Learn how to signin manually an user from a controller without knowing his password in Symfony 1.4

Sometimes as an administrator of an application built with Symfony 1.4, you may need to have access to the accounts of an user to reproduce errors and check why something is failing in case that the current debugging measures aren't enough. For obvious reasons, if your system ain't private and it has a lot of users, you won't be able to ask them for their password as you would be obviously violating the right to privacy. Instead, the logic of your system should be built keeping this in mind. There are other cases where you use a token of access, for example in desktop applications where the user is automatically signed in when a web url is open in the browser, this is one of the cases where you need as well to know how to signin manually an user without knowing his password.

As a famous framework, although Symfony 1.4 is a legacy version, the standards never get old, so there's obviously a way to signin an user without knowing its password but only its ID in the database, specifically all the information of an user row on the sf_guard_user table. In this article, we'll show you with a short snippet how can you follow this behaviour in a couple of lines of code.


Not specifically the ID as you may find an user in the table as well using its username, email etc. The important point here is that you provide a Doctrine object of the sf_guard_user table.


As the way to use this logic may vary on every project, we'll use a straightforward PHP snippet that describes how the logic works in a controller (actions.class.php) file. The first thing that you may do, is logging out the current user (in case that there's any). As next, you need to find the user object, specifically the one that you want to login with from the database. The signin method of sfGuard expects a Doctrine object that contains the entity of your user, this is totally up to you because as mentioned, you may find the user by its id, username, email or another custom property. Then obtain the current session obtaining the current user that in this case is empty after signing him out and call the signin method providing the 2 required arguments. The first argument is the Doctrine User Object of the user that you want to login and as second argument a boolean variable that defines the "Remember me" login option of the signin form. Usually as we're logging it manually from a controller, this should be set to false:


// 1. Close current session if there's any
// 2. Obtain an user object to login
// The $userToLogin is a doctrine object of an user in the `sf_guard_user` table of the sfGuardPlugin
// so the logic of how to retrieve the user is up to you !
$userId = 1;
$userToLogin = Doctrine_Core::getTable('sfGuardUser')->find($userId);

// 3. Retrieve the session and force login of the providen user object
// the second argument indicated wheter the user should be remembered or not
// (usually false) if this is done manually
$this->getUser()->signin($userToLogin, false);

// Now you can redirect the user to some page where you want to !

Finally as shown, you may want to redirect the user to another page according to his credentials or just sending him to a controller that does that already for you.

Happy coding !

Senior Software Engineer at Software Medico. Interested in programming since he was 14 years old, Carlos is a self-taught programmer and founder and author of most of the articles at Our Code World.