【发布时间】:2015-08-08 01:37:29
【问题描述】:
我正在尝试创建多个帐户的猎人,以防止具有 IP 的用户可以在我的应用程序中创建多个帐户。
我创建了一个FOSUserBunde的登录事件监听器,函数如下。
class FOSUserLoginListener implements EventSubscriberInterface
{
private $em;
private $userManager;
private $router;
private $requestStack;
private $mailer;
private $templating;
public function __construct(UserManager $usermanager, Router $router, RequestStack $requestStack, TwigEngine $templating, EntityManager $em, $mailer)
{
$this->em = $em;
$this->userManager = $usermanager;
$this->router = $router;
$this->requestStack = $requestStack;
$this->mailer = $mailer;
$this->templating = $templating;
}
/**
* {@inheritDoc}
*/
public static function getSubscribedEvents()
{
return array(
FOSUserEvents::SECURITY_IMPLICIT_LOGIN => 'onImplicitLogin',
SecurityEvents::INTERACTIVE_LOGIN => 'onSecurityInteractiveLogin',
);
}
public function onSecurityInteractiveLogin(InteractiveLoginEvent $event)
{
$user = $event->getAuthenticationToken()->getUser();
if ($user instanceof UserInterface) {
$lastIp = $this->requestStack->getCurrentRequest()->getClientIp();
if($this->multiAccountChecker($lastIp))
{
$this->sendAlertToBanEmail($user, $lastIp);
$user->setLastIP($lastIp)
->setLocked(true);
$this->userManager->updateUser($user);
$this->userManager->reloadUser($user);
}
$user->setLastIP($lastIp);
$this->userManager->updateUser($user);
}
}
它工作正常,除了一个小故障。当我检测到多个具有相同 IP 的帐户时,数据会存储在数据库中,但正在登录的用户不会关闭会话并显示“此帐户已锁定”消息。
有人可以给我一些线索,以确保在多个帐户的情况下用户被拒绝访问?
【问题讨论】:
标签: security symfony fosuserbundle