普通网友 2018-02-16 09:29
浏览 78
已采纳

在symfony 3.4中的FosUser登录中添加Captcha

I have a functionally Login with FosUser.

Now, I am trying to add any captcha to the login generated by FosUser, I am working with Symfony 3.4.4

I've researched some links like:

  1. ReCaptcha with this tutorial, but I don't know how to overwrite the check login to add the validation.

  2. EWZRecaptchaBundle I did not found any sample with FOsUser

  3. BotDetect or CaptchaBundle seems to require a lot of memory to generate the captcha. Then is not my option because my prod environment is a shared hosting

Any help or suggestion are welcome

Greetings

  • 写回答

1条回答 默认 最新

  • duanjiang7505 2018-02-19 21:47
    关注

    Finally I solve my problem using the option 1 from my post and changing the extending to /src/UserBundle/Controller/SecurityController.php and changing the LoginAction

    <?php 
 public function loginAction(Request $request){
    $error = Security::AUTHENTICATION_ERROR;
    $lastUsername = '';
    $isValid=false;
    $hasCaptcha=false;
    if ($_POST) {
        $lastUsername = $_POST['_username'];
        $password_plain = $_POST['_password'];
        $em = $this->getDoctrine()->getManager();
        $userManager = $this->get('fos_user.user_manager');
        $user =$userManager ->findUserByUsernameOrEmail($lastUsername);

        if ($this->captchaverify($request->get('g-recaptcha-response'))) {
            $hasCaptcha=true;
        } else {
            $error="Captcha is not Valid";
        }
        if($hasCaptcha){

            if($user){
                $factory = $this->container->get('security.encoder_factory');
                $encoder = $factory->getEncoder($user);
                if($encoder->isPasswordValid($user->getPassword(),$password_plain,$user->getSalt())){
                    $token = new UsernamePasswordToken($user, null, 'main', $user->getRoles());
                    $this->get('security.token_storage')->setToken($token);
                    return $this->redirectToRoute('homepage');
                } else {
                    $error="password is not Valid";
                }
            }else{
               $error="user is not Valid";
            }
        }
    }

    return $this->renderLogin(array(
        'last_username' => $lastUsername,
        'error'         => $error,
    ));
}

function captchaverify($recaptcha){
        $url = "https://www.google.com/recaptcha/api/siteverify";
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); 
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, array(
            "secret"=>"xxxxxxxx","response"=>$recaptcha));
        $response = curl_exec($ch);
        curl_close($ch);
        $data = json_decode($response);     

    return $data->success;        
}
    1. Also needed to change the security.yml at 'login_path' and 'check_path' with value 'new_login' that is a new route to Login Action
    firewalls:
    dev:
        pattern: ^/(_(profiler|wdt|error)|css|images|js)/
        security: false
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            default_target_path: homepage
            csrf_token_generator: security.csrf.token_manager
            login_path: new_login
            check_path: new_login
    1. at my view I added:
    <script src='https://www.google.com/recaptcha/api.js?hl=es'></script>
    1. inside the form:
    <div class="g-recaptcha" data-sitekey="xxxxxx"></div>

    Hope to help any in the same dilemma

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 C++ 头文件/宏冲突问题解决
  • ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
  • ¥50 安卓adb backup备份子用户应用数据失败
  • ¥20 有人能用聚类分析帮我分析一下文本内容嘛
  • ¥15 请问Lammps做复合材料拉伸模拟,应力应变曲线问题
  • ¥30 python代码,帮调试
  • ¥15 #MATLAB仿真#车辆换道路径规划
  • ¥15 java 操作 elasticsearch 8.1 实现 索引的重建
  • ¥15 数据可视化Python
  • ¥15 要给毕业设计添加扫码登录的功能!!有偿