I'm trying to create an account register page with CakePHP 2.0 where user needs to activate it's new account by clicking on a link in the email he's received after insert username, email and password.
My question is how can I set an activation code inside the user record.
I thought to create a table field named activation_code and then to store an hashed version of the username to be sure the user can activate itself by clicking the email link with the activation key.
All the procedure is done but I don't know how can I set the activation_code inside the $data['User'] object and It's not clear for me if this is a good usage of the MVC framework or I should make it in a different way.
During the user registration action I've done this but I get an error when I try to create 'activation_code' dynamically:
// from the UserController class
public function register () {
if (!empty($this->data)) {
if ($this->data['User']['password'] == $this->data['User']['confirm_password']) {
// here is where I get the error
$this->data['User']['activation_key'] = AuthComponent::password($this->data['User']['email']);
$this->User->create();
if ($this->User->save($this->data)) {
// private method
$this->registrationEmail ($this->data['User']['email'], $this->data['User']['username']);
$this->redirect(array('controller'=>'users', 'action'=>'registration', 'success'));
}
}
}
}
Obviously the activation_key is an empty field inside my database.
So how can I create a filed dynamically from the controller?
$this->data['User']['activation_key']
should be:
$this->request->data['User']['activation_key']
(You should change all references to $this->data to the new cakephp2.0 $this->request->data)
I've solved the problem with the method Model::set(), so:
public function register () {
if (!empty($this->data)) {
if ($this->data['User']['password'] == $this->data['User']['confirm_password']) {
$this->User->create();
// I've used set method
$this->User->set('activation_key', AuthComponent::password($this->data['User']['email']));
if ($this->User->save($this->data)) {
$this->registrationEmail ($this->data['User']['email'], $this->data['User']['username']);
$this->redirect(array('controller'=>'users', 'action'=>'registration', 'success'));
}
}
}
}
Related
I've searched the forums and have seen many similar issues but none that seem to address my concern. I believe this is different because:
Form validation is not being used at this point
The form method does not seem to be related (just 1 post action)
The routes are not wrapped in web middleware
Here's what the application is supposed to be doing:
A user (with or without Authentication) views a public page with form (display_event)
The user selects a specific ticket for ordering and is directed to a 2nd form (register_step1)
The user then fills out demographic info for as many tickets as are being ordered
The processing step, if the email address used is of a valid user (in DB) should return to the form in step 2 & 3, populate the fields and flash a message. Otherwise it would perform the save() actions required. (register_step2)
The relevant routes from web.php are here:
Route::get('/events/{event}', 'EventController#show')->name('display_event');
Route::post('/register/{event}', 'RegistrationController#showRegForm')->name('register_step1');
Route::post('/register/{event}/create', 'RegistrationController#store')->name('register_step2');
The relevant portions of the RegistrationController.php are here:
public function showRegForm (Request $request, $id) {
// Registering for an event from /event/{id}
$ticket = Ticket::find(request()->input('ticketID'));
$quantity = request()->input('quantity');
$discount_code = request()->input('discount_code');
$event = Event::find($ticket->eventID);
return view('v1.public_pages.register', compact('ticket', 'event', 'quantity', 'discount_code'));
}
And:
public function store (Request $request) {
$event = Event::find(request()->input('eventID'));
if(Auth::check()) {
$this->currentPerson = Person::find(auth()->user()->id);
}
// set up a bunch of easy-reference variables from request()->input()
$email = Email::where('emailADDR', $checkEmail)->first();
if(!Auth::check() && $email === null) {
// Not logged in and email is not in database; must create
$person = new Person;
// add person demographics from form
} elseif(!Auth::check() && $email !== null) {
// Not logged in and email is in the database;
// Should force a login -- return to form with input saved.
flash("You have an account that we've created for you.
Please attempt to login and we'll send you a password to your email address.", 'warning');
return back()->withInput();
} elseif(Auth::check() && ($email->personID == $this->currentPerson->personID)) {
// the email entered belongs to the person logged in; ergo in DB
$person = $this->currentPerson;
// add person demographics from form
} elseif(Auth::check() && ($email->personID != $this->currentPerson->personID)) {
// someone logged in is registering for someone else in the DB
$person = Person::find($email->personID);
// add person demographics from form
} else {
// someone logged in is registering for someone else NOT in the DB
$person = new Person;
// add person demographics from form
}
// do more stuff...
$reg = new Registration; (set up a registration record)
}
I took the advice indicated in #apokryfos's comment and changed the form parsing-then-display script from a POST to a get.
redirect()->back() is, apparently, always a method=get and that was the cause of the MethodNotAllowedHttpException. In my ~2 weeks using Laravel, I hadn't yet come across that fact.
I am new to CakePHP, and follow the tutorial of CakePHP to try login function, however there is no error message appear after I use the wrong username/password. Please help.
public function login()
{
if ($this->request->is('post')) {
$user=$this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect(['controller' => 'bookmarks']);
}
$this->Flash->error('Your username or password is incorrect');
}
}
By using FlashComponent's magic method __call() an element is required to exist under src/Template/Element/Flash.
In your case you called error(), therefore it uses src/Template/Element/Flash/error.ctp. Make sure element exists.
Either that or you are not calling $this->Flash->render() in your view (where you want the error message to be shown).
I am using the Laravel 5 built in user stuff with Entrust for user roles and permissions. I have two roles set up which are administrators and users. Basically what I want to do is have two different forgotten password email templates - one for users and one for administrators. So when a user enters their email address to get the reset link emailed to them I need to check what sort of user they are first and then send them the right template. I don't want to have to do any sort of hacky stuff in the standard email template their must be a way to do this in the controller or something surely? Anyone know how I would do it?
You can probably prompt them to enter their email and when they submit you can grab it in the controller:
public function forgot()
{
$email = Input::get('email');
$user = User::where('email', $email)->first();
if($user->type == 'admin') {
// logic to email admin with admin template
} else {
// logic to email user with user template
}
// redirect to success page letting user know the email was sent
return View::make('someview');
}
Or better yet, just pass the user type to an email service that handles the emailing:
public function forgot()
{
$email = Input::get('email');
$user = User::where('email', $email)->first();
$emailService->sendForgotForType($user->type);
// redirect to success page letting user know the email was sent
return View::make('someview');
}
If you are using Laravel 5's built in User Management:
To override the default template used you would need to manually set the $emailView in the PasswordBroker.php by writing a new class that extends PasswordBroker.
For example, comment out 'Illuminate\Auth\Passwords\PasswordResetServiceProvider' in config/app.php
Then create an extension class:
use Illuminate\Contracts\Auth\PasswordBroker;
use Illuminate\Contracts\Auth\CanResetPassword;
class MyPasswordBroker extends PasswordBroker {
// override
public function emailResetLink(CanResetPasswordContract $user, $token, Closure $callback = null)
{
// Override Logic to email reset link function perhaps using the example above?
}
}
Then you would need to bind your new MyPasswordBroker class to AppServiceProvider at app/Providers/AppServiceProvider.php in the register method (below found online):
$this->app->bind('App\Model\PasswordBroker', function($app) {
$key = $app['config']['app.key'];
$userToken = new \App\Model\NewUserToken;
$tokens = new \App\Repository\NewTokenRepository($key,$userToken);
$user = new \App\Model\NewUser;
$view = $app['config']['auth.password.email'];
return new \App\Model\PasswordBroker($tokens, $users, $app['mailer'], $view);
});
Definitely moderately advanced stuff, if you can handle it - great. Otherwise I would possibly look into using an authentication package with built in features you need.
I am working on codeigniter. I am implementing signin functionality and when user signs in i call this controller
function validate_credentials()
{
$this->load->model('membership_model');
$query = $this->membership_model->validate();
if($query==1)
{
$data = array
(
'username'=>$this->input->post('username'),
'is_logged_in' => true
);
$email=$data['username'];
$this->session->set_userdata('email_of_user',$email);
$this->load->model('search_peoplee');
$data['userid']= $this->search_peoplee->get_userid_from_email($email);
foreach ($data['userid'] as $row)
{
$one=$row->userid;
}
$data['result']=$this->membership_model->friend_notify($one);
$data['count']=$this->search_peoplee->get_friends_count($one);
$this->load->model('search_peoplee');
$data['values']= $this->search_peoplee->get_notifications($one);
$data['count_notify']=$this->search_peoplee->get_notifications_count($one);
$this->session->set_userdata('lookatit','no');
$this->load->view('home_screen',$data);
}
elseif($query==2)
{
$data['main_content']='email_not_found';
$this->load->view('includes/template',$data);
}
else
{
$this->error_index();
}
}
this validates the credentials and stores a session, this controller calls a model "$this->membership_model->validate();" which picks the value form view and check that if user exists, the problem is when i retype the address it takes me to the login page and says sign in again as the model reads empty values. How to avoid this. help!!!
after you have authenticated, how about setting a session variable.
so,
$this->session->set_userdata('authenticated',TRUE);
then in the controller, first check if the user is authenticated and do a redirect, otherwise go to the validate_credentials method ??
I am making a system using CakePHP in which the users can be either A, B or C. Like student, teacher and some other role. Is it possible to let them all login via 1 link? so not /students/login and /teachers/login, but something like www.somewebsite/login for all of them?
Read this tutorial, it exactly covers what you're asking for. Also read this section.
It does not make any sense at all to have different controllers for different types of users, you'll just duplicate code. If you need to take different actions based on the role you can do that within your login method by calling another method like afterStudentLogin() from within your login() method and do role specific things there. The reason for that is that a single method should always just do one task, so you decouple the role specific code from it in a separate method.
public function login() {
if ($this->Auth->user()) {
/* ... */
$callback = 'after' . $this->Auth->user('role') . 'Login');
$this->{$callback}($this->Auth->user());
/* ... */
}
}
Even if the user types are very different, they all will share a common thing: The login. In this case have an users table and for example student_profils table and teacher_profiles table. If the difference is just a few fields I would put them all in one table like profiles.
If you want to have /login instead of /users/login you should use routing.
Router::connect(
'/login',
array(
'controller' => 'users',
'action' => 'login'
)
);
You can also take a look at this Users plugin which covers a lot of the usual user related tasks. And here is a simple multi-role authorization adapter.
A simple basic login function depending on user group would look like as given below
<?php
public function login() {
//if user already logged in call routing function...
if($this->Session->read('Auth.User')) {
$this->routing();
}
if ($this->request->is('post')) {
if ($this->Auth->login()) {
//if user status is active...
if ($this->Auth->user('status') == 1){
//redirect users based on his group id...
if($this->Auth->User('group_id')==1){
$this->redirect($this->Auth->redirect('/admins/dashboard'));
}
else if($this->Auth->User('group_id')==2){
$this->redirect($this->Auth->redirect('/teachers/dashboard'));
}
else if($this->Auth->User('group_id')==3){
$this->redirect($this->Auth->redirect('/students/dashboard'));
}
}
else{
$this->Session->delete('User');
$this->Session->destroy();
$this->Session->setFlash('Your account is not yet activated. Please activate your account to login.', 'warning');
}
}
else {
$this->Session->setFlash('Your username or password was incorrect.', 'error');
}
}
}
//just route the loggedin users to his proper channel...
public function routing() {
if($this->Session->read('Auth.User.Group.id') == 1) {
$this->redirect('/admins/dashboard');
}
else if($this->Session->read('Auth.User.Group.id') == 2) {
$this->redirect('/teachers/dashboard');
}
else if($this->Session->read('Auth.User.Group.id') == 3) {
$this->redirect('/students/dashboard');
}
else {
$this->Session->destroy();
$this->redirect('/');
}
}
?>