I want to move to Symfony2, because I am totally impressed by its modernity and good programming.
Now I am taking a users table from my old system, with 10,000 users, and I don't want to anger them by making them set a new password....so I want them to be able to login with their old password
Here is pseudo-code of how my users table looks like with 3 major fields concerning login/signup:
id, int(10) unsigned NOT NULL
username varchar(40) NOT NULL
passhash varchar(32) NOT NULL
secret varchar(20) NOT NULL
on signup, the data gets generated this way:
$secret = mksecret ();
$passhash = md5 ($secret . $password_formfield . $secret);
on login, the data gets checked the following way:
if ($row['passhash'] != md5 ($row['secret'] . $password_formfield . $row['secret']))
{
//show login error
}
So how do I handle it best in FOSUserBundle, without having to edit too many files?
You need to create a custom password encoder:
<?php
use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder;
class MyPasswordEncoder extends BasePasswordEncoder
{
public function encodePassword($raw, $salt)
{
return md5($salt.$raw.$salt);
}
public function isPasswordValid($encoded, $raw, $salt)
{
return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
}
}
And configure it in security.yml:
services:
my_password_encoder:
class: MyPasswordEncoder
security:
encoders:
FOS\UserBundle\Model\UserInterface: { id: my_password_encoder }
As long as User::getSalt() returns secret and User::getPassword() returns passhash you should be good to go.
It is very easy to do with FOSUserBundle. This is the code for it:
$userManager = $this->get('fos_user.user_manager');
foreach ($items as $item) {
$newItem = $userManager->createUser();
//$newItem->setId($item->getObjId());
// FOSUserBundle required fields
$newItem->setUsername($item->getUsername());
$newItem->setEmail($item->getEmail());
$newItem->setPlainPassword($item->getPassword()); // get original password
$newItem->setEnabled(true);
$userManager->updateUser($newItem, true);
}
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 放荡不羁爱自由 的文章《FOSUserBundle: Custom password / Migration from ol》','https://www.manongdao.com/article-302141.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}