I am using cakephp 3 and their auth component .. everything is working fine but i want to match my password while login using md5 instead of default hashing password logic cakephp 3 uses ... what should i do to implement this feature .. here below is my AppController.php file what i have done so far ..
AppController.php
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'loginRedirect' => [
'controller' => 'Users',
'action' => 'dashboard'
],
'logoutRedirect' => [
'controller' => 'Users',
'action' => 'login'
],
'loginAction' => [
'controller' => 'Users',
'action' => 'login'
],
'authenticate' => [
'Form' => [
'userModel' => 'Users',
'fields' => [
'username' => 'user_email',
'password' => 'user_password'
]
]
],
'storage' => 'Session',
'unauthorizedRedirect' => false,
]);
}
as i mentioned above, everything is working fine, i am able to login successfully with default hashing method which cakephp 3 provides, but i just want to exclude this hashing method and need to check using md5 .. how can i do this ?
Can someone guide me or help me please ?
Thanks
Ok .. guys .. eventually i have found out the solution and here below is what i have come up with .. so if anybody stuck or want similar feature, they can follow this thing to accomplish this ..
Go here http://book.cakephp.org/3.0/en/controllers/components/authentication.html#creating-custom-password-hasher-classes there they are saying to create a new file which you need to follow and need to create.
Then in your Auth Component make sure you add below line
'Form' => [
'passwordHasher' => [
'className' => 'Legacy',
]
]
This is working for me, i hope it helps someone .. Thank you guys.
Related
I have been using the following plugin (https://github.com/CakeDC/users) for CakePHP, but I can't figure out how to get the permissions working for it. I have followed all instructions, but it seems authorize does not get used at all. Wondering if anyone has any tips on how to make it work. Here is my setup:
bootstrap.php
Configure::write('Users.config', ['users']);
Plugin::load('CakeDC/Users', ['routes' => true, 'bootstrap' => true]);
AppController.php initialize function
$this->loadComponent('CakeDC/Users.UsersAuth');
config/users.php
$config = [
'Auth' => [
'authError' => 'Did you really think you are allowed to see that?'
]
];
return $config;
config/permissions.php
return [
'Users.SimpleRbac.permissions' => [
[
'role' => '*',
'controller' => 'Pages',
'action' => ['display'],
'allowed' => true
], [
'role' => '*',
'controller' => 'Taxes',
'action' => ['*'],
'allowed' => true
], [
'role' => '*',
'prefix' => 'v1',
'controller' => '*',
'action' => '*',
'allowed' => true
]
]
];
return $config;
Frankly it seems a CakePHP configuration issue, but I am not able to find where that problem is coming from. I say that because even though debug shows the correct file loaded to authorize, it does not get called.
Please ensure you are returning the $config variable in the users.php file and you are initializing the plugin correctly as indicated here https://github.com/CakeDC/users/blob/master/Docs/Documentation/Configuration.md
Configure::write('Users.config', ['users']);
Plugin::load('CakeDC/Users', ['routes' => true, 'bootstrap' => true]);
I've created a test environment here with your provided Auth configuration and it works correctly https://ide.c9.io/steinkel/users-so-42523209
https://nimbus.everhelper.me/client/notes/share/790695/girguwv9x7rttdvu5c4x
Thanks,
I created custom url route like this:
Router::connect('/subjects.details', array(
'plugin' => 'subjects',
'controller' => 'subjects',
'action' => 'details'
));
However that action/view needs a parameter.
So when I go to link like localhost/foo/subjects.details/12 it gives me missing controller error.
Missing Controller
Error: Subjects.detailsController could not be found.
Error: Create the class Subjects.detailsController below in file:
app/Controller/Subjects.detailsController.php
How do I add id param for this url?
You have to define the param in the url and in your action as well:
Router::connect('/subjects.details/:id', array(
'plugin' => 'subjects',
'controller' => 'subjects',
'action' => 'details'
));
Lasers answer returned another error. It basically added new key 'id' => '1' into $this->params array instead into $this->params 's 'passed' key array. By changing it into this it works:
Router::connect('/subjects.details/*', array(
'plugin' => 'subjects',
'controller' => 'subjects',
'action' => 'details'
));
Here is a working solution. You have to passed the params and then it'll start working. Here is the way-
Router::connect('/subjects.details/:id', [
'plugin' => 'subjects',
'controller' => 'subjects',
'action' => 'details'
],
[
'pass' => ['id']
]
);
And your method should look like this-
public function details($id){
//....
}
I hope this can be helpful. Thanks.
Hello I'm using CakePHP 3 to simple setup a site which some pages of it need user to login first.
It was fine when I put the loadComponent('Auth', blablabla) code in initialize() of AppController.php.
src\Controller\AdminController.php
...
public function login() {
if ($this->request->is('post')) {
$admin = $this->Auth->identify();
if ($admin) {
$this->Auth->setUser($admin);
return $this->redirect($this->Auth->redirectUrl());
}
$this->Flash->error('Your username or password is incorrect.');
}
}
...
src\Controller\AppController.php
...
public function initialize() {
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'Authenticate' => [
'Form' => [
'userModel' => 'Admin',
'Fields' => [
'username' => 'email',
'password' => 'password'
]
]
],
'loginAction' => [
'controller' => 'Admin',
'action' => 'login',
]
]);
$this->Auth->allow(['display']);
}
...
At this point, I needed to login in order to view all other pages of the site.
But I tried to put this same authentication setup in another controller called JustController, and after I logged in, a fetal error stated
Call to a member function identify() on boolean
has been shown.
It should be possible to setup authentication in other controllers so that the site can have more than 1 set of login system instead of covering whole site by setting up in AppController, doesn't it?
Thank you.
Sorry im new to cakephp 3.0. In my user table, there are two user types, admin and public. How do I display/hide links according to user types in default.ctp? Can anyone guide me thanks!!
This is my app controller
namespace App\Controller;
use Cake\Controller\Controller;
use Cake\Event\Event;
class AppController extends Controller
{
//...
public function initialize()
{
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'email',
'password' => 'password'
]
]
],
'loginRedirect' => [
'controller' => 'Users',
'action' => 'index'
],
'logoutRedirect' => [
'controller' => 'Pages',
'action' => 'display',
'home'
]
]);
}
public function beforeFilter(Event $event)
{
$this->Auth->allow(['controller' => 'Users', 'action' => 'add', 'index',
]);
}
}
The AppController you've posted has nothing to do with what I understand of your request so that's got me a little confused. Either way, you can access the session of the current logged in user through session variables.
For example - if your users table had the column 'type' in which the values 'public' or 'admin' were stored, it would look something like this:
<?php if ($this->session->read('Auth.User.type') == 'admin') { ?>
Link to admin functions
<?php } else { ?>
Boring public link
<?php } ?>
That's assuming you're working with logged in users. If you haven't got that far yet, read the CakePHP 3 tutorial on authentication and authorization.
My Users table has a whole bunch of fields, most of which I don't need/want stored in the Auth User session. How do you restrict which fields are stored in the session for the logged in user?
I know you can choose fields of associated models with the 'contain' key, but normally to select fields of the top-level model, you'd use the 'fields' key. But in the case of Auth, the 'fields' key is used to choose which fields to authenticate the user by, not which fields to include in the session.
To give some context, here's my code so far... what would I do to make it so that only the email and firstname fields are stored in the Auth session, as opposed to all fields in the Users table.
$this->Auth->authenticate = array(
'Blowfish' => array(
'fields' => array(
'username' => 'email',
'password' => 'password',
)
)
);
I've upvoted the answers which were useful, albeit work-around solutions - thanks.
I think the "correct" answer is that there's no way to do this with CakePHP Auth component out of the box, and you have to hack it (eg, using one of the solutions below). I took a look at the _findUser method in BaseAuthenticate.php and it confirms this.
In case a CakePHP core dev is reading (DeEuroMarK?), this is probably a pretty common requirement, and I think it's a feature worth having built in.
Suggested implementation: just include the fields you want as extra fields in the 'fields' array - and just assume that every key other than 'username' and 'password' is an extra field that should be included in the auth session. That way it's consistent with other Model find syntax.
Example:
$this->Auth->authenticate = array(
'Blowfish' => array(
'fields' => array(
'username' => 'email',
'password' => 'password',
'another_field',
'yet_another_field'
)
)
);
in the beforeFilter of my UsersController I have something similar as your login.
Then I set a afterLogin function as the redirect
$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'afterLogin');
$this->Auth->loginRedirectTrue = array('controller' => 'users', 'action' => 'index');
$this->Auth->logoutRedirect = array('controller' => 'pages', 'action' => 'display');
the login function dus some checks and afterwards redirects to
if ($this->Auth->login()){
// code here
$this->redirect($this->Auth->redirect());
}
and afterLogin function like this
function afterLogin(){
$session = $this->Session->read('Auth');
$user_id = $session['User']['id'];
// change this to find only the fields you need and then override the Auth.User...
$user = $this->User->findById($user_id);
if (!empty($user)){
$this->Session->write('Auth.UserProfile', $user['UserProfile']);
}
$this->redirect($this->Auth->loginRedirectTrue);
}
You should change the findById to suit your needs and then override the Auth.User fields in the session.
Good Luck!
I think the simplest is to add something like this:
add a contain to your Auth-Component configuration
$this->loadComponent('Auth', [
'authorize' => 'Controller',
'loginRedirect' => [
'controller' => 'Users',
'action' => 'index'
],
'logoutRedirect' => [
'controller' => 'Users',
'action' => 'login'
],
'authenticate' => [
'Form' => [
'fields' => ['username' => 'email'],
'contain' => ['Groups']
]
],
'unauthorizedRedirect' => $this->referer()
]);
...
And in you login-action save the user in session:
$foundUser = $this->Auth->identify();
if ($foundUser) {
$this->Auth->setUser($foundUser);
}
...
this will add the containing groups to the Auth.User
The is for CakePhp3 - in older versions it may be different.