I'm using CakePhp 2.3 and am trying to allow a user to create an account from the home page. I'm new to cakephp and so far I've followed implementation described here: http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html
Now every time I access the index page (localhost) I am redirected to the users/login page. I've played around with changing the components array in the AppsController, but if I don't include the Auth component then when I call the function add in the USerController, then I get a Call to a member function allow() on a non-object error. I'm not sure how to continue. Right now my AppController class looks like this:
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'posts', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'pages', 'action' => 'display', 'home'),
'authorize' => array('Controller') // Added this line
)
);
public function beforeFilter() {
$this->Auth->allow('index', 'view');
}
}
All I want to do is be able to add a new user row from the index page. Any ideas or other suggested reading? Thanks!!!
Configure your home page / by using the router to use the posts/index action.
Router::connect('/', array('controller' => 'posts', 'action' => 'index'));
Also I guess you're not calling the parent::beforeFilter() in your whatever controller is used for the home page. Allowing actions in the AppController is a bad idea because it just opens security issues. One day you need an index that should not be public and forget about it OR your have to change all allow() calls.
However, why do you have the login in the posts context? That's wrong. User related actions should belong to the right context: Users controller and model.
If you add the key 'authorize', I think you should define the function 'isAuthorized' as described here : http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html
How looks like your default index page ?
If it's the defaut "home.ctp", displayed by the PagesController, you have to allow 'display' as an allowed action :
$this->Auth->allow('index', 'view', 'display');
HTH
go to app->config-> routes.php and change the action to index as #burzum said
and then go to your UsersController or PostsController whatever your controller is call beforeFilter like this
<?php
class UsersController extends AppController {
public function beforeFilter() {
parent::beforeFilter();
}
public function index(){
}
Related
What I want:
When a user is not logged in and tries to visit the site at any url they get redirected to /landing (which has a form on it that posts to /login)
What is happening:
When a user is not logged in and tries to visit the site at any url they get redirected to /login
In my AppController I have:
public $components = array(
'Auth' => array(
...
'loginRedirect' => array('controller' => 'twitter', 'action' => 'index'),
'loginAction' => '/landing',
'logoutRedirect' => '/landing',
'unauthorizedRedirect' => '/landing',
'authorize' => array('Actions' => array('actionPath' => 'controllers'))
));
public function beforeFilter() {
$this->Auth->allow('login', 'landing');
}
I thought 'loginAction' => '/landing' would have been the solution but it has not helped
Any ideas?
You are missing the controller?
'Auth' => array(
'loginRedirect' => array(
'controller' => 'items',
'action' => 'index'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'authenticate' => array(
'Form' => array(
'passwordHasher' => 'Blowfish'
)
)
)
From your snippet it looks like you're putting $this->Auth->allow() rules in the beforeFilter() method of AppController:
public function beforeFilter() {
$this->Auth->allow('login', 'landing');
}
The problem is that since your /landing route points to your pages controller and /login to your users controller, unless your controllers' beforeFilter() method call their parent's method like this:
public function beforeFilter() {
parent::beforeFilter();
}
these rules won't ever take action. And if you add this code above, you're actually allowing both landing and login methods in both controllers (if they exist).
The way it is now, the parent is (apparently) never called, and so when you visit a url like /bogus, you get redirected to /landing as you've set in AuthComponent's loginAction. But since this is never explicitely allowed in pages controller beforeFilter(), you get redirected again to /login. The whole process looks like you are always redirected to /login no matter what url you visit.
Keep in mind, that as you have it, the allow() rule for login is neither executed. You're able to visit /login though, because cake automatically allows it (or else you would end up in an endless loop).
So first remove the landing rule from allow(). You don't need it.
Then move the beforeFilter() code to the pages controller. Change landing to display as the method that is called is display inside that controller, being passed the argument landing. There's no landing method there (I assume - and if there is, the route is pointing to pages' display so it wouldn't have any effect)!
This last change will make display action allowed for any given page passed as argument (like landing, home, eula or whatever else you might be having). If you don't want that you should add a check either in the beforeFilter() or the display() and only allow the request to continue if the argument is landing.
class IndexController extends Zend_Controller_Action{
public function init(){
if(!isset($_SESSION['administrator'])){
$this->_helper->redirector->gotoRouteAndExit(array('controller' => 'index', 'module' => 'cp', 'action' => 'login'), null,!0,!0);
}
}
}
I tried on Firefox, it shows me:
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
But when I put redirector outside of init() method, it works.
public function indexAction(){
if(!isset($_SESSION['administrator'])){
$this->_helper->redirector->gotoRouteAndExit(array('controller' => 'index', 'module' => 'cp', 'action' => 'login'), null,!0,!0);
}
}
Can anyone help me?
Edit:
I don't want to repeat the "redirect code" because there are many other actions need to be checked permission in the same controller.
The problem is, that on index/login, you also run the init() method, detect that the user is not an admin, and try to again redirect him to index/login, which will run the init() method again, detect that he still is not an admin... and so on. Thus the infinite redirect loop.
So in your init() you may first check if you are trying to call the login action, and only if not, check for admin permissions and redirect to index/login.
In your concrete case, you may want to change your init() method as follows:
public function init(){
if ($this->getRequest()->getActionName() !== 'login' && !isset($_SESSION['administrator'])){
$this->_helper->redirector->gotoRouteAndExit(array('controller' => 'index', 'module' => 'cp', 'action' => 'login'), null,!0,!0);
}
}
This excludes the login action from checking admin permissions and redirecting, breaking the infinite redirect loop.
The thing is, init() function will always runs first in any controller,
So When you do a redirect is init() it essential redirects to itself , which will create infinite loop in your case, so it will keep redirecting to itself, as "BluePsyduck" Suggested.
So do the alternate what you have already done and redirect it in index Action of your controller..
I have the following code in my PortfolioController:
function index()
{
$this->set('posts', $this->Portfolio->find('all'));
}
function view ( $id, $slug )
{
$post = $this->Portfolio->read(null, Tiny::reverseTiny($id));
$this->set(compact('post'));
}
However in order to get the view to remove /view/ from the URL, I have added the following to my routes: Router::connect('/portfolio/*', array('controller' => 'portfolio', 'action' => 'view'));
This breaks the index method as it overrides it by calling the view method instead and shows a blank view
How do I fix this?
What are you trying to do exactly? (And what's with $slug?)
It sounds like what you want to do is remove the action (or at least the view() action?) from displaying in the URL, amirite? Kind of like the default pages_controller display() method - catch-all action for static pages?
How do I fix this?
Well, I'd suggest starting with un-breaking that route, because otherwise it's doing exactly what you told it to:
Router::connect('/portfolio/*',
// * is a wildcard matching anything & everything after /portfolio/
array('controller' => 'portfolio',
// and routing to portfolio's view() action, with or w/o required $args to pass
'action' => 'view'));
so what you see when you call index() is not a blank view, it's a suppressed fatal error, which is what happens when index() reroutes to view() and doesn't have an $id to pass in for the first arg.
Note the ending DS. Route order matters; first rule that catches, wins. The following routes would all map to index by default if the url's action were omitted, but they're not the same.
// Targets inside the controller (its methods)
Router::connect('/portfolio/',
array('controller' => 'portfolio', 'action' => 'index'));
is not the same as
// Targets the controller
Router::connect('/portfolio',
// Specifies the default controller action, can be whatever
array('controller' => 'portfolio', 'action' => 'index'));
For what you're trying to do, it should be
// Targets the controller
Router::connect('/portfolio',
// Routes to 'controller default method' which is index() by Cake default
array('controller' => 'portfolio');
This allows Cake to enforce auto default mapping to the controller's index() whenever the action is missing from the URL.
It would still have worked except for the trailing DS and trailing asterisk. The same rule that should catch index() reroutes to view() instead, thanks to the trailing asterisk targeting all actions in portfolio.
Hence Foo's suggestion doesn't work -> trailing DS + wildcard:
Router::connect('/portfolio/',
// the trailing DS changes it to target 'inside portfolio' instead of 'portfolio'
array('controller'=>'portfolio', 'action'=>'index'));
// trailing arbitrary wildcard maps any / all actions directly to view() method
Router::connect('/portfolio/*',
array('controller' => 'portfolio', 'action' => 'view'));
Which just ensures ALL actions in portfolio map directly to portfolio view() method (including /portfolio/index action). Do not pass go, etc. Any portfolio action resolves to the wildcard no matter what, aliasing the whole controller to that method. So you could knock the DS off the first route but any url starting with /portfolio that isn't /portfolio would still route to view(). Including the url /portfolio/index.
Try this:
// catches portfolio/index() without index in the url
Router::connect('/portfolio',
array('controller' => 'portfolio'));
// maps to portfolio/view() without view in url, just /portfolio/integer id
Router::connect('/portfolio/:id',
array('action'=>'view', array('id' => '[0-9]+'));
// routes everything else in portfolio as usual
Router::connect('/portfolio/:action/*',
array('controller'=>'portfolio'));
Routes can be tricky. Here are some links; HTH. :)
http://bakery.cakephp.org/articles/Frank/2009/11/02/cakephp-s-routing-explained
http://book.cakephp.org/view/46/Routes-Configuration
I'm new to CakePHP myself, but I believe you can add
Router::connect('/portfolio/', array('controller' => 'portfolio', 'action' => 'index'));
Before the route with the star.
as per my knowledge is concern
you should give like this:
Router::connect('/pages/*', array('controller' => 'pages', 'action' => 'display'));
I mean you should changes the aliases of the controller name.
Router::connect('/portfolios/*', array('controller' => 'portfolios', 'action' => 'view'));
I'm trying to wrap my head round how the auth component authenticates.
Currently my AppController looks something like this.
class AppController extends Controller
{
var $components = array('Auth', 'Session');
function beforeFilter()
{
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'index');
$this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
}
}
If I was to leave my login action completely empty, the auth component will still try to authenticate when the user reaches the login page.
Is this how it should be? Couldn't this be a problem if it's always trying to authenticate?
If the requested action is the action configured in AuthComponent::loginAction (UserController::login by default) and $this->data contains the fields configured in AuthComponent::userModel/AuthComponent::fields (User.username and User.password by default), the AuthComponent will try to authenticate the current user. It'll automatically try this after Controller::beforeFilter was executed but before the requested action is called. If the login was successful (and any additional restrictions you may have applied in the AuthComponent configuration have cleared), it'll redirect to where the user came from, otherwise it'll execute the requested action as usual.
So no, this won't pose a problem, since it'll only attempt authentication under these particular circumstances.
I implemented security according to the acl tutorial on the www.cakephp.org website. I'm trying to figure out which line of code is responsible for redirecting a user to the login page if they aren't already logged in. As a test, I commented out several lines from the beforefilter() function in app_controller.php so that it now looks like this:
function beforeFilter() {
//Configure AuthComponent
$this->Auth->authorize = 'actions';
$this->Auth->actionPath = 'controllers/';
// $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
// $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
// $this->Auth->loginRedirect = array('controller' => 'alerts', 'action' => 'home');
// $this->Auth->loginRedirect = array('controller' => 'schedules', 'action' => 'index');
$this->Auth->allowedActions = array('display');
}
But I'm still being redirected to the login page.
The reason I'm asking about this is because my cakephp site is being served through a proxy server and I need to use relative url references, but the login redirect is using an absolute reference.
The actual redirection is done in AuthComponent::startup(). In there AuthComponent::isAuthorized() is called, and in your case (with Acl configured) Acl will be used to do the checking.
Changes to the settings in your beforeFilter() will no have any affect on the behavior. More than likely, you are failing the Acl->check() and being redirected on line 450.
See here - https://github.com/cakephp/cakephp/blob/master/cake/libs/controller/components/auth.php#L309, and https://github.com/cakephp/cakephp/blob/master/cake/libs/controller/components/auth.php#L450
To handle your redirect related issue, look at possibly overriding Helper::url(). Create an app/app_helper.php, define a class AppHelper that extends Helper... and provide a url method. Examine the passed arguments, return the appropriate url.