0

I have created a simple application with symfony2. the user can login with his/her username and password. I have created a simple view for login screen and then i check the user credintials in my controller. I havent used the symfony2 security. here is my controller code :-

namespace College\UserBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;

use College\UserBundle\Entity\User;
use College\UserBundle\Entity\Usertype;
use College\UserBundle\Form\LoginForm;
use College\UserBundle\Form\RegisterForm;


class UserController extends Controller
{

public function indexAction()
{
$entity = new User();
    $form = $this->createForm(new LoginForm(), $entity);
    $request = $this->getRequest();

    if ($request->getMethod() == 'POST') {
        $form->bindRequest($request);
        if ($form->isValid()) {
        $em = $this->getDoctrine()
              ->getEntityManager();
        $em->persist($entity);
        $userrepository = $em->getRepository('CollegeUserBundle:User');
        $auth = $userrepository->findOneBy(array('login' => $entity->getLogin(), 'password' => $entity->getPassword()));
        if($auth)
        {

            $session = $this->getRequest()->getSession();
            $session->set('user', $auth);
            $this->get('session')->setFlash('notice', 'You Have Successfully Logged In!');
            return $this->redirect($this->generateUrl('CollegeUserBundle_home'));

        }
        else
        return $this->render('CollegeUserBundle:User:loginpage.html.twig',array(
                'form' => $form->createView(), 'error' => 'Please Correct Your Login Details And Enter the Correct login and Password', ));
        }
     }

     return $this->render('CollegeUserBundle:User:loginpage.html.twig',array(
        'form' => $form->createView()
    ));
}



public function loginAction()
{
    $session = $this->get('session')->get('user');
    return $this->render('CollegeUserBundle:User:home.html.twig', array(
                 'info'      => $session,));
}

public function logoutAction()
{
     $this->get('request')->getSession()->invalidate();
     return $this->redirect($this->generateUrl('CollegeUserBundle_index'));
}

Routing.yml

CollegeUserBundle_index:
    pattern:  /
    defaults: { _controller: CollegeUserBundle:User:index }
    requirements:
        _method:  GET|POST

CollegeUserBundle_home:
    pattern:  /home
    defaults: { _controller: CollegeUserBundle:User:login }
    requirements:
        _method:  GET|POST

CollegeUserBundle_logout:
    pattern:  /logout
    defaults: { _controller: CollegeUserBundle:User:logout }
    requirements:
        _method:  GET

Entity (User.php)

 This file contains all user details including Username, Created Date, login, password and usertype.

Now I want to do everything Authentication and autherization with symfony security. I read the tutorial but couldn't understand everything. like how can i authenticate with my same controller, how it takes ADMIN_ROLE, USER_ROLE, Do I need to create a table for these ROLES. I have a lot of Confusions related to this topic. I found the tutorial great till now, but here i am Lost and need someone who can help me with it.

CSchulz
  • 10,882
  • 11
  • 60
  • 114
ScoRpion
  • 11,364
  • 24
  • 66
  • 89
  • 1
    What's exactly the question? Be more specific so we can help :) – gremo Apr 20 '12 at 13:48
  • @Gremo I am very thankful for ur response. I want a Guide to do proper authentication, and dont want anyone to access any of my pages unless he has logged in. I have writen the code above, I will feel happy if someone can help me to modify the same code rather then writing the login code again.. Thanks a lot – ScoRpion Apr 23 '12 at 05:27

1 Answers1

2

Look at my security.yml, my users have to login if they want to see any page (else they're redirecting to the login form)

firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false
    login:
        pattern:   ^/(login$|register|resetting) 
        anonymous: true                          
    main:
        pattern: ^/                      
        form_login:                      
            login_path: /login              
            check_path: /login_check            
            username_parameter: _login
            password_parameter: _password
        remember_me:
            key:         %secret%       
        anonymous:       false           
        provider:        main
        logout:          true            
        logout:
            path: /logout
            target: /

Be carefull about the username and password parameter, they must be the same as the name of your username and password field name's of your login form.

And about the Roles, i created a role entity (table) with a many-to-many relation with my user entity. So the role entity is just a table with my roles and their id's for the relation table.

Hope i'm clear and i help you.

Snroki
  • 2,424
  • 1
  • 20
  • 28
  • Thanks for your response,Can u make me understand the perematers that u have used here and if possible show me the role entity code, and table. it will be great if u can mail me a mail on scorpion.schizo@gmail.com – ScoRpion Apr 24 '12 at 10:19
  • About the parameters you have the login firewall which allow anonymous (else nobody could login on your website), and the main firewall take care about everything else, so in my case that mean no anonymous. With this firewall all anonymous are redirected on the login page no matter what page they try to access. (I'll send you an email with more detail on role/user relation) – Snroki Apr 24 '12 at 13:39