I'm developing a CakePHP 1.3 application which needs to login users backend and frontend.
On the backend, admins and others must login to edit pages and data.
On the frontend, users can login to see "private" pages.
I'm using CakePHP ACL/Auth to login backend users (but i dont'have so clear how it works).
What do you suggest? I was thinking to set frontend users as a particular "acl" group to see that pages.
User admin routing.( http://book.cakephp.org/view/945/Routes-Configuration )
This will allow you to create separate functionality for ADMINS and USERS. You can even create additional user types and create routes for them too.
ACL is a bit difficult to understand and does not make sense for all situations. This blog may be of some use to help you get started:
http://www.studiocanaria.com/articles/cakephp_auth_component_users_groups_permissions_revisited
Related
I have a page developed in Wordpress and to enter to this page you have to register and then login into the same.
Now I have to develop another system and I have to use the same session in my new page that was logged in Wordpress.
In the Wordpress page there is a link that brings to Symfony 2 page. Clicking in that link, the user must be the same.
I am using the same database for both applications, so the wp_users table from Wordpress is used by the new Symfony2 page.
For example the user logged in Wordpress page has to fill certain form developed in the new Symfony2 page.
I found this bundle but I don't know how to use it. It seems very useful.
My questions are:
Is there a way to save the session in a cookie and use this cookie in my Symfony2 app?
Is there a way to send a token in the link in the Wordpress page and use this token in my Symfony2 page? This token should contains the user logged info.
Daniel, what you are asking for is possible but is some pretty technical stuff. Your best bet is to try and follow the instructions for the bundle you linked to get the user auth working. Baring that if you wanted to roll your own solution, assuming you are on symfony 2.8 or later you would need to implement a custom user provider and a guard.
http://symfony.com/doc/current/cookbook/security/guard-authentication.html
Basically the idea would be to read the session cookie created by wordpress, use doctrine to look up that session again in wordpress db, get the user ID associated with that. Use that User ID to load the custom user entity you created for the custom user provider.
Someone providing that solution on here likely wont happen with just how much effort would be involved.
I am using CakePHP 2.4. I am using AuthComponent.
There is an User Management module in Admin Panel, where I am showing list of users. I have given a link Login as User corresponds to each user.
Now I have to handle multiple user sessions on the basis of user_type field in a way that an Admin & the specific user sessions can maintain in the same browser.
There are 3 user_types in users table: admin,dealer and general.
Please suggest, If AuthComponent have this feature. Any other alternate solution would also be appreciated.
I'm building a site that has two areas: the main site, and an admin area.
The main site has to have Facebook login functionality (I'm looking at using Sammy K's Laravel Facebook SDK) and the admin area is just going to have a database-based login; basically the Laravel login system.
I'm wondering how to approach this, and whether anyone's done this before. Some design considerations:
Should I have two separate user tables?
Should I use two route filters, one for each auth type?
If I only have one user table, should I use different groups (somehow - I'm not sure they'll built in?) or some indicator to let the system know whether it's a database-based, user/password login, or just a Facebook login?
since you are using facebook SDK,
you don't need a user table to begin with in most cases/projects.
if you indeed want to use two different authentication, then yes, use one for each auth type.
assign different routes for each of the case. don't need to bring all those different entities together and make a sandwich.
I would like to know if there is a plugin available or a way to achieve a registration process for a WordPress site that would be completely separate from thee site's users that can see the backend. To clarify a bit, we want to have two registrations available, one for site admins or editors that have access to the actual WordPress backend, and one for additional clients that don't have access to the WordPress backend and do not share the same user database table. We would not want them to even be listed as "Users" in the WordPress backend. Thanks in advance for any suggestions!
Create a separate system which uses OpenID. It's easiest
You should go to your dashboard and check that the default user role is set to subscriber. Subscribers only role is to read posts, they don't have access to the dashboard.
I have built an app using codeigniter which has 3 different member groups
Admininstrators - Who login to a dashboard and have CRUD facilities to Add/Edit/Delete Events, shows and artists
Clients - Who Login from the front end and see all the items that the admin have added via the back end.
Media Partners - Who Login from the front-end and see certain parts of what the client can see but not all things.
I have integrated the Tank_Auth Library for the Clients section which all works fine. What I would like to achieve though is for the administrator to be able to login to a seperate admin area and the media partners to be able to login to a seperate area too.
What is the best way to approach this?
Do I need to create sepearate dashboard controllers for each userbase and duplicate the Tank_Auth controller 3 times and tweak this?
Ideally The Admin users also need to be able to add news users and login to all 3 seperate areas?
Has anybody achieved such a solution before, If so how did you go about it? perhaps tank auth isn't the correct approach?
Any input would be appreciated.
Thanks Dan
I am using CI, but haven't used Tank_Auth, I have my auth class and in every function I have the following method called: $this->auth->accessMap(get_class($this),__FUNCTION__);
In auth class:
public function accessMap($controller_name,$function_name)
{
if ($this->perms_array[$controller_name][$function_name])
return true;
else $this->redir();
}
I have permissions array in config:
$config['user_perms']['className']['method1'] = array($config['user_types']['admin']);
$config['user_perms']['className']['method2'] = array($config['user_types']['admin'],$config['user_types']['user']);
Like this you can specify for each method which user has permission to use it.
I hope this will help.
I can't find the thread on the CI forums because I can't seem to login to their website right now, however do a search for 'zend_acl in codeigniter'. Alternatively there is this blog post about how to implement it, but it is slightly dated.
ACL stands for Access Control List, it will allow you to setup various permissions for different types of users. Zend has one of the best implementations of ACL in my opinion.
More information about ACL's can be found on zend's website.
Absence of user group is a pain when using tank_auth if we have multiple user groups. I ran into this issue recently. Here is the solution posted in CI forms.
Using tank_auth for both front end user registration and login and back end admin login