Change called Controller at runtime in Cakephp 3.x - cakephp

I am trying to halt the action performed by the user if it is not authorized.
So i decided to write a function in AppController and call it in beforeFilter() function like This
public function beforeFilter(Event $event)
{
$this->requestData = $this->request->data;
if (isset($this->request->params['prefix']) && $this->request->params['prefix'] == 'api/v1') {
$this->checkAuthToken(); // My function to check authentication
}
parent::beforeFilter($event);
}
My function to check authentication
public function checkAuthToken()
{
if (empty($this->request->header('AUTH-TOKEN')) || empty($this->requestData['employee_id'])) {
$this->DATA['error'] = 'Access Denied. Contact admin';
$this->DATA['error_code'] = 2;
} else {
$this->loadModel('Employees');
$employee = $this->Employees->get($this->requestData['employee_id']);
if ($employee->status == 'B') {
$this->DATA['error'] = 'Your account is blocked. Contact admin';
$this->DATA['error_code'] = 3;
} else if ($employee->status == 'I') {
$this->DATA['error'] = 'Your account is not active yet. Contact Admin';
$this->DATA['error_code'] = 4;
} else if ($employee->auth_token != $this->request->header('AUTH-TOKEN')) {
$this->DATA['error'] = 'Access Denied! Invalid Request';
$this->DATA['error_code'] = 5;
} else if ($employee['fail_attempts'] > 3) {
$this->DATA['error'] = 'Due to so many attempts you account is blocked! Contact admin';
$this->DATA['error_code'] = 6;
}
}
}
After this in beforeRender
public function beforeRender(Event $event)
{
$debugApi = true;
if (!$debugApi) {
if (isset($this->DATA['error_debug'])) {
$this->log($this->DATA['error_debug']);
$this->DATA['error'] = 'Something went wrong! Please try again';
}
}
$this->set('data', $this->DATA);
if (!array_key_exists('_serialize', $this->viewVars) &&
in_array($this->response->type(), ['application/json', 'application/xml'])
) {
$this->set('_serialize', true);
}
}
What is going wrong is if a user request for the API and my authentication gives error then i have to halt calling the controller action and give him error message. Or if i can change the controller to blank one.
Thanks


You can call setAction method if authentication fails. Something like:
if ($this->DATA['error']) {
return $this->setAction('error_method');
}


if ($this->DATA['error']) {
$this->redirect(['controller'=>'test', 'action'=>'/']);
exit;
}

Related

Can i convert whole cakephp website to web services?

Hey I m working on project in cakephp. There will also be apps for Android as well as iPhone. How can i convert my web code to web services.

Yes, There is a way to convert complete site in web-services of any version of cakephp.
There is step to follow:
1. Put "Router::parseExtensions("pdf", "json");" this line to your routes.php in config folder before routing rules.
2. Overwrite your "beforeRender" and "Redirect" function in AppController with following:
function beforeRender() {
if (Configure::read("debug") == 0) {
if ($this->name == 'CakeError') {
$this->layout = "error";
}
} else {
if ($this->name == 'CakeError') {
$this->layout = "error";
}
}
if ($this->params["ext"] == "json") {
$paging = $requests = "";
if (isset($this->params["paging"]) && !empty($this->params["paging"])) {
$paging = $this->params["paging"];
}
$this->set(compact("paging"));
if (isset($this->request->data) && !empty($this->request->data)) {
$requests = $this->request->data;
}
$this->set(compact("requests"));
if ($this->Session->check("Message.flash") && is_array($this->Session->read("Message.flash"))) {
foreach ($this->Session->read("Message.flash") as $key => $value) {
$this->set($key, $value);
}
}
if (isset($this->{$this->modelClass}->validationErrors) && !empty($this->{$this->modelClass}->validationErrors)) {
$this->set("formError", $this->{$this->modelClass}->validationErrors);
}
if (isset($this->viewVars["params"])) {
unset($this->viewVars["params"]);
}
if (isset($this->viewVars["request"])) {
unset($this->viewVars["request"]);
}
$response = $this->viewVars;
if (!in_array($this->params["action"], $this->Auth->allowedActions) && !$this->Auth->loggedIn()) {
$response = array("authError" => true, "message" => "Please login to access.");
}
$this->set(compact("response"));
$this->set('_serialize', array("response"));
}
}
public function redirect($url, $status = NULL, $exit = true) {
if ($this->params["ext"] == "json") {
$paging = $requests = "";
if (isset($this->params["paging"]) && !empty($this->params["paging"])) {
$paging = $this->params["paging"];
}
$this->set(compact("paging"));
if (isset($this->request->data) && !empty($this->request->data)) {
$requests = $this->request->data;
}
$this->set(compact("requests"));
if (isset($this->{$this->modelClass}->validationErrors) && !empty($this->{$this->modelClass}->validationErrors)) {
$this->set("formError", $this->{$this->modelClass}->validationErrors);
}
if (!in_array($this->params["action"], $this->Auth->allowedActions) && !$this->Auth->loggedIn()) {
$response = array("authError" => true, "message" => "Please login to access.");
}
$this->set(compact("response"));
$this->set('_serialize', array("response"));
} else {
parent::redirect($url, $status = NULL, $exit = true);
}
}
Note: If you are checking for Ajax request using that request is ajax or not, and you want to response to your ajax, you have to put your response in "IF" condition
if (!isset($this->params["ext"])) {
// echo json_encode($response);
// echo "success";
// die;
}
Otherwise you can render your view in response.

I would start by reading this
You basically need to modify your routes. You also need to modify (serialize) what your controllers return.

Codeigniter - Array dont work correctly

Whenever I call this function, I get the user_id correctly but the password isnt checked...
Model:
<?php
class Prometheus_model extends CI_Model {
var $tables = array(
'bots' => 'bots',
'users' => 'users'
);
function __construct() {
parent::__construct();
}
public function tablename($table = NULL) {
if(! isset($table)) return FALSE;
return $this->tables[$table];
}
public function get($table, $where = array(), $order = NULL) {
$this->db->where($where);
if(isset($order)) {
$this->db->order_by($order);
}
$q = $this->db->get_where($this->tablename($table),$where);
$result = $q->result_array();
// You should use $q->num_rows() to detect the number of returned rows
if($q->num_rows()) {
return $result[0];
}
return $result;
}
public function update($table, $where = array(), $data) {
$this->db->update($this->tablename($table),$data,$where);
return $this->db->affected_rows();
}
public function insert($table, $data) {
$this->db->insert($this->tablename($table),$data);
return $this->db->insert_id();
}
public function delete($table, $where = array()) {
$this->db->delete($this->tablename($table),$where);
return $this->db->affected_rows();
}
public function explicit($query) {
$q = $this->db->query($query);
if(is_object($q)) {
return $q->result_array();
} else {
return $q;
}
}
public function num_rows($table, $where = NULL) {
if(isset($where)){
$this->db->where($where);
}
$q = $this->db->get($table);
return $q->num_rows();
}
public function get_bot_data_by_hw_id($bot_hw_id) {
$q = $this->get('bots', array('bot_hw_id' => $bot_hw_id));
return $q;
}
public function check_user_data($user_incredials, $user_password) {
if($this->num_rows('users', array('user_name' => $user_incredials, 'user_password' => $this->encrypt->decode($user_password))) == 1){
$q = $this->get('users', array('user_name' => $this->security->xss_clean($user_incredials)));
return $q['user_id'];
}
return FALSE;
}
}
?>
My function-calling at the controller:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Login extends CI_Controller {
public function index(){
if($this->input->post('user_login')){
var_dump($this->prometheus_model->check_user_data($this->input->post('user_incredials'), $this->input->post('user_password')));
}
$this->load->view('login_index');
}
}
How can i fixx this ?

In your check_user_data() method you are using
if($this->num_rows('users', array('user_name' => $user_incredials, 'user_password' => $this->encrypt->decode($user_password))) == 1)
I think (logically) following code
$this->encrypt->decode($user_password)
should be
$this->encrypt->encode($user_password)
because, you are calling num_rows() method and it is
public function num_rows($table, $where = NULL)
{
if(isset($where)){
$this->db->where($where);
}
$q = $this->db->get($table);
return $q->num_rows();
}
which is actually querying the data base something like, for example,
select * from USERS where user_name = 'heera' and password = decode('abcde12345')
In this case, the password you are trying to match is need to be encrypted using encode (not decode) method, because the user has given you a non-encrypted (plain) password and the password saved in the database is already encrypted, so encode the plain password using encode method before you query the database to match with already encoded passwords.

registration and login in cakephp2.0

Good day! I am now migrating my codes from 1.3 to 2.0 of CakePHP. And I just want to ask, how can I do this code (from 1.3) to 2.0? Here is the code:
function register() {
if(!empty($this->data)) {
// unset unrequired validation rules
unset($this->User->validate['username']['check_user']);
// validate & save data
if($this->User->save($this->data)) {
$this->data['User']['Password'] = md5($this->data['User']['Password']);
$this->User->save($this->data);
// set Flash & redirect
$this->Session->setFlash('You have successfully registered.','default',array('class'=>'flash_good'));
$this->redirect(array('action'=>'login'));
}
else{
//$this->Session->setFlash(__('The user could not be saved.' , true));
//$this->redirect(array('action' => 'register'));
}
}
}
and here is my attempt code that I tried to resolve:
public function register() {
if($this->request->is('post')) {
//unset($this->User->validate['username']['check_user']);
// validate & save data
//$this->data['User']['Password'] = md5($this->data['User']['Password']);
$this->request->data('User.Password', $this->request->data('User.Password'));
// $this->User->save($this->data);
// set Flash & redirect
if($this->User->save($this->request->data)) {
$this->Session->setFlash('You have successfully registered.','default',array('class'=>'flash_good'));
$this->redirect(array('action'=>'login'));
}
else{
//$this->Session->setFlash(__('The user could not be saved.' , true));
//$this->redirect(array('action' => 'register'));
}
}
}
This code is for the login, made in 1.3
function login() {
//echo $_SESSION['User']['auth'];
if(!isset($_SESSION['User']['id'])){
if(!empty($this->data)) {
if(($user = $this->User->validateLogin($this->data['User'])) == true)
{
//print_r(md5($this->data['User']['password']));
$user = $this->User->find('first',array('conditions'=>array('Username'=>$this->data['User']['Username'],'Password'=>md5($this->data['User']['Password']))));
//print_r ($user);
if(!empty($user)){
$_SESSION['User']['id'] = $user['User']['id'];
$_SESSION['User']['name'] = $user['User']['Name'];
$_SESSION['User']['auth'] = $user['User']['auth'];
$this->redirect(array('controller'=>'ads','action'=>'index'));
}else{
$this->Session->setFlash('Username/Password not match');
$this->redirect(array('action'=>'login'));
}
}
}
}
else{
$this->Session->setFlash('Login First.');
$this->redirect(array('controller'=>'ads','action'=>'index'));
}
}
and here is my code in 2.0 and still it is not working also.
public function login() {
if(!($this->Session->read('user_id'))){
if($this->request->is('post')) {
//$user = $this->User->find('first',array('conditions'=>array('Username'=>$this->data['User']['Username'],'Password'=>md5($this->data['User']['Password']))));
if(!empty($user)){
$this->Session->write('user_id',$user['User']['id']);
$this->Session->write('name',$user['User']['Name']);
//$this->Session->write('name',$user['User']['Name']);
$this->redirect(array('controller'=>'ads','action'=>'index'));
}else{
$this->Session->setFlash('Username/Password not match');
$this->redirect(array('action'=>'login'));
}
}
}else{
$this->redirect(array('controller'=>'ads','action'=>'index'));
}
}//end login
I hope that someone respond to my question. Thanks in advance.

I would first try running the migration on your existing code and you might be surprised. here is the link to the upgrade shell:
http://book.cakephp.org/2.0/en/console-and-shells/upgrade-shell.html#upgrade-shell
Try that first.

cakephp auth component when I submit login

when i submit login
I got
Error: LoginsController could not be found.
this Appcontroller
class AppController extends Controller {
var $helpers = array('Html','Form','Ajax','Javascript','Session');
var $components = array('Auth','Session');
function beforeFilter() {
//parent::beforeFilter();
$this->Auth->userModel = 'Member';
$this->Auth->allow('*');
$this->Auth->authError='Please Login for view this page';
$this->Auth->loginError = 'Username or Password does not match';
$this->Auth->loginRedirect = array('Controller'=>'Members','action'=>'dashboard');
$this->Auth->logoutRedirect = array('Controller'=>'Members','action'=>'index');
($this->set('admin',$this->isadmin()));
($this->set('logged_in',$this->logged_in()));
( $this->set('userUsername',$this->userUsername()));
}
function isadmin(){
$admin = FALSE;
if($this->Auth->user('priority') == 'admin')
{
$admin = TRUE;
}
return $admin;
}
function logged_in(){
$logged_in = FALSE;
if ($this->Auth->user())
{
$logged_in = TRUE;
}
return $logged_in;
}
function userUsername(){
$userUsername = NULL;
if($this->Auth->user())
{
$userUsername = $this->Auth->Member('username');
}
return $userUsername;
}
}
I try to search in stackoverflow but I can't found thank for answer

What is happening is that you need to create a LoginsController that extends the AppController and in that controller you will handle the logic for the login. When you go to the url /login, it will automatically look for that controller unless you create a route specifying otherwise.

Override Model::save() or Implement Before/After Events? How Do I Fatten my Cake Models?

I find my edit actions in CakePHP controllers get messy pretty quickly, and I'd like to pull most of that crap into the Model. Let me give you a scenario.
I have an users/edit action in my Users controller. I want to let users reset a password (or not reset the password) in my form. If they provide a new password then I pass the three password fields into save() using the fields list parameter of save(). If they don't provide those fields I don't want to pass those fields in using the fields list.
The code to check these fields is currently in my controller, what would be a good way to move this into the model?
Here's what my controller's edit action looks like:
function edit($id = null) {
if ($this->Session->check('Auth.User') && $this->Session->read('Auth.User.id') == $id) {
if (!$id && empty($this->data)) {
$this->Session->setFlash('Invalid Account','default',array('class'=>'flash_error'));
$this->redirect(array('controller'=>'directories', 'action' => 'index'));
}
if (!empty($this->data)) {
// take out the following and an error occurs in parentNode()
$this->data['User']['group_id'] = 2;
if (empty($this->data['User']['old_password'])) { //TODO: pass in a field list for every publicly available save() call.
//dont update the password fields if they aren't passing in the old password
if ($this->User->save($this->data,true,array('first_name', 'last_name', 'email', 'username'))) {
$this->Session->setFlash('Your changes have been saved','default',array('class'=>'flash_ok'));
$this->redirect(array('controller'=>'directories','action'=>'index'));
} else {
$this->Session->setFlash('Your changes could not be saved. Please, try again.','default',array('class'=>'flash_error'));
}
} else {
//update the passwords
if ($this->User->save($this->data,true,array('first_name', 'last_name', 'email', 'username', 'password', 'password_confirm', 'old_password'))) {
$this->Session->setFlash('Your changes have been saved','default',array('class'=>'flash_ok'));
$this->redirect(array('controller'=>'directories','action'=>'index'));
} else {
$this->Session->setFlash('Your changes could not be saved. Please, try again.','default',array('class'=>'flash_error'));
}
}
}
if (empty($this->data)) {
$this->data = $this->User->read(array(
'first_name', 'last_name', 'email', 'username'
), $id);
}
$this->set('user_id',$id);
$this->set('current_subscription', $this->User->Subscription->currentSubscription($id));
} else {
//redirect to not authorized
$this->Session->setFlash('Invalid Account','default',array('class'=>'flash_error'));
$this->redirect(array('controller'=>'directories', 'action' => 'index'));
}
}

A more graceful style would be
function edit($id = null)
{
if($id && $this->Modelname->isValidLoginUser($id) && $this->data)
{
$login_tag = $this->Modelname->resetPass($id,$this->data);
switch($login_tag)
{
case 0: $this->Session->setFlash();$this->redirect();break;
case 1: $this->Session->setFlash();$this->redirect();break;
....
}
}
else
{
$this->Session->setFlash("missing arguments.");
}
}
And the function Modelname->resetPass() in the model looks like
function resetPass($id,$data)
{
$user = $this->findById($id);
$oldpasswd = $user[modelname]['password'];
$newpasswd = $data[modelname][passwd1];
$confirmpasswd = $data[modelname][passwd2];
if($newpasswd=="" || $confirmpasswd=="")
{
return 0;
}
if($newpasswd != confirmpasswd)
{
return 1;
}
....//perhaps other invalid situations
if($newpasswd == $oldpasswd)
{
$this->saveField("password",$newpasswd);
return N; //N is an int meaning success.
}
}

Resources