Can somebody help me guess out this code..this is just a snippet and I think I included all the codes needed for my question. Actually this code is from hybridAuth. My question is, where does "user_id" from the last line came from? I wanted to know because $_SESSION["user"] gives the value of the "id". And I wanted to make another $_SESSION[" "] where I can place the value of email-add from the database (same location where that user_id's "id" exist)
// create an instance for Hybridauth with the configuration file path as parameter
$hybridauth = new Hybrid_Auth( $hybridauth_config );
// try to authenticate the selected $provider
$adapter = $hybridauth->authenticate( $provider );
// grab the user profile
$user_profile = $adapter->getUserProfile();
// load user and authentication models, we will need them...
$authentication = $this->loadModel( "authentication" );
$user = $this->loadModel( "user" );
# 1 - check if user already have authenticated using this provider before
$authentication_info = $authentication->find_by_provider_uid( $provider, $user_profile->identifier );
# 2 - if authentication exists in the database, then we set the user as connected and redirect him to his profile page
if( $authentication_info ){
// 2.1 - store user_id in session
$_SESSION["user"] = $authentication_info["user_id"];
The call to $authentication->find_by_provider_uid() returns an associative array, one key of which is user_id.
To see what other columns are returned by that call:
var_dump($authentication_info);
If the email is among the keys in that array, you may then set it in $_SESSION:
// Store the email into session if it is present in $authentication_info
// Use whatever the appropriate key you find, be it email, email_address, user_email, whatever...
$_SESSION['user_email'] = $authentication_info['email'];
Related
I never saw this before. Hopefully I can explain it to you that you'll understand it.
My code:
$google2fa = app(Google2FA::class);
$secret = $google2fa->generateSecretKey();
$user = $this->verifyToken('authentication', $request->mail, $secret);
$g2faUrl = $google2fa->getQRCodeUrl(
'name',
$request->mail,
$user['google_authentication']
);
$writer = new Writer(
new ImageRenderer(
new RendererStyle(400),
new ImagickImageBackEnd()
)
);
$qrcode_image = base64_encode($writer->writeString($g2faUrl));
return view('auth.register.admin.index', ['qrcode' => '', 'secret' => $user['google_authentication']]);
Above you see the array variable: $user['google_authentication'] on the first part I create a secret token, then I save the secret in the verify method verifyToken().
When I publish this secret on the view, it shows me a different secret then that i saved. But the weird part is, when I place a var_dump() in the code, then the secret in the view is the same as I saved.
The verify method just do a simple post api request to my middleware where I save the secret under the user, nothing special.
What is wrong in here?
The view doesn't load twice, I already checked Laravel debug bar
And why does it hold the value of the variable ($user['google_authentication']) when I use var_dump() in the code.
I am building a webapp that is supposed to be hosted in my company servers and used through the intranet. The requirements are:
The user accesses the webapp.
The app requests an e-mail address.
An e-mail containing a unique link (token) is sent to the address.
The user clicks on the link to log in without a password.
I am developing the webapp using Symfony3 and I thought of using the FriendsOfSymfony User bundle. How can I acheive that? FOSUserBundle is not mandatory.
The login functionalities you want to achieve do not diver that much from e.g. resetting a password by email. Except the temporary token in your use case is used to authenticate the user instead of authenticating a password reset.
A very simple explanation
You should create an entity that stores the authentication token, e.g. AutoLogin that has user, token and a timestamp property.
On the submit of your 'authentication form' a new AutoLogin record gets stored with a relationship towards the user and the user gets notified by email.
Whenever the user clicks the link you should have a method that validates the timestamp for a timeframe and authenticate the user by your user provider.
Examples
Symfony 2: AutoLogin
I think after you accepted the email this is what you can do:
sent url to email like this
<?php
$url = "http://example.com/login.php?token=$token";
?>
Then you login page
<?php
// retrieve token
if (isset($_GET["token"]) && preg_match('/^[0-9A-F]{40}$/i', $_GET["token"]))
{
$token = $_GET["token"];
}
else {
throw new Exception("Valid token not provided.");
}
// verify token
$query = $db->prepare("SELECT username, tstamp FROM pending_users WHERE token = ?");
$query->execute(array($token));
$row = $query->fetch(PDO::FETCH_ASSOC);
$query->closeCursor();
if ($row) {
extract($row);
}
else {
throw new Exception("Valid token not provided.");
}
// do action here, like activating a user account/redirect
// ...
// delete token so it can't be used again
$query = $db->prepare(
"DELETE FROM pending_users WHERE username = ? AND token = ? AND tstamp = ?",
);
$query->execute(
array(
$username,
$token,
$tstamp
)
);
Assuming you have tables like the ones in my queries. Hope i answered you well
There is a service called fos_user.security.login_manager that can help:
public function loginByTokenAction($token)
{
$em = $this->getDoctrine()->getManager();
$user = $em->getRepository('AppBundle:User')->findOneByToken($token);
$this->container->get('fos_user.security.login_manager')->loginUser('firewall_name', $user);
// ...
}
source : https://github.com/symfony/symfony/pull/13062
I'm developing a Joomla 3.x plugin, and want to be able to change the plugin parameter set in the plugin's manifest file programmatically. I believe I need to use a JRegistry object, but I'm not sure about the syntax.
Here's the issue:
// token A is set in plugin params as defined in plugin's XML manifest
var_dump($this->params->get('token')); // prints token "A" as expected
// do some stuff to get a fresh access token, called token "B"
$tokenB = $function_to_get_fresh_token();
// set the new token
if ($tokenB) $this->params->set('token', $tokenB);
var_dump($this->params->get('apptoken')); // prints token "B" as expected
the problem is that on subsequent page reloads, the token reverts to tokenA rather than what I assumed would be the stored value of tokenB.
How do I store the tokenB value in the plugin's parameters in the database?
This is a working example of how to change plugin params from within the plugin (J! 3.4):
// Load plugin called 'plugin_name'
$table = new JTableExtension(JFactory::getDbo());
$table->load(array('element' => 'plugin_name'));
// Params can be changed like this
$this->params->set('new_param', 'new value'); // if you are doing change from a plugin
$table->set('params', $this->params->toString());
// Save the change
$table->store();
Note: If new params are added by plugin dynamically and the plugin is saved afterwards, these new params gets deleted. So one way to deal with it is to add those params as hidden fields to plugin's config XML.
This is just an outline, but something along these lines
$extensionTable = new JtableExtension();
$pluginId = $extensionTable->find('element', 'my_plugin');
$pluginRow = $extensionTable->load($pluginId);
// Do the jregistry work that is needed
// do some stuff to get a fresh access token, called token "B"
$tokenB = $function_to_get_fresh_token();
// set the new token
if ($tokenB) $this->params->set('token', $tokenB);
// more stuff
$extensionTable->save($pluginRow);
I spent a lot of time googling and reading and found no real answer to this. Oddly enough this doesn't seem to have been provided for in Joomla. So here's what I ended up doing:
1) build a function to get your plugin ID, since it will change from one installation to another
private function getPlgId(){
// stupid hack since there doesn't seem to be another way to get plugin id
$db = JFactory::getDBO();
$sql = 'SELECT `extension_id` FROM `#__extensions` WHERE `element` = "my_plugin" AND `folder` = "my_plugin_folder"'; // check the #__extensions table if you don't know your element / folder
$db->setQuery($sql);
if( !($plg = $db->loadObject()) ){
return false;
} else {
return (int) $plg->extension_id;
}
}
2) use the plugin id to load the table object:
$extension = new JTableExtension($db);
$ext_id = $this->getPlgId();
// get the existing extension data
$extension->load($ext_id);
3) when you're ready to store the value, add it to the params, then store it:
$this->params->set('myvalue', $newvalue);
$extension->bind( array('params' => $this->params->toString()) );
// check and store
if (!$extension->check()) {
$this->setError($extension->getError());
return false;
}
if (!$extension->store()) {
$this->setError($extension->getError());
return false;
}
If anyone knows a better way to do this please let me know!
For a custom extension I'm building I need to be able to set and retrieve the status of an administrator user (not a customer) in Magento. I imagine you could achieve this like so;
$id; // ID of user stored here
$user = $mage->getadminuser($id); // store the user as an object or array in a variable with ID
$user->getStatus(); // return either true or false?
$user->setStatus(active or not active); // activate or deactivate the user
If anyone could provide me with the code to do this or documentation where I can find this easily?
Thanks!
$id = 5;
$admin = Mage::getModel('admin/user')->load($id);
if ($admin->getId()){
$admin->setIsActive(1);//or 0
$admin->save();
}
I am in service controller, login action (/service/login) and I want to pass the name,email and company to profile controller, register action(/profile/register).
Currently I am doing this way
$this->_redirect('/profile/register/?name='.$name.'&emailid='.$email.'&companyid='.$company);
But I want to pass this info to /profile/register in a way such that the user can't see these in the url.
I tried with $this->_forward like this
$params = array(
name=>$name,
emailid=>$email,
companyid=>$company
);
$this->_forward('register','profile',null,$params);
But this isn't working. Is there any other way I can do this?
To pass parameters securely, you should store the data in a session, or if you cannot use sessions, then in the database.
You could use Zend_Session to store the data temporarily until the next page view where you can retrieve it and it will be deleted (or you can let it persist).
$s = new Zend_Session_Namespace('registrationData');
$s->setExpirationHops(1); // expire the namespace after 1 page view
$s->name = $name;
$s->email = $email;
$s->companyId = $company;
// ...
return $this->_redirect('/profile/register);
And then in profile/register:
$s = new Zend_Session_Namespace('registrationData');
$name = $s->name;
$email = $s->email;
$companyId = $s->companyId;
// when this request terminates, the data will be deleted if you leave
// setExpirationHops as 1.
See also Zend_Session - namespace expiration