How to change user table name and column name for authentication in cakephp. By default its taking users as table name.
class AppController extends Controller {
public $components = array(
'Session','Security',
'Auth' => array(
'loginRedirect' => array('controller' => 'project', 'action' => 'index', 'Project Details'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login')
)
);
function beforeFilter() {
$this->Auth->allow('login');
}
}
Model :
App::uses('AppModel', 'Model');
class Users extends AppModel {
var $useTable = 'manager';
}
In your AppController's beforeFilter() method add following code
function beforeFilter(){
parent::beforeFilter();
$this->Auth->authenticate = array(
AuthComponent::ALL => array("fields" => array("username" => "your_username_column", "password" => "your_password_column") )
);
}
Related
I'm using BotDetect Captcha in a CakePHP 2.6 application, and have implemented it as per the instructions on this page:
How To Add BotDetect Protection To CakePHP 2.6 Applications
The Captcha is working great on the controller/view where I need it.
However, it seems to be interfering somehow with the standard login process used by the same controller.
Here's my header for the controller which loads the BotDetect Component:
public $components = array('RequestHandler','Epd','BotDetect.Captcha' => array(
'CaptchaId' => 'EpdCaptcha',
'UserInputId' => 'CaptchaCode'));
Here's my login function:
public function login() {
$this->layout='login';
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirectUrl());
}
else
{
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
And here's my AppController.php:
class AppController extends Controller {
public $components = array(
'Auth' => array(
'loginRedirect' => array(
'controller' => 'users',
'action' => 'selectorg'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'authenticate' => array(
'Form' => array(
)
)
),
'Session'
);}
Now when I login to the app, the auth component isn't authorizing the login, and it's just bouncing back to the login screen. But when I remove the BotDetect component, the login works perfectly. I've tried changing the order of loading Components to see if that makes any difference... but to no avail.
Any suggestions?
Here is an example to integrate BotDetect Captcha component in cakephp 2.6 and it's working ok for me.
Controller: UsersController.php:
<?php
App::uses('AppController', 'Controller');
class UsersController extends AppController {
public $components = array(
'RequestHandler',
'BotDetect.Captcha' => array(
'CaptchaId' => 'EpdCaptcha',
'UserInputId' => 'CaptchaCode'
)
);
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('logout');
$this->Security->validatePost = false;
}
public function selectorg() {
echo 'selectorg';
$this->autoRender = false;
}
public function login() {
$this->set('captchaHtml', $this->Captcha->Html());
if ($this->request->is('post')) {
$isHuman = $this->Captcha->Validate($this->request->data['User']['CaptchaCode']);
unset($this->request->data['User']['CaptchaCode']);
if ($isHuman && $this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
} else {
if (!$isHuman) {
$this->Session->setFlash(__('CAPTCHA validation failed, try again.'));
} else {
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
}
}
public function logout() {
return $this->redirect($this->Auth->logout());
}
}
Controller: AppController.php:
class AppController extends Controller {
public $components = array(
'Security',
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'users',
'action' => 'selectorg'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'authenticate' => array('Form' => array('passwordHasher' => 'Blowfish'))
)
);
}
View: login.ctp
<?php
echo $this->Html->css(CaptchaUrls::LayoutStylesheetUrl(), array('inline' => false));
echo $this->Form->create('User');
echo $this->Form->input('username');
echo $this->Form->input('password');
echo $this->Html->div('captcha', $captchaHtml, false);
// Captcha code user input textbox
echo $this->Form->input('CaptchaCode', array(
'label' => 'Retype the characters from the picture:',
'maxlength' => '10',
'style' => 'width: 300px;'
)
);
echo $this->Form->end('Submit');
?>
Model: User.php
<?php
App::uses('AppModel', 'Model');
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');
class User extends AppModel {
public $name = 'User';
public $validate = array(
'username' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'Please enter your username'
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'Username already exists'
)
),
'password' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'Please enter your password'
)
)
);
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash(
$this->data[$this->alias]['password']
);
}
return true;
}
}
There I have two tables
1) aucusers
2) user_types
For use auth component I used bellow code in appcontroller
public $components = array('Session','RequestHandler','Paginator'=>array('limit'=>4),'Auth'=>array(
'loginAction' => array(
'controller' => 'aucusers',
'action' => 'login'
),
'loginRedirect' => array('controller' => 'aucusers','action' => 'add'),
'logoutRedirect' => array('controller' => 'aucusers','action' => 'add'),
'authError'=>'You can not access this page!!',
));
public function beforeFilter() {
$this->set('logged_in', $this->Auth->loggedIn());
$this->set('current_user',$this->Auth->user());
parent::beforeFilter();
$this->Paginator->settings = array(
'limit'=>4
);
In model for Hash password I have used
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$passwordHasher = new SimplePasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash(
$this->data[$this->alias]['password']
);
}
return true;
}
In aucusers controller I have add
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
}
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
public function logout() {
return $this->redirect($this->Auth->logout());
}
After add
$this->Auth->allow()
I have made a user.But when I am going to login, it showing me
Invalid username or password, try again.
As far as I know, you have to define which hashing method you are using.
From http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'passwordHasher' => array(
'className' => 'Simple',
'hashType' => 'sha256'
)
)
)
)
);
i am beginning with cakephp framework, i use auth to create a login form, at my appcontroller i add:
class AppController extends Controller {
public $components = array('Auth', 'Cookie');
public function beforeFilter(){
$this->Auth->authenticate = array(
'Form' => array(
'userModel' => 'User',
'fields' => array('name' => 'name', 'password' => 'password'),
)
);
$this->Auth->loginAction = array('controller' => 'TestOnlineSystem', 'action' => 'P001');
$this->Auth->loginRedirect = array('controller' => 'TestOnlineSystem', 'action' => 'index');
$this->Auth->loginError = 'Failed to login';
$this->Auth->authError = ' ';
}
}
but when i run TestOnlineSystem/P001 it auto redirect to users/login anh show message net controller usercontroller. How can i fix it, P001 is my login page
I agree with thaJeztah, try the standard config from http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html :
public $components = array(
'Auth' => array(
'loginAction' => array(
'controller' => 'TestOnlineSystem',
'action' => 'P001',
'plugin' => 'users'
)
)
);
and get rid of your beforeFilter().
I'm having Player instead of default User model for my Auth.
I recently configured ACL for my app and while trying to do testing by return false in my isAuthorized($player) function, the following error occured:
AclNode::node() - Couldn't find Aro node identified by
Array ( [Aro0.model] => User [Aro0.foreign_key] => 1 )
Isn't the Aro0.model suppose to be Player? I can't find where to change for Auth->authorize. Auth-authenticate works fine as I manage to login since there is a userModel option allow me to specify a custom Model for user login.
Here's My AppController
class AppController extends Controller
{
public $components = array(
'Session',
'Acl',
'RequestHandler',
'Auth' => array(
'authorize' => array(
'controller',
'Actions' => array('actionPath' => 'controllers'),
),
'authenticate' => array(
'Form' => array(
'userModel' => 'Player',
'fields' => array('username' => 'email', 'password' => 'password'),
)
)
),
);
public $helpers = array('Html', 'Form', 'Session');
function isAuthorized($player)
{
//var_dump($player); die;
return false;
return $this->Auth->loggedIn();
}
}
Solved. it is to append userModel together with actionPath.
$this->Auth->authorize = array(
AuthComponent::ALL => array('actionPath' => 'controllers/', 'userModel' => 'Player'),
'Actions',
'Controller'
);
I cannot login any users using AuthComponent.
The user table's name is users, with some important fields such as user_id, user_password, there is no hashing on the password field.
This is my AppController
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'home'),
'authError' => 'You cannot view this page',
'authorize' => array('controller')
)
);
public function isAuthorize($user) {
return true;
}
public function beforeFilter() {
$this->Auth->allow('home');
}
}
This is my UsersController
class UsersController extends AppController {
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash('Cannot login in');
}
}
}
}
This is my User model.
class User extends AppModel {
public $name = 'User';
public $primaryKey = 'user_id';
public $belongsTo = 'Group';
}
This is my View
<h2>Login</h2>
<?php
echo $this->Form->create();
echo $this->Form->input('user_id', array('label' => 'User ID', 'type' => 'text'));
echo $this->Form->input('user_password', array('label' => 'Password', 'type' => 'password'));
echo $this->Form->end('Login');
?>
When I typed corrected user_id and password then pressed the Login button, I got the message from the UsersController that I cannot login. What went wrong here???
Also, I really don't understand about the concept of AuthComponent:login(), how does it work to check user_id and password againt the database, how doest it know which field conttains user_id, and which one contains the password???
Please help.
Thanks.
Kongthap
A few things I noticed:
public function isAuthorize($user) {
This method is missing a 'd' on the end. It should be
public function isAuthorized($user) {
Next, by default, Cake expects to identify the user by fields named 'username' and 'password'. So, if you want to change that, you'll need to do this:
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'home'),
'authError' => 'You cannot view this page',
'authorize' => array('controller'),
'authenticate' => array(
'Form' => array( // THIS IS WHERE YOU CHANGE THE DEFAULT FIELDS
'fields' => array('username' => 'user_id','password' => 'user_password')
)
)
)
);
That code isn't tested but should set you on the right track. But as Dave said, it's really worth reading through the complete doco to understand how it all works: http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
Last, I'm not sure that 'user_id' is a good choice of column name. You'd expect a column name of 'user_id' to be a foreign key in some table, pointing to the 'id' column of a 'users' table. If that's not the function it serves, you should probably go with a different name.