The Slim Framework support forum has moved to http://discourse.slimframework.com. This Tender forum is no longer maintained or monitored.

Using Slim and Fiddler

rajan.ananthan's Avatar

rajan.ananthan

25 Jul, 2015 06:16 AM

I am submitting a form that contains user name and password fields using this route:

$app->post('/login/', function () use ($app) {

    $simple = $app->simple;
    $session = $app->session;
    $errors = array();

    $email = trim($app->request()->post('email'));
    $password = trim($app->request()->post('password'));

    //need to check for 'emptiness' of inputs and display message instead of querying db
    if ((! empty($email)) && (! empty($password) ) )
    {
        if (! filter_var($email, FILTER_VALIDATE_EMAIL))
        {
            $errors['loginerror'] = "The email address was invalid. Please try again.";
        }
        else
        {
            //pull details for this registered email
            if ($authsql = \ORM::for_table('users')->select_many('id','pass','name','level')->where('email',
                $email)->find_one())
            {
                //verify the password against hash
                if (! password_verify($password, $authsql->pass))
                {
                    $errors['loginerror'] = "The email or password do not match those in our system. Please try again.";
                }
                else
                {
                    if ($authsql->level == 1)
                    {
                        //we have an admin user
                        $user = new \SimpleQuiz\Utils\User\AdminUser($email, $authsql->name);
                    }
                    else
                    {
                        //registered user
                        $user = new \SimpleQuiz\Utils\User\EndUser($email, $authsql->name);
                    }

                    $user->setId($authsql->id);

                    $session->set('user', $user);
                    $session->regenerate();

                }
            }
            else
            {
                $errors['loginerror'] = "The email or password do not match those in our system. Please try again.";
            }
        }
    }
    else
    {
        $errors['loginerror'] = "Please check your email address and password and try again.";
    }

    if (count($errors) > 0)
    {
        $app->flash('errors', $errors);
        $session->remove('user');
        $app->redirect($app->request->getRootUri() . '/login/');
    }

    $simple::redirect($app, $session);
});

In Fiddler, I composed the following POST request:

POST http://localhost/public/login HTTP/1.1
Host: localhost
Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: Simple-Quiz=rmmbdcjg1p0lt1h0nb3lu21597
Content-Length: 50

email=email%40gmail.com&password=abcdefg

I get the following response

HTTP/1.1 302 Found
Date: Sat, 25 Jul 2015 05:05:57 GMT
Server: Apache/2.4.9 (Win64) PHP/5.5.12
X-Powered-By: PHP/5.5.12
Set-Cookie: Simple-Quiz=44enivvob04mv8d54trst51pn1; path=/
Location: /public/
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

This makes sense given that I am regenerating the session ID and redirecting. However, the GET request following the redirect still has the old cookie information.

GET http://localhost/public/ HTTP/1.1
Host: localhost
Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: Simple-Quiz=rmmbdcjg1p0lt1h0nb3lu21597

When I do a GET request with the new cookie (44enivvob04mv8d54trst51pn1), the correct information is returned. This works correctly in my browser but not when I use Fiddler. Anyone have a good explanation?

Thanks

PS I have the following hook that executes 'slim.before.dispatch' in my main index.php file.

$app->hook('slim.before.dispatch', function() use ($app) {

    $user = null;
    $requireauth = SimpleQuiz\Utils\Base\Config::$requireauth;
    
    //if no auth required to take quizzes, set a default user
    if (! $requireauth)
    {
        $app->session->set('user', SimpleQuiz\Utils\Base\Config::$defaultUser);
    }
    
    if ($app->session->get('user')) {
       $user = $app->session->get('user');
    }
    
    $app->view()->appendData(['user' => $user]);
    $app->view()->appendData(['requireauth' => $requireauth]);
    
    $root = $app->request->getRootUri();
    $app->view()->appendData(['root' => $root]);
});

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac