Check Symfony Authorization External Php Files

By | 23 March 2018

In this article, i will talk about Symfony Authorization in external Php files. Sometimes our Symfony project may need external libraries. So if we run this files, we have to check Symfony user authorization and they should not run from outside.

For example, i need Ckeditor and Filemanager plugins. Filemanager is reading and manage our Os directories and files. We can upload files by config file. We will add the Filemanager files.

Now, we run dialog.php on web browser. We can run this file without Symfony user. We need to fix it.

For this, check the Symfony session in the dialog.php.

<?php

if (isset($_SESSION['_sf2_attributes'])) {
    if (isset($_SESSION['_sf2_attributes']['_security_main'])) {
        require_once __DIR__ . '/../../../../../../app/autoload.php';</pre>

        /**
        * @var Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
        */

        $security = unserialize($_SESSION[_sf2_attributes]['_security_main']);
        $roles = $security->getRoles();
        $roles = $security->getUser();
        // to do your controls or checksum
    } else {
        exit('Access Denied');
} else {
    exit('Access Denied')
}

Now, if we run same php file, wen can not enter into project.

If you have authenticated Symfony user, you can run this php file.

Leave a Reply

Your email address will not be published. Required fields are marked *

*