php sessions with slim+twig, A template that extends another one cannot have a body

Question

I'm making a website with twig and slim, and ran into some problems when trying to setup a user authentication system.

I am using a standard LAMP configuration (mysql, php5, apache2), along with composer, twig and slim.

I read trough this tutorial and figured I'd do something similar, but don't know how to implement it into my application. What I'm having problems with is the php sessions part. So far I've only used php with PDO for my database connection (I made POST calls with AJAX to my .php files), but now it seems that I actually need to insert php code into my twig files.

so I tried to do this:

{% extends 'main.twig' %}

<?php
/*** begin our session ***/
session_start();
/*** set a form token ***/
$form_token = md5( uniqid('auth', true) );
/*** set the session form token ***/
$_SESSION['form_token'] = $form_token;
?>

{% block title %}
Sign Up | PTC Testers
{% endblock title %}

{% block stylesheet %}
<link rel="stylesheet" type="text/css" href="css/login.css">
{% endblock stylesheet %}

{% block content %}
<h1>Sign Up</h1>
    <form method="post">
        <fieldset>
            <p>
                <label for="email">Email</label>
                <input type="text" name="email" value="" maxlength="40" placeholder="[email protected]">
            </p>
            <p>
                <label for="password">Password</label>
                <input type="text" name="password" value="" maxlength="20" />
            </p>
            <p>
                <input type="hidden" name="form_token" value="<?php echo $form_token; ?>" />
                <input type="submit" value="&rarr; Login" />
            </p>
        </fieldset>
    </form>
{% endblock content %}

and get the following error: A template that extends another one cannot have a body in "signup.twig" at line 2.

As this is the first time I'm doing anything like this, I have no idea how to proceed, and what the proper way to do this is. Any input is appreciated.

If you need more info about my app, configuration and whatnot, here's a github repository of the project. The relevant files are in db_queries, templates and in the root folder (index.php).

Thanks for the help

Answer 1

From the Slim documentation:

A Slim application does not presume anything about sessions. If you prefer to use a PHP session, you must configure and start a native PHP session with session_start() before you instantiate the Slim application.

Also instead of putting in the template which is not possible, what you actually need is a middleware.

This means in index.php, your code would look something like:

/*** begin our session ***/
session_start();

$app = new \Slim\Slim(array(
    'view' => new \Slim\Views\Twig()
));

$csrfTokenGenerator = function () {
    $form_token = md5( uniqid('auth', true) );

    $_SESSION['form_token'] = $form_token;
};

$app->get('/login', $csrfTokenGenerator, function() use ($app) {
    $app->render('login.twig');
})->name('login');

That said, Slim have already provided this functionality for you as a separate package - Slim-Csrf - which is worth checking out.