Hello! I am trying to implement authentification on my site due to INVO tutorial. Add EventsManager, Session, ACL. But it have no affect on any part of my application. I understand that is somewhere mistake, but I have no idea how to test it - even If put "forward" at start of my 'bedoreDispatch".
Please, can you guide me - where can be problem? I run it on Windows with nginx+php NTS (run from binaries, not WAMP or something else). Thank you!
What I have now: In my index.php
$di->set('dispatcher', function() {
$eventsManager = new EventsManager;
$eventsManager->attach('dispatch:beforeDispatch', new SecurityPlugin);
$eventsManager->attach('dispatch:beforeException', new NotFoundPlugin);
$dispatcher = new Dispatcher();
return $dispatcher;
}); My SecurityPlugin.php
<?php
use Phalcon\Acl;
use Phalcon\Acl\Role;
use Phalcon\Acl\Resource;
use Phalcon\Acl\Adapter\Memory as AclList;
use Phalcon\Events\Event;
use Phalcon\Mvc\User\Plugin;
use Phalcon\Mvc\Dispatcher;
class SecurityPlugin extends Plugin
{
public function getAcl()
{
if (!isset($this->persistent->acl))
{
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
$roles = array(
'user' => new Role('User'),
'guest' => new Role('Guest')
);
foreach ($roles as $role)
{
$acl->addRole($role);
}
$privateResources = array(
'admin' => array('index')
);
foreach ($privateResources as $resource => $actions)
{
$acl->addResource(new Resource($resource), $actions);
}
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action){
$acl->deny('Guest', $resource, $action);
}
}
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action){
$acl->deny('User', $resource, $action);
}
}
}
}
public function beforeDispatch(Event $event, Dispatcher $dispatcher)
{
$auth = $this->session->get('auth');
if (!$auth)
{
$role = 'Guest';
}
else
{
$role = 'User';
}
$controller = $dispatcher->getControllerName();
$action = $dispatcher->getActionName();
$acl = $this->getAcl();
$allowed = $acl->isAllowed($role, $controller, $action);
$this->logger->log($allowed);
if ($allowed != ACL::ALLOW) {
//Redirect user without priviledges to main page
$dispatcher->forward(
array(
'controller' => 'index',
'action' => 'index'
)
);
return false;
}
}
}my SessionController.php
<?php
use Phalcon\Mvc\Controller;
class SessionController extends Controller
{
private function _registerSession($user)
{
$this->session->set('auth', array(
'id' => $user->id,
'name' => $user->name
));
}
public function loginAction()
{
if ($this->request->isPost())
{
$email = $this->request->getPost('email');
$password = $this->request->getPost('password');
$user = User::findFirst(array(
"email = :email: AND password = :password:",
'bind' => array('email' => $email,'password' => sha1($password))
));
$this->logger->log(sha1($password));
if ($user != false)
{
$this->_registerSession($user);
$this->logger->log('I.G.I.');
return $this->response->redirect('/admin', true);
}
return $this->response->redirect('/', true);
}
}
public function logoutAction()
{
$this->session->remove('auth');
return $this->response->redirect('/', true);
}
}