I am borrowing some codeigniter authentication library and try to integrate it with my mvc version.
My version initiates breadcrums in the basecontroller and every module has it's own
controller that extends it.
What I want to know is if I am submitting my login form, then my submit action
will be /controller/function.
But, I don't want the function to appear in the breadcrumbs, how is this normally done.
As I am writing this, I am thinking that I can run all the logic threw the default
index function.
On the other hand, you want to be able to call on functions directly.
The question is how this is normally done in an mvc architecture
Could someone give me some feedback on this, please.
thanks, Richard
Once you authenticate are you redirecting the user to where they were previously or the index page on the website?
Usually the login controller doesn't actually have a view, it just authenticates and forwards you to either the login form if you are not authenticated, or a logged in page if the person is authenticated.
Related
I'm trying to implement CalDav in CakePHP 3.0 and I'm new to both of them. I've created a Customer portal and want that every single user has access to his appointments.
I followed the tutorial http://sabre.io/dav/caldav/, but when I try to run mypage/calendarserver.php/ (which i've located in webroot), it only appears my own created login page (it should display a login from sabredav).
The real problem is: when I try to create for example: "mypage/calendarserver.php/principals" Cake tells me that the principals controller is missing. I don't want to use any controller of Cake when I access this url. Does somebody know how to avoid calling the controller of Cake?
Thanks for your help.
I'm making web app that will be fully based on Ajax requests.
As I understand the only way to achieve that goal is to send identity and password with every Ajax request or am I wrong?
I'd like to use ZfcUser to perform actions connected with register, login and logout but if I'm calling that on server side: $this->getServiceLocator()->get('controllerPluginManager')->get('zfcUserAuthentication')->getAuthService()->getIdentity(); I always receive last logged user.
Is it possible to handle multiple users at once using ZfcUser plugin (or maybe simply Zend 2)?
Can Zfcuser remember in any data structure all users that are actually logged in?
If you are in a controller you can use $this->ZfcUserAuthentication()->getIdentity() to get the identity. If you are anywhere else, use the servicemanager/locator to get 'zfcuser_auth_service' which you then can use to call getIdentity().
The Auth Service will give you the user based on session, so you should never users from another session. Doesn't matter if you use ajax or not.
I'm wondering what is best in my case. I'm building a site using CodeIgniter with two main sections:
the public part avalaible to everyone
the private one only for registered users
In each page of the public area (one controller) I want to put a sign in form and a sign up link and if the users is logged in he has to be redirected to the private area or a link to it may be shown.
Now I have two choices:
A user controller is the first thing I thought of but in each page of the site I need to control if the user is logged and this is impossible or very bad since I'm using another Controller
So I started working on a library but I'm not sure how implement it (for example form validation should be achieved by the controller or by the library itself?, what about database connection since I haven't a model?)
What do you think is the best? Why? and how would you implement it?
(and yes I like reinventing the wheel and not using an existing library mainly because i want to learn how to do it)
Super Controller
=>assign user data,settings,configs etc
|-----private controller extends super controller
=>check user credentials
|-----admin controller extends super controller
=>check user && admin credentials
Your super controller is your public controller as long as you only do assignments, no checking...
Anything you want public just extends super controller
Anything you want private extends private controller
Form validations and query jobs should be carried out with the controller itself. The library act like a tool no need to implement these things in them but as a need you can use queries in them to check some data but it's better to be worked in the controllers.
The idea for having a log flag is to:
When user is signed in, create a session for it to show the access.
Check every time the session for the private parts.
I've been using CakePHP for some time now. But I still fail to solve some issues on my own.
Its been difficult to understand how Cake Auth works but in these past few weeks I've managed to work with it.
Now to my issue:
I have 2 separate tables(Say for Admin Users and Normal Users). Both have different Controllers (Lets say they are AdminsController and UsersController).
Now I have completed Users module without any trouble. Users login and Admin Login are different views. As I dont want any normal User to be able to get their hands on Admin login page I've kept it separate from normal user login.
Users login works fine with Auth. But now I want to use another Auth for AdminController for some reason I am unable to make use the second Auth from AdminController and control automatically transfers to the Users Login
It would be great if someone could point in the correct direction. Please!
Thank You. In advance!!
P.S : I've also tried using Auth->userModel
Sorry everyone I was using Auth->userModel slightly wrong way.
I was adding it to my Admin Controller but not in User Controller so if you came here looking for an answer please use
$this->Auth->userModel="User";
in every controller in beforeFilter()
enjoy.......
I am currently wondering how a centralized page authenticator could be achieved. Can anyone suggest a neat algorithm for me? What I intend to achieve is to make my backend administrator pages session protected without writing a piece of session checking code to each of my pages that I want protected. I currently do something like this:
login page -> if right credentials : set session -> if view protected page without session : reject else : permit
Any best practices (or a better method) on/than this?
I would not so much want to suggest an algorithm, but a library/framework instead.
If your application has a single entry point, that is the place to call your session management library/framework. For example with the Zend Framework you can initiate your session in the bootstrap. The only thing left is to authenticate a session in the login controller.
If you're architecting a PHP app that has multiple entry points you will go crazy trying to copy and paste all this code. Look into using a real MVC framework.
I use Zend_Controller to route my pageviews in situations like this.
Once you architect your app in that way, it becomes simple to add some code to the predispatch() method of your restricted controllers to do authentication and redirect to a login page if it is not found or is invalid.