Symfony2 Pre-registration and Invite System

Originally published at: http://www.sitepoint.com/symfony2-pre-registration-invite-system/

This entry is part 1 of 1 in the series Symfony2 Authentication and Authorization

Symfony2 Authentication and Authorization

  • Symfony2 Pre-registration and Invite System

We have discussed Symfony 2 development in previous SitePoint articles and we built a clone of my own personal Symfony app (Part 1, 2 and 3). But Symfony 2 is a gigantic framework and there are plenty more topics we can cover.

symfony-logo

In this article series of two parts, we are going to talk about a very important area of web application development: Authentication and Authorization. Symfony2 has a very detailed elaboration of these two topics in its official documentation. Anyone who is seriously looking into this is encouraged to read through that official document after absorbing the essentials from this tutorial.

A typical User Management flow may have the following tasks:

  • A built-in user will be generated upon application installation and will be granted the root equivalent privilege.
  • Any new user can either register via a form or can only register via invitation (which is the approach discussed in this article).
  • After registration, a user record is stored into the underlying database/table.
  • Optionally, the app will put this new user in a “pending” status and send out a confirmation email. A user will only be “activated” when they click the link in the email with a confirmation token. This approach is not used in this article because we are inviting users and the site is a “closed circle” site.
  • A user logs in. The app will verify the user name and password.
  • Optionally, the app can do some post-login activities. In this case, we will update the user’s last login date/time in the database, and redirect them.
  • The user can explicitly choose to logout.

The underlying user table

Although Symfony supports in-memory user authentication, that is not recommended in a real-world application. Most of the time, we’ll tap into other resources (database, LDAP, etc) to persist the user credentials. We will use an SQL database in our app.

Continue reading this article on SitePoint

Nice article Taylor.

Should anyone be interested in much more in-depth details about Symfony’s security component, I’d also like to suggest a good book dedicated to the subject.

Scott

Thanks for the link.

Hello @TaylorRen,

Im just wondering how your Invite class looks like.
Since your code says: $invite = new Invite();

Is it placed in the Entity folder and a database table?

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.