I am supporting a site built on symfony. There were problems regarding some kind of "admin page".
While not knowing much about the whole thing by reading the logs and comparing recent backups I think I was able to fix the issue (some developer removed a route, but did not fix a template).
I do not have admin password to the site, but have root access to the server and super access to the database (in this case postgres).
Can you help me how to create myself an account without knowing the current passwords?
Disclaimer: I do not have much knowledge with PHP's OOP interface as I am not a programmer, but a sysadmin.
Edit:
symfony version 1.0.16
Try logging into the server and changing into the Symfony project's root directory. There's probably a "symfony" script/link there (the details depend on your OS and how Symfony's set up; you might be able just to run ./symfony rather than needing php symfony). Run this to see whether this basics are working:
php symfony
If that works, you should get a list of possible tasks you can do. If you're using the sfGuardPlugin, you should see some tasks like guard:create-user.
To get more information on a task, try something like:
php symfony help guard:create-user
But basically, assuming a fairly modern Symfony installation and plugin, try something like:
php symfony guard:create-user --env=prod newusername newpassword
(the --env=prod option creates the user in the production environment, which is probably what you want.)
If there are super-user-only tasks you want to do, try also doing this:
php symfony guard:promote newusername
That will give the new user super-admin privileges.
You'll probably also find a guard:change-password task which will simply reset the password for a given user.
I ended up editing the file named:
plugins/sfGuardPlugin/lib/validator/sfGuardUserValidator.class.php
this is where the authentication takes place.
I added a few lines to bypass the actual password check for an already created user.
Related
Essentially what I am trying to do is to create an interactive user set up wizard (often seen in CMSes like Wordpress or xenforo) when they first run the project. This would consist of basic configuration such as setting the parameters to the MySQL database, setting up and admin account, etc. The issue is, I'm not too sure how to go about going this in the first place. How would I go about overwriting values in the configuration file properly? What would be the best implementation for this?
Maybe this is what you're looking for?
Laravel Setup Wizard
We have developed a CMS based website builder. It is currently available only in asp/ms-sql. A php/mysql version is in production now.
One critical thing that we are missing is a way to notify users of this software about an available update and a simple "one-click" solution to installing the update.
The update could be something as simple as correcting a typo or as complex as adding a new feature which would entail new pages in the CMS, changes to the public pages and changes to an existing DB table or the addition of a new table.
The question proposed is... Where do we even begin to find information regarding the implementation of an update?
Hope someone here can point us in the right direction.
When an administrator logs in, the site sends a HTTP request (using CURL from the server, or JSONP from within the browser) to the update server with it's current version. The update server replies with 'there is a newer version: 2.0.1.1.2' or 'no update available'.
On hitting update, replace core files and adjust the database by ALTER TABLE statements.
Ensure you have the file permissions to write em with the www user.
You should build the software a way that you have files which do not get edited by the user and files with only user content. So you can replace the core files without worrying to replace any user content. User config files need special treatment.
It's not that hard so I hope my suggestion helps.
Just make sure you have a very strict API and code, so it works for all customers, no regard of operating system and environment, it's difficult to change things later.
I also suggest using SSL for the communication.
I need to update source files (pull and update from the repository) in my production server, run migrations, and regenerate cached assets.
Is there any mechanism in Symfony 2 to do this safely? Like putting the site into 'maintainance mode' (which should throw a 503) or something?
I've just found a Bundle for Symfony 2, which offers you 2 extra-commands in the console to put your application into maintenance mode.
Here you go: https://github.com/lexik/LexikMaintenanceBundle
I've been trying to decide how I would implement this. On one hand, Symfony2 provides decent prod caching, so if you're not destructively modifying your database schema (removing columns or tables, etc), you can probably get away with just changing the schema, deploying from your repo, then clearing your prod cache. That's how I handle things most of the time.
On the other hand, if you DO want to go into maintenance mode, you'll want a solution that has minimal load on the framework (ie, you probably don't want to fire up the kernel), or you're defeating the purpose anyway: taking the load off the framework while you muck with things.
If it were me, I'd probably write a simple maintenance script that just sets a 503 header, maybe serves up some static html (pregenerated from my site templates) and sends it back to the user, then use some conditional logic in my app.php to use that when I should be in maintenance mode. It's ugly, but it works.
Not sure how to go about this for a bigger site where a user could be in the middle of some kind of transaction (shopping for instance) but for a smaller site could you not just use a .htaccess file (the one in the web directory assuming that is your root) to redirect to some maintenance page instead of into app.php.
I can recommend using deployer (http://deployer.org/) to deploy your Symfony2 application. This way you dont need a maintenance page. The tool ships with a symfony2 and symfony3 template already included.
It generates your assets, warms up the cache and keeps track of your release directories. It's easy to roll back to a previous release also.
there is a "current"-symlink which always points to your current release directory. If a release deployment is complete this link updates to the newly created release directory.
Regarding doctrine migrations you need to write a custom task for that.
Please look at capifony http://capifony.org/
It has excellent support for Symfony2.
In drupal, it's possible to create a "build", also known as "install profile" or "distribution" that basically combines several modules and your settings for them. So the next time you setup the same exact site, you don't have to re-configure all the modules.
Does Joomla have a similar concept, and what is it called? Please reference documentation as well if possible.
The concept is very simple - you just need to get a clean installation, install all the extensions you want and configure them the way you need.
Then it is enough to copy the files and the database to a new location and change the settings in the configuration file (configuration.php). That is all.
It is a very simple process and can easily be automated with a simple php script. I once did an asp.net app which was deploying new installations of joomla within seconds.
You could try something like http://www.akeebabackup.com/
This allows you to take a snapshot of a site and export it anywhere.
I'm new to Symfony. Is my understanding correct that the User class is actually for controlling sessions? But is there built-in login and account creation? I'm not finding it. But if there's an admin backend generator, how can it function without user logins?
Not sure what version of Symfony you're using, but login and account creation is typically incorporated into an application using either the sfGuardPlugin (for Propel) or sfDoctrineGuardPlugin (for Doctrine).
For Symfony v1.2, see Day 13 of the Jobeet tutorial to get started.
The myUser.class.php file is the session controller/storage, yes. You can create your own security module if you wish, but many use the plugins mentioned in nselikoff's answer. They're not perfect but they do a decent job. Whichever ORM use, you should definitely start with one of these plugins, and extend/improve them if you need too.
Your admin generator modules are not secured by default, no - it is up to you to implement a security layer. As an aside, don't think of admin-generated modules as exclusively for a backend/backoffice purpose, as there may be some reason for a frontend app to require one. Certainly a system you use internally at your company or at home on a local webserver doesn't need a security layer to function.
Changing the security.yml file to secure an app, module or action requires you to specify the login page in your app's settings.yml, but the security plugins will help you configure this.
Apart from what others have said, I find very useful the source code from symfonians, that resolves all these problems: http://symfonians.org/