i am developing with cakephp 2.4.7 where i am using the auth component for multiple login (a user and a company login).
My goal is to set the right sessionKey (Auth.User or Auth.Company) in the beforeFilter. Auth.User is the default value in cakephp.
AppController:
public $helpers = array('Cache','Html','Session','Form');
public $components = array(
'Security',
'Cookie',
'RequestHandler',
'DebugKit.Toolbar',
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'users',
'action' => 'index'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'authError' => 'You must be loggedin to view this page.',
'loginError' => 'Invalid user credentials.',
'authorize' => array('Controller')
)
);
public function beforeFilter() {
$this->Auth->deny('*');
}
CompaniesController:
public function beforeFilter() {
parent::beforeFilter();
AuthComponent::$sessionKey = 'Company';
//$this->Auth->sessionKey = 'Auth.Company';
$this->Auth->authenticate = array(
'Form' => array(
'userModel' => 'Company', // set the new userModel
'fields' => array('username' => 'email')
)
);
$this->Auth->allow('register', 'login', 'logout');
}
The login works perfectly, but the auth-session is still Auth.User. (Tested with debug($this->Auth->User());)
What i am doing wrong? How can i set the AuthComponent::$sessionKey correctly?
I had a same problem today, I have jumped into code (here) to check why its not working for me.
It seems that you have to set it like this
public function beforeFilter()
{
AuthComponent::$sessionKey = 'Auth.Company'; // static property so we have to
// access in static way so you want get strict errors
...
}
and then logout and login user again. In your action just var_dump() or pr() the $this->Session->read('Auth')
Btw $this->Auth->user() will always return you array that is in the Auth by [$sessionKey] and its same for AuthComponent::user() static call.
Related
My CakePHP 2.5.3 app lives in a subdomain (domain/project_name) and apache rewrite rules are working correctly.
After I set App.fullBaseUrl='domain/project_name' in app/Config/core.php, Router::fullBaseUrl() works fine but, all the $this->Controller->redirect and all AuthComponent redirect to http://domain/project_name/project_name/controller/action.
Has anyone else encountered this and how did you fix it?
Many thanks in advance!
This is pattern for redirecting after log out:
// app/Controller/AppController.php
class AppController extends Controller {
//...
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'posts',
'action' => 'index'
),
'logoutRedirect' => array( // <-- Let's focus at here.
'controller' => 'pages',
'action' => 'display',
'home'
),
'authenticate' => array(
'Form' => array(
'passwordHasher' => 'Blowfish'
)
)
)
);
public function beforeFilter() {
$this->Auth->allow('index', 'view');
}
//...
}
Source: http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html#authentication-login-and-logout
In your problem context, check logoutRedirect configuration array.
If you want handle redirecting by other ways:
public function logout() {
return $this->redirect($this->Auth->logout());
}
Source: http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html#authentication-login-and-logout
I am new to rapid development frameworks and I am currently working on a project on Cakephp. I have been having a problem establishing a session on my application.
I have used the login function but it won't accept the credentials I put in and returns the flash message for incorrect credentials. I have tried changing the function in different ways but it's clear that it is not establishing a session. Please help.
Here is the relevant code.
UsersController.php
public function login() {
if ($this->request->is('post')) {
if ( $this->request->is( 'post' ) ) {
if ( $this->Auth->login() ) {
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Your username or password was incorrect.'));
}
}
}
}
AppController.php
public $components = array('Session', 'Auth');
It seems your AppController is missing some information inside $components.
Try this:
class AppController extends Controller {
public $components = array(
'Cookie',
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => '**YOUR CONTOLLERr**',
'action' => '**YOUR ACTION**'
),
'logoutRedirect' => array(
'controller' => '**YOUR CONTOLLERr**',
'action' => '**YOUR ACTION**',
'home'
),
'loginAction' => array(
'controller' => '**YOUR CONTOLLERr**',
'action' => '**YOUR ACTION**'
),
'authError' => 'Access Denied!',
'loginError' => 'Invalid user and password',
'authorize' => array('Controller'),
'authenticate' => array('Form' => array(
'userModel' => 'User',
'fields' => array(
'username' => '**LOGIN FIELD**',
'password' => '**PASSWORD FIELD**'
)
)
),
)
);
}
It is important to set Session inside AppController so you can establish it.
Also its important to check PasswordHash since Cakephp only validate credentials if password stored in Database is Hashed.
Hope It helps you.
I can see nothing in your "relevant code", you can compare the data of that you obtain with your DB in your login, just use debug, so:
public function login() {
if ($this->request->is('post')) {
debug($this->request->data);
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
} else {
//$this->Session->setFlash(('Your username or password was incorrect.'));
}
}
}
with this we can obtain more information you can tell me what show and if those data is the same in the DB.
Ok, so I have my site set-up in the following way.
The index redirects to the Login page as the entire site is for logged in users only. When a user attempts to view a page they do not have access to they are dumped into the login page with a "You are not authorized to access that location" message.
I want to change this so if a logged in user tried to access a unauthenticated page they get redirected back to the referrer page.
In my individual controllers I have a isAuthorised method that checks the user role and allows or disallows access.
class AppController extends Controller {
public $theme = 'Default';
public function beforeRender(){
$this->set('referer',$this->referer());
$this->set('userData', $this->Auth->user());
}
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login',
'home'
),
'authorize' => array('Controller')
)
);
public function isAuthorized($user) {
// Admin can access every action
if (isset($user['role']) && $user['role'] === 'admin') {
return true;
}
// Default deny
return false;
}
}
Looking through the documentation I have found unauthorizedRedirect and thought this might be able to do it but I've yet to find a way to implement it. I've tried a couple of things but as yet can't find anything that works properly.
You can add this line in your auth component to redirect the unauthorized users back to the page they came from.
'unauthorizedRedirect' => $this->referer()
Looks something like this:
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login',
'home'
),
'authorize' => array('Controller'),
'unauthorizedRedirect' => $this->referer()
)
);
public function beforeRender(){
$user = READ USER SESSION
if(!$this->isAuthorized($user)){
WRITE REDIRECT CODE HERE
}
$this->set('referer',$this->referer());
$this->set('userData', $this->Auth->user());
}
I'm using Cake's Auth component and can't seem to figure out how to set specific flash data/error message when using scope.
While testing by changing active from 0 to 1, I can confirm the scope parameter works, however if scope returns false, I get flash data associated with my login method, Your username or password was incorrect..
UsersController
public function login(){
if($this->request->is('post')){
if($this->Auth->login()){
$this->Session->setFlash('You are logged in!');
return $this->redirect($this->Auth->redirect());
}
$this->Session->setFlash(__('Your username or password was incorrect.'));
}
}
AppController
public $components = array(
'DebugKit.Toolbar',
'Acl',
'Auth' => array(
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
),
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email'),
'scope' => array('active' => '1')
)
)
),
'Session'
);
public function beforeFilter() {
$this->Auth->loginAction = array(
'controller' => 'Users',
'action' => 'login'
);
$this->Auth->logoutRedirect = array(
'controller' => 'Users',
'action' => 'login'
);
$this->Auth->loginRedirect = array(
'controller' => 'Users',
'action' => 'index'
);
}
Is it possible to bind a specific error message for each scope parameter and login method?
Very simple in CakePHP :)
You can custom error message in every method of Controller
Simple, you do it as I say ^_^
Exmple:
<?php
public function accessSite(){
//disable default message authError of Auth
$this->Auth->authError = false;
$message = 'You not have permission access here';
//set new custom message
$this->Auth->flash($message);
}
On localhost i have no problem at all. i can login access all sites and go through the process of the site without a problem.
Now when i put it remotely i get logged out as soon as i change page (aka i am being redirected to my login view no matter what link i press)
My AppController loos like this:
<?php
App::uses('Controller', 'Controller');
class AppController extends Controller {
public $components = array(
'Acl',
'Auth' => array(
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
)
),
'Session'
);
public $uses = array
(
'Category'
);
public $helpers = array('Html', 'Form', 'Session');
public function beforeFilter() {
$this->Auth->allow('*');
//Configure AuthComponent
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
$this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
$this->Auth->loginRedirect = array('controller' => 'home', 'action' => 'index');
$this->set('menu_categories', $this->Category->find('all'));
}
}
Please tell me if you need more information (also if you wish to try this issue go to my page (my domain
log in as test password test123