Home/ Questions/Q 8460927
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T13:44:21+00:00

In my server, a Symfony2 application is running. Moreover, the server has a folder

  • 0

In my server, a Symfony2 application is running.

Moreover, the server has a folder where some PHP classes are put. These classes are used for utility purposes and are used by http calls (in particular by using AJAX from the pages of my website). For instance, a PHP class is used for file upload (see next figure).

The schema of the current use of the php utility classes

The http call should be done by one of my webpage (and everything would be ok), but it could also be done from an external website. The latter http request is supposed to be a malicious one.

Hence, I need to insert such a code in the php class to check if the user is logged in (even not is it has a specific role). How to do that by considering that I’m using Symfony2?

PS: I underline that the control must be done in a generic PHP classes, not in a Symfony2 controller!

Thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I tried to use common PHP solutions, like setting a Session variable as suggested by Stony, however there is something in Symfony2 session that I’m missing. Even if a variable is defined in a Symfony2 controller, the $_SESSION object seems not to include it.

    Hence, I tried to follow the “controller way“, as suggested by Stony.

    Here follows what I did. Suppose to have to run the PHP class “FileUpload.php” through an http call. The PHP file has the class FileUpload to be used. In my case, the call was done through AJAX. Hence, I should do something like:

    <script>
  load('http://path/to/fileupload.php')
<script>

    where load() is an hyphotetical Javascript function for AJAX calls.

    Of course, the initial idea was to include all the controls in FileUpload.php. I wan’t able! So what?

    Simply, create a controller in Symfony2. Then create your action. E.g.

    public function fileUploadAction(){
    //control if user is logged and has required role as usual with Symfony2
    $uploader = new \Path\To\\FileUpload();
    //do something with object uploader

    exit(0);//Symfony will not require an answer, but you did what you needed
}

    Of course, the script in the webpage has to be updated:

    <script>
  load("{{path('route_to_fileUploadAction')}}")
<script>

    Remember to put the FileUpload.php in a secured folder.

    • 0