普通网友 2018-02-16 09:29
浏览 78
已采纳

在symfony 3.4中的FosUser登录中添加Captcha

I have a functionally Login with FosUser.

Now, I am trying to add any captcha to the login generated by FosUser, I am working with Symfony 3.4.4

I've researched some links like:

  1. ReCaptcha with this tutorial, but I don't know how to overwrite the check login to add the validation.

  2. EWZRecaptchaBundle I did not found any sample with FOsUser

  3. BotDetect or CaptchaBundle seems to require a lot of memory to generate the captcha. Then is not my option because my prod environment is a shared hosting

Any help or suggestion are welcome

Greetings

  • 写回答

1条回答 默认 最新

  • duanjiang7505 2018-02-19 21:47
    关注

    Finally I solve my problem using the option 1 from my post and changing the extending to /src/UserBundle/Controller/SecurityController.php and changing the LoginAction

    <?php 
     public function loginAction(Request $request){
        $error = Security::AUTHENTICATION_ERROR;
        $lastUsername = '';
        $isValid=false;
        $hasCaptcha=false;
        if ($_POST) {
            $lastUsername = $_POST['_username'];
            $password_plain = $_POST['_password'];
            $em = $this->getDoctrine()->getManager();
            $userManager = $this->get('fos_user.user_manager');
            $user =$userManager ->findUserByUsernameOrEmail($lastUsername);
    
            if ($this->captchaverify($request->get('g-recaptcha-response'))) {
                $hasCaptcha=true;
            } else {
                $error="Captcha is not Valid";
            }
            if($hasCaptcha){
    
                if($user){
                    $factory = $this->container->get('security.encoder_factory');
                    $encoder = $factory->getEncoder($user);
                    if($encoder->isPasswordValid($user->getPassword(),$password_plain,$user->getSalt())){
                        $token = new UsernamePasswordToken($user, null, 'main', $user->getRoles());
                        $this->get('security.token_storage')->setToken($token);
                        return $this->redirectToRoute('homepage');
                    } else {
                        $error="password is not Valid";
                    }
                }else{
                   $error="user is not Valid";
                }
            }
        }
    
        return $this->renderLogin(array(
            'last_username' => $lastUsername,
            'error'         => $error,
        ));
    }
    
    function captchaverify($recaptcha){
            $url = "https://www.google.com/recaptcha/api/siteverify";
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLOPT_HEADER, 0);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); 
            curl_setopt($ch, CURLOPT_POST, true);
            curl_setopt($ch, CURLOPT_POSTFIELDS, array(
                "secret"=>"xxxxxxxx","response"=>$recaptcha));
            $response = curl_exec($ch);
            curl_close($ch);
            $data = json_decode($response);     
    
        return $data->success;        
    }
    

    1. Also needed to change the security.yml at 'login_path' and 'check_path' with value 'new_login' that is a new route to Login Action

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt|error)|css|images|js)/
            security: false
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                default_target_path: homepage
                csrf_token_generator: security.csrf.token_manager
                login_path: new_login
                check_path: new_login
    
    1. at my view I added:

    <script src='https://www.google.com/recaptcha/api.js?hl=es'></script>
    
    1. inside the form:

    <div class="g-recaptcha" data-sitekey="xxxxxx"></div>
    

    Hope to help any in the same dilemma

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥50 如何用单纯形法寻优不能精准找不到给定的参数,并联机构误差识别,给定误差有7个?matlab
  • ¥15 workstation加载centos进入emergency模式,查看日志报警如图,没有XFS,怎样解决呢?
  • ¥20 求各位解释一道区间DP
  • ¥15 应用商店如何检测在架应用内容是否违规?
  • ¥15 Ubuntu系统配置PX4
  • ¥50 nw.js调用activex
  • ¥15 数据库获取信息反馈出错,直接查询了ref字段并且还使用了User文档的_id而不是自己的
  • ¥15 将安全信息用到以下对象时发生以下错误:c:dumpstack.log.tmp 另一个程序正在使用此文件,因此无法访问
  • ¥15 速度位置规划实现精确定位的问题
  • ¥15 MAC虚拟机(win11)USB插上后无串口com,无法烧录