开发者

sfDoctrineGuard question

I'm trying to do a "i forgot my password" functionality. My problem is that if i try to do a Doctrine query and send password to email it retrieves password encrypted. I look at some webs that DoctrineGuard don't have this functionality and only have register and login functionality.

Is it true?

In this case, how i ca开发者_StackOverflow中文版n do a remember password function?

thanks


From version 5.0.0 the great sfDoctrineGuard-Plugin has a built-in forgot-password module. But in the corresponding readme there is sparse info how to use it :))

[TODO: document the forgot password feature]

To use the forgot-password feature do the following (assuming you already installed the plugin and normal signin is working):

  1. enable the module in settings.yml (and enable i18n as it's using it):

    all:
      .setting:
      enabled_modules: [default, sfGuardAuth, sfGuardForgotPassword]
      i18n: true
    
  2. add routes in routing.yml (the automatic adding didn't work for me). And make sure you include a rule @homepage which is used for redirecting.

    sf_guard_forgot_password_change:
      url:   /forgot_password/:unique_key
      class: sfDoctrineRoute
      options: { model: sfGuardForgotPassword, type: object }
      param: { module: sfGuardForgotPassword, action: change }
      requirements:
        sf_method: [get, post]
    
    sf_guard_forgot_password:
      url:   /forgot_password
      param: { module: sfGuardForgotPassword, action: index }
    
  3. enable the mailing in factories.yml (beware of differences for prod/dev env.. See also the official doc.):

    all:
      mailer:
        class: sfMailer
        param:
        logging:           %SF_LOGGING_ENABLED%
        charset:           %SF_CHARSET%
        delivery_strategy: realtime
        transport:
          class: Swift_SmtpTransport
          param:
            host:       smtp.example.com
            port:       25
            encryption: ~
            username:   test@example.com
            password:   p4ssw0rd
    
  4. add senders address to app.yml (and routing which doesn't work automatic for me). Address in app.yml and factories.yml should be same, otherwise the smtp-server might complain:

     all:
      sf_guard_plugin:
        routes_register: true
        default_from_email: test@example.com
    
  5. Touch the apps/your_app/modules/sfGuardForgotPassword/config/security.yml to make the request form accessible while logged out:

    secure:
      is_secure: true      
    index:
      is_secure: false       
    change:
      is_secure: false
    
  6. clear the cache with ./symfony cc.

Now forget your password.


Password are hashed and then save to the database, thus you can't recover the password once it has been saved.

There are several ways you can create a "password lost" function :

  • Send a new password by email (not really secure but some people like it anyway)
  • Send the user an email with a reset password link (and a unique token), which either gives the user a new password, or allow the user to enter a new password.


If I recall reading right, the sfDoctrineGuard doesn't have a "getPassword" method that would do what it needs to... retrieve the password unencrypted.

I'm using DuoSRX's first recommendation: creating a new password, saving it with $user->setPassword (which handles salting & hashing automatically), and emailing it to the user. The user is then advised to login and create a new password.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜