Професионална програма
Loading...
Martina_Shebova avatar Martina_Shebova 10 Точки

Login формата не работи

Здравейте,

логина ми не работи, гледах какво се случва като се опитам да се логна в файла dev.log и там изписва следната грешка:

security.INFO: Authentication request failed. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException(code: 0): Bad credentials. at C:\\Users\\User\\Desktop\\Mars_BattleGround_2031\\vendor\\symfony\\symfony\\src\\Symfony\\Component\\Security\\Core\\Authentication\\Provider\\UserAuthenticationProvider.php:90, Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException(code: 0): The presented password is invalid. at C:\\Users\\User\\Desktop\\Mars_BattleGround_2031\\vendor\\symfony\\symfony\\src\\Symfony\\Component\\Security\\Core\\Authentication\\Provider\\DaoAuthenticationProvider.php:67)"} []

Security Controller:

<?php

namespace MarsGameBundle\Controller;

use MarsGameBundle\Entity\Player;
use MarsGameBundle\Form\PlayerType;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Component\HttpFoundation\Request;

/**
 * Controller used to manage the application security.
 * See http://symfony.com/doc/current/cookbook/security/form_login_setup.html.
 *
 * @author Ryan Weaver <weaverryan@gmail.com>
 * @author Javier Eguiluz <javier.eguiluz@gmail.com>
 */
class SecurityController extends Controller
{
    /**
     * @Route("/login", name="security_login")
     */
    public function loginAction()
    {
        return $this->render('security/login.html.twig');
    }

    /**
     * This is the route the user can use to logout.
     *
     * But, this will never be executed. Symfony will intercept this first
     * and handle the logout automatically. See logout in app/config/security.yml
     *
     * @Route("/logout", name="security_logout")
     */
    public function logoutAction()
    {
        throw new \Exception('This should never be reached!');
    }
}

Security.yml

security:
    encoders:
        # Our user class and the algorithm we'll use to encode passwords
        # http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
        MarsGameBundle\Entity\Player: bcrypt

    providers:
        # in this example, users are stored via Doctrine in the database
        # To see the users at src/AppBundle/DataFixtures/ORM/LoadFixtures.php
        # To load users from somewhere else: http://symfony.com/doc/current/cookbook/security/custom_provider.html
        database_users:
            entity: { class: MarsGameBundle:Player, property: username }

    # http://symfony.com/doc/current/book/security.html#firewalls-authentication
    firewalls:
        secured_area:
            # this firewall applies to all URLs
            pattern: ^/

            # but the firewall does not require login on every page
            # denying access is done in access_control or in your controllers
            anonymous: true

            # This allows the user to login by submitting a username and password
            # Reference: http://symfony.com/doc/current/cookbook/security/form_login_setup.html
            form_login:
                # The route name that the login form submits to
                check_path: security_login
                # The name of the route where the login form lives
                # When the user tries to access a protected page, they are redirected here
                login_path: security_login
                # Secure the login form against CSRF
                # Reference: http://symfony.com/doc/current/cookbook/security/csrf_in_login_form.html
                csrf_token_generator: security.csrf.token_manager

            logout:
                # The route name the user can go to in order to logout
                path: security_logout
                # The name of the route to redirect to after logging out
                target: home_index


    access_control:
        # this is a catch-all for the admin area
        # additional security lives in the controllers
#        - { path: '^/(%locale%)/admin', roles: ROLE_ADMIN }
security:
    encoders:
        # Our user class and the algorithm we'll use to encode passwords
        # http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
        MarsGameBundle\Entity\Player: bcrypt

    providers:
        # in this example, users are stored via Doctrine in the database
        # To see the users at src/AppBundle/DataFixtures/ORM/LoadFixtures.php
        # To load users from somewhere else: http://symfony.com/doc/current/cookbook/security/custom_provider.html
        database_users:
            entity: { class: MarsGameBundle:Player, property: username }

    # http://symfony.com/doc/current/book/security.html#firewalls-authentication
    firewalls:
        secured_area:
            # this firewall applies to all URLs
            pattern: ^/

            # but the firewall does not require login on every page
            # denying access is done in access_control or in your controllers
            anonymous: true

            # This allows the user to login by submitting a username and password
            # Reference: http://symfony.com/doc/current/cookbook/security/form_login_setup.html
            form_login:
                # The route name that the login form submits to
                check_path: security_login
                # The name of the route where the login form lives
                # When the user tries to access a protected page, they are redirected here
                login_path: security_login
                # Secure the login form against CSRF
                # Reference: http://symfony.com/doc/current/cookbook/security/csrf_in_login_form.html
                csrf_token_generator: security.csrf.token_manager

            logout:
                # The route name the user can go to in order to logout
                path: security_logout
                # The name of the route to redirect to after logging out
                target: home_index


    access_control:
        # this is a catch-all for the admin area
        # additional security lives in the controllers
#        - { path: '^/(%locale%)/admin', roles: ROLE_ADMIN }

Прочетох в Интернет, че понякога тази грешка е от дължината на паролата, но при различен алгоритъм за криптиране. Дължината на колоната с паролата е VARCHAR 255.

Тагове:
0
PHP Web Development
netbull avatar netbull -4 Точки
$password = $this->get('security.password_encoder')->encodePassword($player, $player->getPassword());

този ред е грешен..

идеята е следната 

1-во генерираш СОЛ, която учасвта в криптирането на паролата, нещо от сорта на:

$player->setSalt(substr(md5(uniqid(rand(), true)),0,22));

2-ро създават ХАШ на паролата encodePassword метода на очаква два параметъра plaintext парола и вторият е солта:

:

$hash = $this->get('security.password_encoder')->encodePassword($plaintextPassword, $player->getSalt());

и 3-то сетваш ХАША като парола на играча

$player->setPassword($hash);
0
19/12/2016 16:27:43