src/Controller/SecurityController.php line 97

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Repository\UserRepository;
  6. use Doctrine\ORM\EntityManager;
  7. use Doctrine\ORM\EntityManagerInterface;
  8. use Symfony\Component\HttpFoundation\Request;
  9. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  10. use Symfony\Component\HttpFoundation\Response;
  11. use Symfony\Component\Routing\Annotation\Route;
  12. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  13. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  14. use Symfony\Component\HttpFoundation\RedirectResponse;
  15. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  16. use Symfony\Component\Security\Csrf\CsrfToken;
  17. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  18. use Gregwar\Captcha\CaptchaBuilder;
  19. use Gregwar\Captcha\PhraseBuilder;
  22. class SecurityController extends AbstractController
  23. {
  24.     /**
  25.      * SecurityController constructor.
  26.      */
  27.     private $urlGenerator;
  28.     private $csrfTokenManager;
  29.     private $user_repository;
  30.     private $emailController;
  31.     private $passwordEncoder;
  33.     public function __construct(UrlGeneratorInterface $urlGeneratorCsrfTokenManagerInterface $csrfTokenManager,UserPasswordHasherInterface $passwordEncoderUserRepository $user_repository,EmailController $emailController)
  34.     {
  35.         $this->urlGenerator $urlGenerator;
  36.         $this->csrfTokenManager $csrfTokenManager;
  37.         $this->user_repository $user_repository;
  38.         $this->emailController $emailController;
  39.         $this->passwordEncoder $passwordEncoder;
  40.     }
  42.     /**
  43.      * @Route("/login", name="app_login")
  44.      */
  45.     public function login(AuthenticationUtils $authenticationUtilsRequest $requestEntityManagerInterface $em): Response
  46.     {
  51.          if ($this->getUser()) {
  53.              die(var_dump($request));
  56.              //  INSERT INTO loginhistory
  57.              $loginHistory = new \App\Entity\Loginhistory();
  58.              $loginHistory->setLogintime(new \DateTime());
  59.              $loginHistory->setUsername($this->getUser()->getUsername());
  60.              $loginHistory->setUserid($this->getUser()->getId());
  62.              die(var_dump($request));
  64.               $em->persist($loginHistory);
  65.               $em->flush();
  67.              if(in_array('ROLE_ADMIN'$this->getUser()->getRoles()))
  68.              {
  69.                  return new RedirectResponse($this->urlGenerator->generate('administration_index'));
  70.              }
  71.              else{
  72.                  return $this->redirectToRoute('frontend_index');
  73.              }
  74.          }
  76.         // get the login error if there is one
  77.         $error $authenticationUtils->getLastAuthenticationError();
  78.         // last username entered by the user
  79.         $lastUsername $authenticationUtils->getLastUsername();
  82.         return $this->render('security/login.html.twig', ['last_username' => $lastUsername'error' => $error]);
  83.     }
  85.     /**
  86.      * @Route("/logout", name="app_logout")
  87.      */
  88.     public function logout()
  89.     {
  90.         throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
  91.     }
  94.     /**
  95.      * @Route("/password-recovery-request", name="password-recovery-request")
  96.      */
  97.     public function passwordRecoveryRequest(Request $request): Response
  98.     {
  99.         $errors = [];
  100.         $email $request->get('email');
  102.         if($request->getMethod() =='POST'){
  104.             $token = new CsrfToken('passwordrecovery'$request->get('_csrf_token'));
  105.             if ($this->csrfTokenManager->isTokenValid($token)) {
  107.                 #verifichiamo che l'utente esista
  108.                 $u $this->user_repository->findOneByEmail($request->get('email'));
  109.                 if($u)
  110.                 {
  111.                     $phraseBuilder = new PhraseBuilder(9,'0123456789');
  112.                     $captcha = new CaptchaBuilder(null$phraseBuilder);
  113.                     $captcha->build();
  115.                     $values = [
  116.                         'user'=>$u,
  117.                         'captcha'=>$captcha->getPhrase()
  118.                     ];
  120.                     $this->emailController->sendEmail($email,'Modifica Password','modifica_password'$values);
  121.                     $checksum md5($email).";".md5(sha1($values['captcha']));
  122.                     return new RedirectResponse($this->urlGenerator->generate('check-password-recovery',['c'=>$checksum]));
  123.                 }
  124.                 else{
  125.                     $errors[] = 'Utente non valido.';
  126.                 }
  128.             }
  130.         }
  132.         return $this->render('security/password-recovery-request.html.twig', ['email'=>$email'errors'=>$errors]);
  133.     }
  135.     /**
  136.      * @Route("/check-password-recovery", name="check-password-recovery")
  137.      */
  138.     public function checkPasswordRecovery(Request $requestEntityManagerInterface $em): Response
  139.     {
  140.         $checksum $request->get('c');
  141.         $password1 trim($request->get('password1'));
  142.         $password2 trim($request->get('password2'));
  143.         $verifycode $request->get('verifycode');
  144.         $has_changed false;
  145.         $errors = [];
  147.         if($request->getMethod() =='POST'){
  149.             $t explode(";",$checksum);
  150.             $email $t[0];
  151.             $capcha $t[1];
  153.             if($capcha!= md5(sha1($verifycode)))
  154.             {
  155.                 $errors['verifycode'] = true;
  156.             }
  158.             if($password1!=$password2){
  159.                 $errors['password2'] = true;
  160.             }
  163.             if(!count($errors))
  164.             {
  165.                 #check che esista l'utente
  167.                 $qb $this->user_repository->createQueryBuilder('u');
  169.                 $qb->where("MD5(u.email)=:email");
  170.                 $qb->setParameter("email",$email);
  172.                 $user $qb->getQuery()->getOneOrNullResult();
  174.                 if(is_null($user)){
  175.                     throw new \Exception('Utenza non valida');
  176.                 }
  177.                 else{
  179.                     #registriamo la nuova password
  180.                     $user->setPassword($this->passwordEncoder->hashPassword($user,$password1));
  181.                     $em->persist($user);
  182.                     $em->flush();
  183.                     $has_changed true;
  184.                 }
  185.             }
  186.         }
  188.         return $this->render('security/password-recovery.html.twig', ['has_changed'=>$has_changed'errors'=>$errors'verifycode'=>$verifycode,'password1'=>$password1,'password2'=>$password2'checksum'=>$checksum]);
  190.     }
  191. }