I've recently been pouring over some CakePHP tutorials on the Auth Component, and am using this for reference: http://miftyisbored.com/a-complete-login-and-authentication-application-tutorial-for-cakephp-2-3/
My Cake version is 2.3.1
I'm using Firebug for debugging. The database passwords are hashing right, and I can Register and new user just fine, however logging in is a different story. When I try to access a page that requires Authentication, I get the login page, enter a valid user/pass, and it redirects me right back to the login page. In firebug the POST header is 200 OK and just returns the login page again. I'm guessing I may have something wrong with my session config or something, as if the session isn't being looked up. Here's my UsersController.php:
<?php
class UsersController extends AppController {
public $name = 'Users';
public $helpers = array('Html','Form');
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('add', 'login');
}
public function login() {
//if already logged-in, redirect
if($this->Session->check('Auth.User')){
$this->redirect(array('controller'=>'admin','action' => 'admin_index'));
}
// if we get the post information, try to authenticate
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->Session->setFlash(__('Welcome, '. $this->Auth->user('username')));
$this->redirect($this->Auth->redirectUrl());
} else {
$this->Session->setFlash(__('Invalid username or password'));
}
}
}
public function logout() {
return $this->redirect($this->Auth->logout());
}
public function index() {
$this->User->recursive = 0;
$this->set('users', $this->paginate());
}
public function view($id = null) {
$this->User->id = $id;
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
$this->set('user', $this->User->read(null, $id));
}
public function add() {
if ($this->request->is('post')) {
$this->User->create();
if ($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user has been saved'));
return $this->redirect(array('action' => 'login'));
}
$this->Session->setFlash(
__('The user could not be saved. Please, try again.')
);
}
}
public function edit($id = null) {
$this->User->id = $id;
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
if ($this->request->is('post') || $this->request->is('put')) {
if ($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user has been saved'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(
__('The user could not be saved. Please, try again.')
);
} else {
$this->request->data = $this->User->read(null, $id);
unset($this->request->data['User']['password']);
}
}
public function delete($id = null) {
$this->request->onlyAllow('post');
$this->User->id = $id;
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
if ($this->User->delete()) {
$this->Session->setFlash(__('User deleted'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('User was not deleted'));
return $this->redirect(array('action' => 'index'));
}
}
?>
My Model seems to be working ok, but I can provide any additional code if this isn't where my error is at! Thanks bunches!
the problem is in the encryptacion of your passwords, see if you're doing a beforesave and you need make a encryption when saving and password that you log in to verify if they are the same in your DB
User model
public function beforeSave($options = array()) {
// hash our password
if (!$this->id) {
$passwordHasher = new SimplePasswordHasher();
$this->data['User']['password'] = $passwordHasher->hash($this->data['User']['password']);
}
return true;
}
AppController
public function beforeFilter() {
Security::setHash('sha1');
$this->Auth->allow('index', 'display', 'view');
}
In your database for the password the right is varchar (30)
Related
I tried to follow the CakePHP blog tutorial (http://book.cakephp.org/2.0/en/tutorials-and-examples/blog/blog.html) and everything works fine, except for the edit method. The edit function as specified in the tutorial seems to work, but instead of updating the old entry, it creates a new entry in the database. (But says that it did update the old entry with the "Jop was updated" message)
My source files are:
edit.ctp
<html>
<!-- File: /app/View/Jobs/edit.ctp -->
<h1>Edit Job</h1>
<?php
echo $this->Form->create('Job');
echo $this->Form->input('type');
echo $this->Form->input('name');
echo $this->Form->input('company');
echo $this->Form->input('id', array('type' => 'hidden'));
echo $this->Form->end('Save Job');
?>
</html>
JobsController.php
class JobsController extends AppController
{
public $helpers = array('Html', 'Form', 'Session');
public $components = array('Session');
public function index()
{
$this->set('jobs', $this->Job->find('all'));
}
public function view($id=null) {
if (!$id)
{
throw new NotFoundException(__('Invalid job'));
}
$job = $this->Job->findById($id);
if (!$job)
{
throw new NotFoundException(__('Invalid job'));
}
$this->set('job', $job);
}
public function add() {
if ($this->request->is('POST')) {
$this->Job->create();
if ($this->Job->save($this->request->data))
{
$this->Session->setFlash(__('Your job has been saved.'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash('Unable to add your job.');
}
}
public function edit($id=null) {
if (!$id) {
throw new NotFoundException(__('Invalid job'));
}
$job = $this->Job->findById($id);
if (!$job) {
throw new NotFoundException(__('Invalid job'));
}
if ($this->request->is(array ('POST', 'PUT'))) {
$this->Job->id = $id;
if ($this->Job->save($this->request->data)) {
$this->Session->setFlash(__('Job has been updated.'));
return $this->redirect(array('action' => 'index'));
}
else {
$this->Session->setFlash(__('Unable to update the job.'));
}
if (!$this->request->data) {
$this->request->data = $job;
}
}
}
public function delete($id) {
if (!$id) {
throw new NotFoundException(__('Invalid job'));
}
if ($this->request->is('GET')) {
throw new MethodNotAllowedException();
}
if ($this->Job->delete($id)) {
$this->Session->setFlash(__('Job has been deleted.'));
}
else {
$this->Session->setFlash(__('Unable to delete job.'));
}
return $this->redirect(array('action' => 'index'));
}
}
?>
If someone else has this problem, this is the solution that worked for me:
if (!$this->request->data) {
$this->request->data = $job;
}
was indented wrong, it shouldn't be within the
if ($this->request->is(array ('POST', 'PUT')))
block, but on the same level, i.e. one layer less indented.
Please check your edit.ctp page you are missing some.
<?php echo $this->Form->create('Job'); ?>
<?php
echo $this->Form->hidden('id', array('value' => $this->data['Job']['id'])); ?>
I am trying to extend onto the 'blog tutorial' from cakephp and am having a little trouble with linking to a logged in user's homepage, which I created on a file called view.ctp.
I can link to most of my file path http://localhost:8888/blogtest/users/view/ up until I need the 'id' to define which page to send someone too.
This is how I am linking to the page:
go
I know I need some logic within the php tags to tell the browser to retrieve the id of the current logged in user.
How would I got about doing this? Where would I create a variable?*
Does the var go in the UsersController.php or is it in the User.php? Any help is greatly appreciated!
UsersController php:
<?php
// app/Controller/UsersController.php
App::uses('AppController', 'Controller');
class UsersController extends AppController {
public function beforeFilter() {
parent::beforeFilter();
// Allow users to register and logout.
$this->Auth->allow('add', 'logout');
}
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
}
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
public function logout() {
return $this->redirect($this->Auth->logout());
}
public function index() {
$this->User->recursive = 0;
$this->set('users', $this->paginate());
}
public function view($id = null) {
$this->User->id = $id;
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
$this->set('user', $this->User->read(null, $id));
}
public function add() {
if ($this->request->is('post')) {
$this->User->create();
if ($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user has been saved'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(
__('The user could not be saved. Please, try again.')
);
}
}
public function edit($id = null) {
$this->User->id = $id;
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
if ($this->request->is('post') || $this->request->is('put')) {
if ($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user has been saved'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(
__('The user could not be saved. Please, try again.')
);
} else {
$this->request->data = $this->User->read(null, $id);
unset($this->request->data['User']['password']);
}
}
public function delete($id = null) {
// Prior to 2.5 use
// $this->request->onlyAllow('post');
$this->request->allowMethod('post');
$this->User->id = $id;
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
if ($this->User->delete()) {
$this->Session->setFlash(__('User deleted'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('User was not deleted'));
return $this->redirect(array('action' => 'index'));
}
}
?>
Pay attention to the blog tutorial text:
The single instruction in the action uses set() to pass data from the
controller to the view (which we’ll create next). The line sets the
view variable called ‘posts’ equal to the return value of the
find('all') method of the Post model.
It goes on here and explains exactly what you want:
<td>
<?php echo $this->Html->link($post['Post']['title'],
array('controller' => 'posts', 'action' => 'view', $post['Post']['id'])); ?>
</td>
Honestly I have doubts you tried to read it at all. If you really did read this section again. It is all there in great detail.
I originally had some basic authentication and form validation, but have taken out both of those for the sake of troubleshooting. When at /clients/add after filling out and submitting nothing happens. When doing this for the /posts/add it works correctly.
Controller/ClientsController.php
<?php
class ClientsController extends AppController {
public $helpers = array('Html', 'Form');
public function index() {
$this->set('clients', $this->Client->find('all'));
}
public function view($id = null) {
if (!$id) {
throw new NotFoundException(__('Invalid client'));
}
$client = $this->Client->findById($id);
if (!$client) {
throw new NotFoundException(__('Invalid client'));
}
$this->set('client', $client);
}
public function add() {
if ($this->request->is('client')) {
$this->Client->create();
if ($this->Client->save($this->request->data)) {
$this->Session->setFlash(__('Your client has been saved.'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('Unable to add your client.'));
}
}
public function edit($id = null) {
if (!$id) {
throw new NotFoundException(__('Invalid client'));
}
$client = $this->Client->findById($id);
if (!$client) {
throw new NotFoundException(__('Invalid client'));
}
if ($this->request->is(array('post', 'put'))) {
$this->Client->id = $id;
if ($this->Client->save($this->request->data)) {
$this->Session->setFlash(__('Your client has been updated.'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('Unable to update your client.'));
}
if (!$this->request->data) {
$this->request->data = $client;
}
}
public function delete($id) {
if ($this->request->is('get')) {
throw new MethodNotAllowedException();
}
if ($this->Client->delete($id)) {
$this->Session->setFlash(
__('The client with id: %s has been deleted.', h($id))
);
return $this->redirect(array('action' => 'index'));
}
}
}
Model/Client.php
<?php
class Client extends AppModel {
}
View/Clients/add.ctp
<h1>Add Client</h1>
<?php
echo $this->Form->create('Client');
echo $this->Form->input('contact');
echo $this->Form->input('customer');
echo $this->Form->input('state');
echo $this->Form->input('district');
echo $this->Form->end('Save Client');
?>
Here is the screenshot of database structure in case it is a db related issue.
what is $this->request->is('client') ?
please do not just copy and replace , it should be
$this->request->is('post')
I have a standalone class I wrote in PHP for some very basic LDAP/AD functions. and I would like to use this class in a project I am working on in cakephp.
It looks like in cakephp 1.2 I could just add the class as a vendor, however it looks like cakephp 1.3 removed support for vendors. So how would I go about calling a few function from this class?
(I'd like to try to keep the class itself the same and not turn it into a plugin, as that seems unnecessary)
Thanks!
code below:
**<?php
class UsersController extends AppController {
var $name = 'Users';
//commented out because it breaks the script
//App::import('Lib', 'ldap');
function index() {
$this->User->recursive = 0;
$this->set('users', $this->paginate());
}
function login() {
if (!empty($this->data)) {
if ($ldap->auth($this->data['User']['user'],$this->data['User']['password'])) {
$this->Session->setFlash(__('The user has been saved', true));
$this->Session->write('user', $this->data['User']['user']);
$this->redirect(array('action' => 'index'));
} else {
$this->Session->setFlash(__('Login Failed', true));
}
}
}
function logout() {
$this->Session->delete('user');
$this->redirect($this->referer());
}
function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid user', true));
$this->redirect(array('action' => 'index'));
}
$this->set('user', $this->User->read(null, $id));
}
function add() {
if (!empty($this->data)) {
$this->User->create();
if ($this->User->save($this->data)) {
$this->Session->setFlash(__('The user has been saved', true));
$this->redirect(array('action' => 'index'));
} else {
$this->Session->setFlash(__('The user could not be saved. Please, try again.', true));
}
}
$projects = $this->User->Project->find('list');
$this->set(compact('projects'));
}
function edit($id = null) {
if (!$id && empty($this->data)) {
$this->Session->setFlash(__('Invalid user', true));
$this->redirect(array('action' => 'index'));
}
if (!empty($this->data)) {
if ($this->User->save($this->data)) {
$this->Session->setFlash(__('The user has been saved', true));
$this->redirect(array('action' => 'index'));
} else {
$this->Session->setFlash(__('The user could not be saved. Please, try again.', true));
}
}
if (empty($this->data)) {
$this->data = $this->User->read(null, $id);
}
$projects = $this->User->Project->find('list');
$this->set(compact('projects'));
}
function delete($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid id for user', true));
$this->redirect(array('action'=>'index'));
}
if ($this->User->delete($id)) {
$this->Session->setFlash(__('User deleted', true));
$this->redirect(array('action'=>'index'));
}
$this->Session->setFlash(__('User was not deleted', true));
$this->redirect(array('action' => 'index'));
}
}
?>**
Cake 1.3 still perfectly supports the idea of vendor files. In addition, they now also support "libraries", additional classes that are not 3rd party classes. Just pop your files into the /vendors or /libs directory and load the file using App::import.
I got it working, I had to call "App::import('Lib', 'ldap');" outside of the controller class and then call it as a new class inside the function I wanted.
Below is the end result
<?php
App::import('Lib', 'ldap');
class UsersController extends AppController {
var $name = 'Users';
function index() {
$this->User->recursive = 0;
$this->set('users', $this->paginate());
}
function login() {
if (!empty($this->data)) {
$ldap = new ldap;
if ($ldap->auth($this->data['User']['user'],$this->data['User']['password'])) {
if (!$this->User->findByUser($this->data['User']['user']) )
{
$ldap_info = $ldap->getInfo($this->data['User']['user']);
$this->data['User']['name'] = $ldap_info['name'];
$this->add();
}
$this->Session->write('user', $this->data['User']['user']);
$this->redirect(array('action' => 'index'));
} else {
$this->Session->setFlash(__('Login Failed', true));
}
}
}
function logout() {
$this->Session->delete('user');
$this->redirect($this->referer());
}
function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid user', true));
$this->redirect(array('action' => 'index'));
}
$this->set('user', $this->User->read(null, $id));
}
private function add() {
if (!empty($this->data)) {
$this->User->create();
if ($this->User->save($this->data)) {
$this->Session->setFlash(__('The user has been saved', true));
$this->redirect(array('action' => 'index'));
} else {
$this->Session->setFlash(__('The user could not be saved. Please, try again.', true));
}
}
$projects = $this->User->Project->find('list');
$this->set(compact('projects'));
}
function edit($id = null) {
if (!$id && empty($this->data)) {
$this->Session->setFlash(__('Invalid user', true));
$this->redirect(array('action' => 'index'));
}
if (!empty($this->data)) {
if ($this->User->save($this->data)) {
$this->Session->setFlash(__('The user has been saved', true));
$this->redirect(array('action' => 'index'));
} else {
$this->Session->setFlash(__('The user could not be saved. Please, try again.', true));
}
}
if (empty($this->data)) {
$this->data = $this->User->read(null, $id);
}
$projects = $this->User->Project->find('list');
$this->set(compact('projects'));
}
function delete($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid id for user', true));
$this->redirect(array('action'=>'index'));
}
if ($this->User->delete($id)) {
$this->Session->setFlash(__('User deleted', true));
$this->redirect(array('action'=>'index'));
}
$this->Session->setFlash(__('User was not deleted', true));
$this->redirect(array('action' => 'index'));
}
}
?>
I'm writing a new application with CakePHP (just-released 1.2.4), using SimpleTest 1.0.1. I have read the relevant sections of the Cookbook, searched on the Bakery, and read Mark Story's postings on controller testing (the hard way and with mocks).
Unfortunately, none of this talks about real-world testing of non-trivial controllers. Lots of apps put areas of the site behind a login, yet I cannot figure out how to test the simple scenario of:
guest access to protected page redirects?
valid credentials sets expected session variables?
invalid credentials re-displays login page with error message?
The controller and test below do not work as I thought they would. Both assertions fail and I also get a PHP error:
FAILED
[NULL] should not be null at [.../app/tests/cases/controllers/users_controller.test.php line 79]
.../app/tests/cases/controllers/users_controller.test.php -> UsersControllerTest -> testLogin
FAILED
Equal expectation fails as [NULL] does not match [Integer: 1] at [.../app/tests/cases/controllers/users_controller.test.php line 80]
.../app/tests/cases/controllers/users_controller.test.php -> UsersControllerTest -> testLogin
ERROR
Unexpected PHP error [Undefined index: action] severity [E_NOTICE] in [.../cake/libs/controller/components/auth.php line 266]
.../app/tests/cases/controllers/users_controller.test.php -> UsersControllerTest -> testLogin
Here is the controller (baked plus Mark Story's "hard way" testing method):
class UsersController extends AppController
{
var $name = 'Users';
var $helpers = array('Html', 'Form');
var $components = array('Auth');
function login()
{
}
function logout()
{
$this->redirect($this->Auth->logout());
}
function index()
{
$this->set('users', $this->paginate());
}
function view($id = null)
{
if (!$id)
{
$this->Session->setFlash(__('Invalid User.', true));
$this->redirect(array('action'=>'index'));
}
$this->set('user', $this->User->read(null, $id));
}
function add()
{
if (!empty($this->data))
{
$this->User->create();
if ($this->User->save($this->data))
{
$this->Session->setFlash(__('The User has been saved', true));
$this->redirect(array('action'=>'index'));
}
else
{
$this->Session->setFlash(__('The User could not be saved. Please, try again.', true));
}
}
}
function edit($id = null)
{
if (!$id && empty($this->data))
{
$this->Session->setFlash(__('Invalid User', true));
$this->redirect(array('action'=>'index'));
}
if (!empty($this->data))
{
if ($this->User->save($this->data))
{
$this->Session->setFlash(__('The User has been saved', true));
$this->redirect(array('action'=>'index'));
}
else
{
$this->Session->setFlash(__('The User could not be saved. Please, try again.', true));
}
}
if (empty($this->data))
{
$this->data = $this->User->read(null, $id);
}
}
function delete($id = null)
{
if (!$id)
{
$this->Session->setFlash(__('Invalid id for User', true));
$this->redirect(array('action'=>'index'));
}
if ($this->User->del($id))
{
$this->Session->setFlash(__('User deleted', true));
$this->redirect(array('action'=>'index'));
}
}
}
Here is the test:
/* SVN FILE: $Id$ */
/* UsersController Test cases generated on: 2009-08-05 17:08:03 : 1249507923*/
App::import('Controller', 'Users');
class TestUsers extends UsersController
{
var $autoRender = false;
var $redirectUrl;
var $redirectStatus;
var $renderedAction;
var $renderedLayout;
var $renderedFile;
var $stopped;
function redirect($url, $status = null, $exit = true)
{
$this->redirectUrl = $url;
$this->redirectStatus = $status;
}
function render($action = null, $layout = null, $file = null)
{
$this->renderedAction = $action;
$this->renderedLayout = (is_null($layout) ? $this->layout : $layout);
$this->renderedFile = $file;
}
function _stop($status = 0)
{
$this->stopped = $status;
}
}
class UsersControllerTest extends CakeTestCase
{
var $fixtures = array('user');
var $Users = null;
function startTest()
{
$this->Users = new TestUsers();
$this->Users->constructClasses();
$this->Users->Component->initialize($this->Users);
}
function prepareForAction()
{
$this->Users->beforeFilter();
$this->Users->Component->startup($this->Users);
}
function endTest()
{
$this->Users->Session->destroy();
unset($this->Users);
ClassRegistry::flush();
}
//-----------------------------------------------------------------------
function testUsersControllerInstance()
{
$this->assertTrue(is_a($this->Users, 'UsersController'));
}
function testLogin()
{
$this->Users->data = array(
'User' => array(
'username' => 'admin',
'password' => 'admin'
)
);
$this->prepareForAction();
$this->Users->login();
$this->assertNotNull($this->Users->redirectUrl);
$this->assertEqual($this->Users->Session->read('Auth.User.id'), 1);
}
}
The test you have isn't really testing your UsersContoller, you're really testing the AuthComponent. If you want to do this you need to make sure you setup your TestUsersController the same as it would be in your app. In the case of your testLogin you need to set the controller's action and url:
function testLogin()
{
$this->Users->data = array(
'User' => array(
'username' => 'admin',
'password' => 'admin'
)
);
$this->Users->params['url']['url'] = '/users/login';
$this->Users->params['action'] = 'login';
$this->prepareForAction();
$this->Users->login();
$this->assertNotNull($this->Users->redirectUrl);
$this->assertEqual($this->Users->Session->read('Auth.User.id'), 1);
}
Alternately, I would suggest taking another look at Mark's mock objects post and using those methods to write tests for the controller code and mocking the auth component.