Yii loses session after redirect - php

I have yii project and in Chrome sessions is lost.
Example:
config in main.php
'session' => array(
'class' => 'CDbHttpSession',
'autoStart' => false,
'connectionID' => 'db',
'sessionTableName' => 'ph_YiiSession',
'autoCreateSessionTable' => false // for performance reasons
),
in start controller after login i write id user in session
Yii::app()->user->id = 100
after i redirect user
$this->redirect(array('student/index'), true);
but in index action i can't get data from session
echo Yii::app()->user->id;
give nothing. Please help, this problem crashed my brain already


You should try
'autoStart' => true,


Yii::app()->user->id = 100
First of all You can't set the Id like this permanently that could work in different pages. Even if you will set Id in a page, Its data will be lost as soon as you move to next page and it will show its default value. So if you want to change the value that Yii::app()->user->id contains then you will have to override getId() method.
Second Thing If you are trying to save the Id in the session then you should use Yii::app()->session['_myId']=Yii::app()->user->id;
and then you can get it like
echo Yii::app()->session['_myId'];
and remember 'autoStart' => TRUE,


What you are doing wrong is definitely in the UserIdentity class. The best method of setting and retrieving a session data from Yii::app()->user->id, is to override the getId() method in the UserIdentity class.
For example, lets say that you have a table named 'User' and it contains : id, username, password.
So, make the UserIdentity class something like this :
<?php
/**
* UserIdentity represents the data needed to identity a user.
* It contains the authentication method that checks if the provided
* data can identity the user.
*/
class UserIdentity extends CUserIdentity
{
private $_id;
public function authenticate()
{
$user = User::model()->find('LOWER(username)=?',array(strtolower($this->username)));
if($user===null){
$this->errorCode=self::ERROR_USERNAME_INVALID;
}else if($user->password !== crypt($this->password,$user->password)){
$this->errorCode = self::ERROR_PASSWORD_INVALID;
}
else{
$this->_id = $user->id;
$this->username = $user->username;
$this->errorCode = self::ERROR_NONE;
}
return $this->errorCode === self::ERROR_NONE;
}
public function getId()
{
return $this->_id;
}
}
Once you do this, you should be able to use the Yii::app()->user->id and get the session id anywhere in your code.
Hope this helped.
P.S > I have also made a base app where all this is already done. You may check it out at : https://github.com/sankalpsingha/yii-base-app it might help you.

Related

Pass render to my new created service - Symfony

Please, I am new to symfony, I can't seem to make this work. I created a simple service that will check if the user status is active or deleted, and if they are, log them out from application. I have created the code that works, and then I wanted to be a badass and create a service that will do this. But nooo. So, I created a service and it prints out the result, so it is registered and it is working. The problem is I guess that I cannot approach the same variables as I did in Controllers to my service class. Here is the code:
<?php
namespace WebBundle\Roles;
class Roles
{
public function getApplicationId($loggedUser, $request)
{
// Get the current user role
/** #var $userRole array */
$userRole = $loggedUser->getRoles();
// Check if the user role is super admin or admin - client
/** #var $superAdmin bool */
$superAdmin = in_array('ROLE_SUPER_ADMIN', $userRole) ? true : false;
$admin = in_array('ROLE_ADMIN', $userRole) ? true : false;
if ($superAdmin) {
/** #var $application int */
$application = $request->get('application');
} elseif ($admin) {
/** #var $application int */
$application = $loggedUser->getAppClient()->getId();
}
return $application;
}
public function logoutInactiveAndDeletedUsers($loggedUser)
{
// Log out inactive or deleted users.
if ($loggedUser->getStatus()->getStatus() == 'inactive' || $loggedUser->getStatus()->getStatus() == 'deleted' ) {
//$this->get('security.context')->setToken(null);
//var_dump('test');exit;
return $this->container->render('WebBundle:Default:login.html.twig', array('last_username' => null, 'error' => null,));
}
}
}
So, this first service getApplicationId is working fine. But the other one is causing me real trouble. So the serivce is breaking when I call both:
$this->get('security.context')->setToken(null);
and
return $this->container->render('WebBundle:Default:login.html.twig', array('last_username' => null, 'error' => null,));
But If I put this code in Controller, it works perfectly. It destroys the token and redirect the user to the login page. Please, help me understand how to make it work as a service to.

Ok, I figure out how to call a view:
In services.yaml add templating as an argument
arguments: [#templating]
Then create a property and assign it to a constructor:
private $templating;
public function __construct($templating)
{
$this->templating = $templating;
}
And call it like $this:
$this->templating->render('WebBundle:Default:login.html.twig', array('last_username' => null, 'error' => null,));
Now I need to find a solution how to disable token for the user. If anybody know help me out dude (I am not stoner anymore).

Codeigniter 3 user authenticate with base controller and database check

I have this on my pages controller.
protected $auth = array();
function __construct(){
parent::__construct();
$this->auth['result'] = $this->is_logged_in();
}
and this is my core/base controller located at core folder.
public function is_logged_in(){
$session = $this->session->userdata();
if(isset($session['logged_in'])){
return $session;
}else{ return FALSE; }
}
Is the above codes enough? or am i missing something to do a legitimate authentication?(my first time trying to attempt a user authentication)
Also, would it be okay, if for example.
I added a column 'isLoggedin' on my accounts table.
int(1),NULL.
and whenever my login function is called and someone successfully logs in, i will also add a value to insert as 'isLoggedin' to 1. 1=true, 2=false.
So for example in my pages controller, since everytime it loads, it runs the is_logged_in() function in my base controller and would return the session data from there.
I would compare the returned session data from my base controller to the one in my accounts table with the 'isLoggedin' col set to 1.
OR
since the $auth data would return an 'id' then i would check the 'id' from $auth to any 'id' on the database where 'isLoggedin == 1'. If it matches with the 'id' from $auth.
$this->db->get_where('accounts', array('id' => $auth['id'], 'isLoggedin' => 1));

Zend framework 2: How to redirect from a plugin?

I worte a plugin IdentityPlugin to check login status of a user. If the user session gets logout, I want to redirect them to login page. My code is given below.
public function checkLogin($logout=true,$next='login'){
if($this->auth->hasIdentity()){
}elseif ($logout){
return $this->getController()->redirect()->toRoute($next);
}
}
in my controller
// Check identity, if not found- redirect to login
$this->IdentityPlugin()->checkLogin();
Any idea?

You're returning a response to the controller but you're not returning it from the controller itself.
For example you could try this is your controller:
$check = $this->IdentityPlugin()->checkLogin();
if ($check instanceof Response) {
return $check;
}
A more complex solution could be to stop the propagation of the controller's MvcEvent, set whatever response you want, and return directly.

Hi you need to config you plugin in factories in module.config.php and pass service manager to __construct, like below:
'controller_plugins' => array(
'factories' => array(
'CheckLogin' => function($sm){
$checkLogin = new Application\Plugin\CheckLogin($sm);
return $checkLogin;
},
),
),
Then in your plugin you will be able to call all you need using service Manager:
namespace Application\Plugin;
use Zend\Mvc\Controller\Plugin\AbstractPlugin;
class CheckLogin extends AbstractPlugin
{
public function __construct($sm)
{
$auth = $sm->getServiceLocator()->get("Zend\Authentication\AuthenticationService");
if( !$auth->hasIdentity()){
$sm->getController()->plugin('redirect')->toUrl('/login');
}
}
}

Authentication with Doctrine in Zend Framework 2 Good Practices

Lets say that my page has 10 sections, in 6 of them I have to check if the user is logged in, and if not, redirect him to the "login/register" page.
I found myself repeating this code in the controller of those 6 pages:
public function actionthatneedsauthAction()
{
$sl = $this->getServiceLocator();
$authService = $sl->get('doctrine.authenticationservice.orm_default');
$user = $authService->getStorage()->read(); //is the user logged in?
if ($user) { //auth successful
//-------------/*CODE FOR THIS SPECIFIC CONTROLLER GOES HERE*/--------
return new ViewModel(array(
'user' => $user,
'somethingelse' => $somethingelse
));
} else { //auth denied
return $this->redirect()->toRoute(user, array('action' => 'login'));
}
}
I tried to encapsulate that into a service, called islogged (this is a model, not a controller), but I couldn't make it work because I couldn't find a way to redirect to a controller from inside a model, I only know how to redirect to a controller via another controller.
So in my usermanager.php I had a function like this one:
public function islogged()
{
$sl = $this->getServiceLocator();
$authService = $sl->get('doctrine.authenticationservice.orm_default');
$user = $authService->getStorage()->read(); //is the user logged in?
if ($user) { //auth successful
return $user;
} else {
/*
redirect to the login screen, dont know how to do it,
this code doesnt work here:
return $this->redirect()->toRoute(NULL, array(
'controller' => 'user',
'action' => 'login'
));
*/
}
}
so the idea was that in my controllers I only had to write:
$user = islogged();
and all the code repetition I mentioned won't be necessary anymore.
Is it a good practice what I tried to do with the usermanager.php islogged function?
If it is a good practice, how am I supposed to redirect to a controller from inside a model?
If is not a good practice, which will be the way to avoid all that code repetition that I'm having in my controllers?
I know that I can put the authentication step into the onboostrap() but in that case the auth will be triggered for all of my pages, and I just want it in some of them.

I would advise you to implement Doctrine Authentication with official DoctrineModule Authentication described in the docs folder of the repo.
Read this - Link to DoctrineModule Authentication
Then you can handle your Authentication check via the zf2 own Controller and View Helpers identity. See example in the docs here.

I use this ACL Module on my apps: https://github.com/ZF-Commons/zfc-rbac
My Customer overview controller then looks as so:
<?php
namespace RoleBasedCustomer\Controller;
use RoleBasedUser\Service\AuthenticationService;
use RoleBasedUser\Service\UserService;
use RoleBasedUser\Controller\AbstractMultiModelController;
class OverviewController extends AbstractMultiModelController
{
public function __construct(
AuthenticationService $authService,
UserService $userService
) {
$this->authService = $authService;
$this->userService = $userService;
}
public function indexAction()
{
if ( ! $this->authService->hasIdentity() ) {
return $this->redirect()->toRoute('customer/login');
}
}
}

The only thing i had to do is replace these two lines:
$authService = $this->getServiceLocator()
->get('doctrine.authenticationservice.orm_default');
$user = $authService->getStorage()->read(); //is the user logged in?
with this one:
$user = $this->identity();

Correct way of implementing custom authentification rest cakephp api

I'm currently developing a restful/stateless api in cakephp which uses tokens (at the moment) and should use rolling tokens (like suggested here from g-shearer) in the future. My current implementation works, but i'm really concerned if i've implemented everything the right way (auth components especially custom auth components seem really confusing to me)
PS: I'm using the current version of cakephp (2.5.1).
1: I've created the file TokenAuthenticate.php in Controller/Component/Auth:
<?php
App::uses('BaseAuthenticate', 'Controller/Component/Auth');
class TokenAuthenticate extends BaseAuthenticate {
public function authenticate(CakeRequest $request, CakeResponse $response) {
}
public function getUser(CakeRequest $request) {
//set values from request headers
$publictoken = $request->header('Security-Public-Token');
$accesstoken = $request->header('Security-Access-Token');
$timestamp = $request->header('Security-Timestamp');
// check if required header fields are set
if (empty($publictoken) || empty($accesstoken) || empty($timestamp)) {
return false;
}
// init required token model
$Token = ClassRegistry::init('Token');
//check if token pair exists
if ($dbtoken = $Token->findByPublic($publictoken)) {
if ($accesstoken == md5($dbtoken['Token']['private'] . $timestamp)) {
//valid token - return user
$User = ClassRegistry::init('User');
$dbuser = $User->findById($dbtoken['Token']['user_id'])['User'];
return $dbuser;
} else {
//invalid token
return false;
}
} else {
//invalid token pair
return false;
}
}
public function unauthenticated(CakeRequest $request, CakeResponse $response) {
return true;
}
}
?>
then i've added the following to my controller:
class UsersController extends AppController {
public $uses = array('User', 'Token');
public $components = array('Auth' => array('authenticate' => array('Token')));
public function beforeFilter() {
parent::beforeFilter();
AuthComponent::$sessionKey = false;
$this->Auth->autoRedirect = false;
$this->Auth->allow('login', 'register');
}
in my actions i check the status like so:
if (!$this->Auth->loggedIn()) {
$this->set(array('error' => 'INVALID_AUTHENTIFICATION'));
$this->render('view');
}
So I can set a custom error and output it without being redirected to the login action (note the unauthenticated function in my tokenauthentication file which returns true - so cakephp does not redirect you)
I think the login process should happen in the authenticate function of my TokenAuthenticate file and not in the login action of my controller, or am i wrong? What is the correct way to achieve this goal?
PS: How would it be possible to add a new token pair (to every authenticated output) automatically with cakephp so the tokens are 'rolling'?
The whole api output is json encoded if that matters
also cakephp still sets a cookie sometimes even though i disabled this (AuthComponent::$sessionKey = false;). How to stop this?
EDIT: So I've added an beforeRender() function to my userscontroller and now the tokens are rolling (Y)
//renew tokens
public function beforeRender() {
//only add tokens if logged in
if ($this->Auth->loggedIn()) {
//find old token
$oldToken = $this->Token->findByUser_id($this->Auth->user('id'));
//delete old token
$this->Token->delete($oldToken['Token']['id']);
//create new token pair
$this->Token->create();
$this->Token->save(array(
'user_id' => $this->Auth->user('id'),
'public' => Security::hash(substr(str_shuffle('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!##$') , 0 , 15 )),
'private' => Security::hash(substr(str_shuffle('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!##$') , 0 , 15 ))
));
//set it for the view
$this->set(array('token' => $this->Token->read()));
}
}
Is this the right way to implement something like this? I always want to do things the right and 'perfect' way so any criticsm is welcome :)

Categories