sfDoctrineGuard question
I'm trying to do a "i forgot my password" functionality. My problem is that if i try to do a Doctrine query and send password to email it retrieves password encrypted. I look at some webs that DoctrineGuard don't have this functionality and only have register and login functionality.
Is it true?
In this case, how i ca开发者_StackOverflow中文版n do a remember password function?
thanks
From version 5.0.0 the great sfDoctrineGuard-Plugin has a built-in forgot-password module. But in the corresponding readme there is sparse info how to use it :))
[TODO: document the forgot password feature]
To use the forgot-password feature do the following (assuming you already installed the plugin and normal signin is working):
enable the module in
settings.yml
(and enable i18n as it's using it):all: .setting: enabled_modules: [default, sfGuardAuth, sfGuardForgotPassword] i18n: true
add routes in routing.yml (the automatic adding didn't work for me). And make sure you include a rule @homepage which is used for redirecting.
sf_guard_forgot_password_change: url: /forgot_password/:unique_key class: sfDoctrineRoute options: { model: sfGuardForgotPassword, type: object } param: { module: sfGuardForgotPassword, action: change } requirements: sf_method: [get, post] sf_guard_forgot_password: url: /forgot_password param: { module: sfGuardForgotPassword, action: index }
enable the mailing in
factories.yml
(beware of differences for prod/dev env.. See also the official doc.):all: mailer: class: sfMailer param: logging: %SF_LOGGING_ENABLED% charset: %SF_CHARSET% delivery_strategy: realtime transport: class: Swift_SmtpTransport param: host: smtp.example.com port: 25 encryption: ~ username: test@example.com password: p4ssw0rd
add senders address to
app.yml
(and routing which doesn't work automatic for me). Address in app.yml and factories.yml should be same, otherwise the smtp-server might complain:all: sf_guard_plugin: routes_register: true default_from_email: test@example.com
Touch the
apps/your_app/modules/sfGuardForgotPassword/config/security.yml
to make the request form accessible while logged out:secure: is_secure: true index: is_secure: false change: is_secure: false
clear the cache with
./symfony cc
.
Now forget your password.
Password are hashed and then save to the database, thus you can't recover the password once it has been saved.
There are several ways you can create a "password lost" function :
- Send a new password by email (not really secure but some people like it anyway)
- Send the user an email with a reset password link (and a unique token), which either gives the user a new password, or allow the user to enter a new password.
If I recall reading right, the sfDoctrineGuard doesn't have a "getPassword" method that would do what it needs to... retrieve the password unencrypted.
I'm using DuoSRX's first recommendation: creating a new password, saving it with $user->setPassword (which handles salting & hashing automatically), and emailing it to the user. The user is then advised to login and create a new password.
精彩评论