[HacktionLab] secure php login

[ekes]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21/11/14 22:50, penguin wrote:
> On 21/11/14 14:42, ekes wrote:
>> That's the front-end forms and probably explains the sort of 
>> authentication you want; but not what you want to do with the 
>> authorization. Even at its simplest you want two options on
>> routes - authenticated / not authenticated?
> 
> I have a similar want - in addition to logged in / no logged in, I 
> want to know who is logged in (e.g. a user ID available from a 
> session?). Does Symfony2's Security Component. I know I could just 
> RTFM, but normally when I do, being a bear of little brain, I
> don't really understand the FM. So if someone knows the answer off
> the top of their head, a reply would be much appreciated. If I know
> it's possible, at least I won't be going down a blind alley.

So the component on it's own will do the authentication, and
authorization based on roles and so forth; but you'd still need a user
component - this can be as simple as some users specified in a config
file; or it can be another supplied by another package.

See also forthcoming follow-up mail to Yoss...

ekes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUcx+3AAoJEChuOxNOQFoZtN4QAJVVYDG+qP+l49LpasGoeaFd
8NSBhl1W46T9Ku72iDcNbiP7U+/pis9T6VJE779kIAcHbvBUPt+N953uHa5h4AN/
ZF6mMp5Q3GFIJyIhmBBK5/e9hho6JcVpeoShHtohu+sb5O5OujkTOGqV1EoYl/Ue
TgRhwdlm6iZ6lf9Aw8v4iCSi69AVDrHjhrTWKBCYMHJ77n8kQRDoia+b7ZugzWlp
U7CxUePWcHeRp1LlNXbAE6nivp4+X3U3KepQLLGB0UWOLjwYOuEEztJuYIKDPQWa
MLYQQA0VREx1F4efeh9CJJ11ppLfRQ1msNIp5TT1TxQILVFMya2K7RcJwhXD2Noh
7aX51JWWCMI/ONZR194bbnNmyO9Xdm/1Nxhqx4BQOsBFV2MoUWXx9d1aoRb2Jkcf
VdU7fboie6drxl6g/P+tpFDgmtKO5qOwB3ZcVkSD2cUADY84YpgS58eUAQOv5C6g
vqbqSWcOXCSLaL11V8K+Qk6VTTFlfuxhD+0V3AQKOJBADpJJThdQ4e8/Gxv2KF7i
J5z650rhSZIHkYE28MUgPVpowMgfi51qhslval2RafJdIhf6HHCknc/G4FQ+0m5s
NHluXBEa4xyMoea0Hj2oKbVnm+moOIMy5qlL1BFUrSNZBTsYSV4ftiA4lmP1bdyN
kmO6N2UdI7czZDk3vWwN
=Xpih
-----END PGP SIGNATURE-----