sfDoctrineGuard question

I'm trying to do a "i forgot my password" functionality. My problem is that if i try to do a Doctrine query and send password to email it retrieves password encrypted. I look at some webs that DoctrineGuard don't have this functionality and only have register and login functionality.

Is it true?

In this case, how i ca开发者_StackOverflow中文版n do a remember password function?

thanks

From version 5.0.0 the great sfDoctrineGuard-Plugin has a built-in forgot-password module. But in the corresponding readme there is sparse info how to use it :))

[TODO: document the forgot password feature]

To use the forgot-password feature do the following (assuming you already installed the plugin and normal signin is working):

1. enable the module in settings.yml (and enable i18n as it's using it):

   all:
     .setting:
     enabled_modules: [default, sfGuardAuth, sfGuardForgotPassword]
     i18n: true
   

2. add routes in routing.yml (the automatic adding didn't work for me). And make sure you include a rule @homepage which is used for redirecting.

   sf_guard_forgot_password_change:
     url:   /forgot_password/:unique_key
     class: sfDoctrineRoute
     options: { model: sfGuardForgotPassword, type: object }
     param: { module: sfGuardForgotPassword, action: change }
     requirements:
       sf_method: [get, post]
   
   sf_guard_forgot_password:
     url:   /forgot_password
     param: { module: sfGuardForgotPassword, action: index }
   

3. enable the mailing in factories.yml (beware of differences for prod/dev env.. See also the official doc.):

   all:
     mailer:
       class: sfMailer
       param:
       logging:           %SF_LOGGING_ENABLED%
       charset:           %SF_CHARSET%
       delivery_strategy: realtime
       transport:
         class: Swift_SmtpTransport
         param:
           host:       smtp.example.com
           port:       25
           encryption: ~
           username:   test@example.com
           password:   p4ssw0rd
   

4. add senders address to app.yml (and routing which doesn't work automatic for me). Address in app.yml and factories.yml should be same, otherwise the smtp-server might complain:

    all:
     sf_guard_plugin:
       routes_register: true
       default_from_email: test@example.com
   

5. Touch the apps/your_app/modules/sfGuardForgotPassword/config/security.yml to make the request form accessible while logged out:

   secure:
     is_secure: true      
   index:
     is_secure: false       
   change:
     is_secure: false
   

6. clear the cache with ./symfony cc.

Now forget your password.

Password are hashed and then save to the database, thus you can't recover the password once it has been saved.

There are several ways you can create a "password lost" function :

• Send a new password by email (not really secure but some people like it anyway)
• Send the user an email with a reset password link (and a unique token), which either gives the user a new password, or allow the user to enter a new password.

If I recall reading right, the sfDoctrineGuard doesn't have a "getPassword" method that would do what it needs to... retrieve the password unencrypted.

I'm using DuoSRX's first recommendation: creating a new password, saving it with $user->setPassword (which handles salting & hashing automatically), and emailing it to the user. The user is then advised to login and create a new password.