonasik.wordpress.com/2013/05/29/zend-framework-2-working-with-authenticationservice-and-db-session-save-handler/)