I am facing a problem to remember user login in modx revolution. I am using login extra with MODX Revolution 2.2.8-pl (traditional). i am trying to set user login for a week.
I have set system setting
session_cookie_lifetime = 1209600
session_gc_maxlifetime = 1209600
When i am loging i got below array in $scriptProperties
Array
(
[actionKey] => service
[contexts] => web,Danish,German,Swedish,Serbian,Italian,French,Russian,Spanish
[errTpl] => lgnErrTpl
[errTplType] => modChunk
[loginKey] => login
[loginMsg] =>
[loginResourceId] => 1
[loginResourceParams] =>
[loginTpl] => tplLogin
[logoutKey] => logout
[logoutMsg] =>
[logoutResourceId] => 0
[logoutResourceParams] =>
[logoutTpl] => lgnLogoutTpl
[postHooks] =>
[preHooks] =>
[recaptchaTheme] => clean
[redirectToOnFailedAuth] =>
[redirectToPrior] =>
[rememberMeKey] => rememberme
[toPlaceholder] =>
[tplType] => modChunk
)
if i login with check remember me option and i restart my computer it is showing me that i am log out!. if i restart my browser it showing me login but if i restart my computer it showing me log out!
Update
I have printed cookie and it showing that PHPSESSID is set but it showing me that i am logout.
Is there anything that i need to set or is there anything that i have missed?
Any help will be highly appreciated .
Thanks,
Awlad
Just change session_cookie_lifetime in system settings http://rtfm.modx.com/revolution/2.x/administering-your-site/settings/system-settings/session_cookie_lifetime
Related
I'm trying to build a simple login using symofny/security package in Silex, but I have a small problem with authentication checking.
The structure:
/
/login
/admin
/login_check
/logout
In order to get to the /admin route user needs to be authenticated, if he's not, he gets redirected to /login form, which then, as recommended, is asking admin/login_check for authentication (that's all provided by symofny's security firewalls).
The firewalls configuration:
'security.firewalls' => array(
'login' => array(
'pattern' => '^/login$',
),
'admin' => array(
'pattern' => '^/admin',
'http' => true,
'form' => array(
'login_path' => '/login',
'check_path' => '/admin/login'
),
'logout' => array(
'logout_path' => '/admin/logout',
'invalidate_session' => true
),
'users' => ...
),
)
Everything works fine, but the user can enter the /login route even-though he's already authenticated, which is not that bad, but I'd like to avoid it. I tired to check the user authentication status, but I guess it does not work as I'm checking it on /login controller, which is not in "secured" area of the website.
Here's the code:
public function index(Request $request, Application $app)
{
if ($app['security.authorization_checker']->isGranted('ROLE_ADMIN')) {
return $app->redirect($app['url_generator']->generate('admin'));
}
return $app['twig']->render('login/index.twig', array(
'error' => $app['security.last_error']($request),
'last_username' => $app['session']->get('_security.last_username'),
));
}
That throws an error: The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL. So, the question, is there any way to do this using symfony/security natively (without any walk-arounds)? or is it somehow possible to create the /login route inside secured area with possibility to access it even-though the user is not logged in (e.g. make an exception for GET request) which would solve the problem?
UPDATE
I've also added the firewall configuration for /login page with an option anonymous: true, which resulted in not throwing an error anymore, but yet, when I'm logged in on the /admin route, method isGranted('ROLE_ADMIN') results in true, whereas on /login route it results in false (I'm still logged in there).
You can easily understand the behavior of the security component by dumping the current token.
public function index(Request $request, Application $app)
{
var_dump($application['security.token_storage']->getToken());
}
When you don't set anonymous option for login page (by default it is false):
null
When you set anonymous option for login page to true:
object(Symfony\Component\Security\Core\Authentication\Token\AnonymousToken)
private 'secret' => string 'login' (length=5)
private 'user' (Symfony\Component\Security\Core\Authentication\Token\AbstractToken) => string 'anon.' (length=5)
private 'roles' (Symfony\Component\Security\Core\Authentication\Token\AbstractToken) =>
array (size=0)
empty
private 'authenticated' (Symfony\Component\Security\Core\Authentication\Token\AbstractToken) => boolean true
private 'attributes' (Symfony\Component\Security\Core\Authentication\Token\AbstractToken) =>
array (size=0)
empty
Following example describes why you are getting error in your initial code example.
How to share security token?
To share security token between multiple firewalls you have to set the same Firewall Context.
SecurityServiceProvider registers context listener for protected firewall you have declared with pattern security.context_listener.<name>. In your example it is registered as security.context_listener.admin. Thus context you want to use is named admin.
Also a firewall context key is stored in session, so every firewall using it must set its stateless option to false.
What is more, to invoke authentication on login page the anonymous option must be set to true
'security.firewalls' => array(
'login' => array(
'context' => 'admin',
'stateless' => false,
'anonymous' => true,
'pattern' => '^/login$',
),
'admin' => array(
'context' => 'admin',
'stateless' => false,
'pattern' => '^/admin',
'http' => true,
'form' => array(
'login_path' => '/login',
'check_path' => '/admin/login'
),
'logout' => array(
'logout_path' => '/admin/logout',
'invalidate_session' => true
),
'users' => ...
),
)
After the change, if you are logged in on admin panel and login page you will get an instance of Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken as a token and
Symfony\Component\Security\Core\Authentication\Token\AnonymousToken if you are not logged in.
Because of that, you can safely check permission using $app['security.authorization_checker']->isGranted('ROLE_ADMIN') and get the same results on both firewalls.
I have to send a lot of emails distributed over the whole day with ZF2 and I'm using Zend\Mail\Transport\Smtp. I have the mails in a queue table and once a minute I want to send them. Everything works fine until 5th email, where I receive an error : Zend\Mail\Protocol\Exception\RuntimeException
4.7.0 Too many RSET commands; closing connection
I guess this is coming from the smtp server. But why does ZF2-Smtp reset each message? I don't know where to start debugging the problem and if you need more informations just let me know. Thx for any help...
What I'm using is:
$transport = new SmtpTransport();
$options = new SmtpOptions(array(
'host' => $config['mail_options']['server'],
'port' => $config['mail_options']['port'],
'connection_class' => 'login',
'connection_config' => array(
'username' => $config['mail_options']['smtp_user'],
'password' => $config['mail_options']['smtp_password'],
'ssl' => $config['mail_options']['ssl'],
),
));
foreach ($queuedMails as $queuedMail) {
$message = new Message();
$message->addTo($data['to'])
->addFrom($config['mail_options']['from'], $config['mail_options']['from_name'])
->setSubject($data['subject'])
->setBody(utf8_decode($data['body']))
->setEncoding('utf-8');
$transport->setOptions($options);
$transport->send($message);enter code here
}
Should I place the $transport into the foreach?
I install the hybridauth on windows IIS, and setup the hybridauth\config.php as below:
array(
"base_url" => "http:///hybridauth/",
"providers" => array (
.....
"Google" => array (
"enabled" => true,
"keys" => array ( "id" => "<myappkey>", "secret" => "<myappsecret>" ),
"scope" => "email"
),
)
But when I click "Sign-in with Google" in http:///examples/social_hub/login.php, it just redirect me to http:///hybridauth/?hauth.start=Google&hauth.time=1401608000 which show the files under "localhost - /hybridauth/"
Anyone know how to fix it?
Thank you!
1) i am not sure if your scope is properly set up (you should have probably set it to "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email"
2) did you set up the return address in google api correct?
I'm currently using the examples found here http://zf2.readthedocs.org/en/latest/modules/zend.session.manager.html
In my autoload/global.php file I have the following:
'session' => array(
'config' => array(
'class' => 'Zend\Session\Config\SessionConfig',
'options' => array(
'name' => 'otwebsoft',
'save_path' => __DIR__ . '/../../data/session',
'use_cookies' => true,
'cookie_lifetime' => 3600,
'cookie_httponly' => true,
'cookie_secure' => false,
'remember_me_seconds' => 1800
)
),
'storage' => 'Zend\Session\Storage\SessionArrayStorage',
'validators' => array(
array(
'Zend\Session\Validator\RemoteAddr',
'Zend\Session\Validator\HttpUserAgent'
)
)
)
I like how that the session expires after X amount of time and if the user was logged in, upon a page refresh the user is then automagically logged out and they must login again. However, I would like it so that if the user continues to surf the site, after X amount of time the session isn't killed off but perhaps just regenerated or something so that they are not forced to log back in again.
I am just not certain how or if this is possible to do both scenarios. If this is not possible, I could just raise the X time for session lifetime and live with that.
Does anyone have any ideas I could try?
Set cookie lifetime to 0:
'cookie_lifetime' => 0
it will tell the browser to kill the cookie only after the browser is closed.
And define the server session storage lifetime:
'gc_maxlifetime' => 3600
So after 1 hour of inactivity the session storage will be cleaned up.
I'm trying to get Paypal SetExpressCheckout operation to add first and last name for billing. I'm using ActiveMerchant. I'm seeing the address field pre-populated (street, state, city,zip-code) but nothing else.
#### gateway ######
gateway = ActiveMerchant::Billing::PaypalExpressGateway.new(:login => 'login',:password => 'pass',:signature => 'sig')
### options ######
#options = Hash.new
#options.merge!(:ip => '127.0.0.1')
#options.merge!(:return_url => '127.0.0.1')
#options.merge!(:return_url => 'http://www.google.com')
#options.merge!(:cancel_return_url => 'http://www.google.com')
#options.merge!(:name => 'name')
#options.merge!(:description => 'description')
#options.merge!(:max_amount => 5000)
#options.merge!(:solution_type => 'Sole')
#options.merge!(:no_shipping => 1)
#options.merge!(:address_override => 1)
### build address
#address = Hash.new
#address.merge!(:name => "Joe User")
#address.merge!(:address1 => "111 ABCD EFG")
#address.merge!(:address2 => nil)
#address.merge!(:city => "Fremont")
#address.merge!(:state => "CA")
#address.merge!(:country => "US")
#address.merge!(:phone => "408-111-2222")
#options.merge!(:address => #address)
setup_response = gateway.setup_purchase(5000, #options)
redirect_to gateway.redirect_url_for(setup_response.token)
On the resultant page, I'm not seeing the name pre-filled for billing.
What am I doing wrong?
Thanks
I had the same issue as you did. After some research I came to the conclusion that this is a bug in ActiveMerchant. Please see the issue that I filed. It includes an explanation of how I patched my code to make phone number and names work:
https://github.com/Shopify/active_merchant/issues/161