How to make the right to interrupt php script on the server to get the user's actions?
Doing a web application with client and server part of the framework 4.
The challenge is to make the user authorization with two-factor authentication api.
Example: a person enters a username and password, clicks the Login button, the form data goes to the server (via Ajax), the server runs the script authorization, set session, and if two-factor authentication, you need to enter the code. And the code should be entered strictly in the current session, save session and continue later is not.
I hope that properly explained :)
How to implement it?
While that came up with this:
1. the user fills in the form and sent data to the server, it appears loading
2. the server came back, set up a loop with a timeout like 1 minute
3. in the database a recorded information that has the authorization request, waiting for response
4. run the authorization script, we reach the input text, by a recorded to the database info that is required SMS
5. Run the cycle out to 5 minutes to verify that the code of SMS from the user
6. The script from step 2 saw that requires SMS code that sends an Ajax response to the client
7. The user will be shown a form with the enter SMS code, it fills out and submits, drawing on the boot for user
8. Server get SMS code that writes it to the database
9. The script can cycle from point 5 sees that there is a SMS code, the loop is interrupted and sent via API.
10. Further response to either success or failure: also via Ajax sent to the user.
Do I come up with a solution? Maybe symfony has built-in mechanisms for such tasks?
theresia_OKon30 answered on March 19th 20 at 08:46
I think everything is easier to do
- user enters username/password in a form, the form is sent to the server (no matter ajax or a normal post request)
- if a user has enabled two-factor authentication, the server generates a random number and writes it to the table with the user in a separate field (and, optionally, to record the expiry date of that code in 5 minutes). The user after sending the form from the previous paragraph it is shown a new form with the introduction of the code (or overlay/modally, or on a separate page, depending on the method of submitting the form)
- The user enters the code from the SMS into the second form sends it to the server, the server checks if the code (and optionally the expiration date of this code). If everything is OK - autorizovanem user.
Any sessions not need to turn and especially to hang some scripts and something to expect and to check