
I've tried this for hours and hours but can't get it to work. Taken the Acme DemoBundle and added an entity called User:


With the content:

namespace Acme\DemoBundle\Entity;

use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;

$fp = fopen('/var/www/html/hosts/Acme/Symfony/app/logs/data.txt', 'w');
fwrite($fp, 'file is included');

 * Acme\DemoBundle\Entity\User
 * @ORM\Table(name="jos_users")
 * @ORM\Entity
class User implements UserInterface, \Serializable, PasswordEncoderInterface
     * @ORM\Column(type="integer")
     * @ORM\Id
     * @ORM\GeneratedValue(strategy="AUTO")
    private $id;

     * @ORM\Column(type="string", length=25, unique=true)
    private $username;

     * @ORM\Column(type="string", length=64)
    private $password;

     * @ORM\Column(type="string", length=60, unique=true)
    private $email;

     * @ORM\Column(name="block", type="integer")
    private $isActive;

     * @ORM\Column(type="string", length=32)
    private $salt;

     * Get id
     * @return integer 
    public function getId()
        return $this->id;

     * Set username
     * @param string $username
     * @return User
    public function setUsername($username)
        $this->username = $username;

        return $this;

     * Get username
     * @return string 
    public function getUsername()
        return $this->username;

     * Set password
     * @param string $password
     * @return User
    public function setPassword($password)
        $this->password = $password;

        return $this;

     * Get password
     * @return string 
    public function getPassword()
        $parts  = explode( ':', $this->password );
        return $parts[0];

     * Set email
     * @param string $email
     * @return User
    public function setEmail($email)
        $this->email = $email;

        return $this;

     * Get email
     * @return string 
    public function getEmail()
        return $this->email;

     * Set isActive
     * @param boolean $isActive
     * @return User
    public function setIsActive($isActive)
        $this->isActive = $isActive?1:0;

        return $this;

     * Get isActive
     * @return boolean 
    public function getIsActive()
        return !$this->block;
    public function __construct()
$fp = fopen('/var/www/html/hosts/Acme/Symfony/app/logs/data.txt', 'w');
fwrite($fp, 'niceboo, construct is called');
        $this->isActive = 1;
        // may not be needed, see section on salt below
        //$this->salt = md5(uniqid(null, true));

     * @inheritDoc
    public function getSalt()
//      $parts  = explode( ':', $this->password );
//      return $parts[1];
        return 'bXzs4pUB6qElOxIHYcb98jXfsG6lK7ih';

     * @inheritDoc
    public function getRoles()
        return array('ROLE_USER');

     * @inheritDoc
    public function eraseCredentials()

     * @see \Serializable::serialize()
    public function serialize()
        return serialize(array(
            // see section on salt below
            // $this->salt,

     * @see \Serializable::unserialize()
    public function unserialize($serialized)
        list (
            // see section on salt below
            // $this->salt
        ) = unserialize($serialized);
    public function encodePassword($raw, $salt){
$fp = fopen('/var/www/html/hosts/Acme/Symfony/app/logs/data.txt', 'w');
fwrite($fp, 'encode password is called');
        return "hello world";
    public function isPasswordValid($encoded, $raw, $salt){
$fp = fopen('/var/www/html/hosts/Acme/Symfony/app/logs/data.txt', 'w');
fwrite($fp, 'well, its called but return is ignored');
        return true;


Then the Symfony/app/config/security.yml

            algorithm:        md5
            encode_as_base64: false
            iterations:       1

        ROLE_ADMIN:       ROLE_USER

            entity: { class: AcmeDemoBundle:User, property: username }

            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

            pattern:  ^/demo/secured/login$
            security: false

            pattern:    ^/demo/secured/
                check_path: _security_check
                login_path: _demo_login
                path:   _demo_logout
                target: _demo
            #anonymous: ~
            #    realm: "Secured Demo Area"

        - { path: ^/demo/secured/hello/admin/, roles: ROLE_ADMIN }
        #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

When I try to log in I always get "bad credentials", not sure how to encode the password but the function isPasswordValid would suggest it is used to validate the password (it isn't because nothing is written to the file). If it's not used then what's the point of trying to implement PasswordEncoderInterface and use that under encoders?

The only text in data.txt is "file is included", the database log does show that it has been queried for the user but password is probably never valid (user does exist and re running the query does give me a record).

How would I have Symfony use isPasswordValid or encodePassword in User?

War es hilfreich?


Must have forgotten a comma somewhere or something but it seems to work now.


...unchanged other stuff
        class: Acme\DemoBundle\Entity\User
...unchanged other stuff


namespace Acme\DemoBundle\Entity;

use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;

 * Acme\DemoBundle\Entity\User
 * @ORM\Table(name="jos_users")
 * @ORM\Entity
class User implements UserInterface, \Serializable,PasswordEncoderInterface
     * @ORM\Column(type="integer")
     * @ORM\Id
     * @ORM\GeneratedValue(strategy="AUTO")
    private $id;

     * @ORM\Column(type="string", length=25, unique=true)
    private $username;

     * @ORM\Column(type="string", length=64)
    private $password;

     * @ORM\Column(type="string", length=60, unique=true)
    private $email;

     * @ORM\Column(name="block", type="integer")
    private $isActive;

     * @ORM\Column(type="string", length=32)
    private $salt;

     * Get id
     * @return integer 
    public function getId()
        return $this->id;

     * Set username
     * @param string $username
     * @return User
    public function setUsername($username)
        $this->username = $username;

        return $this;

     * Get username
     * @return string 
    public function getUsername()
        return $this->username;

     * Set password
     * @param string $password
     * @return User
    public function setPassword($password)
        $this->password = $password;

        return $this;

     * Get password
     * @return string 
    public function getPassword()
        $parts  = explode( ':', $this->password );
        return $parts[0];

     * Set email
     * @param string $email
     * @return User
    public function setEmail($email)
        $this->email = $email;

        return $this;

     * Get email
     * @return string 
    public function getEmail()
        return $this->email;

     * Set isActive
     * @param boolean $isActive
     * @return User
    public function setIsActive($isActive)
        $this->isActive = $isActive?1:0;

        return $this;

     * Get isActive
     * @return boolean 
    public function getIsActive()
        return !$this->block;
    public function __construct()
        $this->isActive = 1;
        // may not be needed, see section on salt below
        //$this->salt = md5(uniqid(null, true));

     * @inheritDoc
    public function getSalt()
        return $this->salt;

     * @inheritDoc
    public function getRoles()
        return array('ROLE_USER');

     * @inheritDoc
    public function eraseCredentials()

     * @see \Serializable::serialize()
    public function serialize()
        return serialize(array(
            // see section on salt below
            // $this->salt,

     * @see \Serializable::unserialize()
    public function unserialize($serialized)
        list (
            // see section on salt below
            // $this->salt
        ) = unserialize($serialized);
    public function encodePassword($raw, $salt){
        return "hello world";
    public function isPasswordValid($encoded, $raw, $salt){
        return true;

Since isPasswordValid always returns true it now logs me in on any existing account. I can now continue with the tutorial and try to implement group

Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top