I have a table name admin_users, I am trying to use auth component here. So I have written in appcontroller bellow code
public $components = array('Session','RequestHandler','Paginator'=>array('limit'=>4),'Auth'=>array(
'loginAction'=>array(
'controller'=>'adminusers',
'action'=>'login'
),
'loginRedirect' => array('controller' => 'adminusers','action' => 'index'),
'logoutRedirect' => array('controller' => 'adminusers','action' => 'index'),
'authError'=>'You can not access this page!!',
));
For set user I have written
public function beforeFilter() {
//$this->Auth->allow();
$this->set('logged_in', $this->Auth->loggedIn());
$this->set('current_user',$this->Auth->user());
parent::beforeFilter();
$this->Paginator->settings = array(
'limit'=>4
);
}
I have made a method call login() in adminusers controller
public function login() {
$this->layout = 'login';
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
}
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
For hash password I have written in AdminUser model
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$passwordHasher = new SimplePasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash(
$this->data[$this->alias]['password']
);
}
return true;
}
This is the login.ctp
<?php echo $this->Form->create('AdminUser'); ?>
<?php
echo $this->Form->input('username',array(
'label' => false,
'placeholder'=>'UserName'
));
echo $this->Form->input('password',array(
'label' => false,
'placeholder'=>'Password'
));
?>
After used allow() mathod, I have created a user and here hash password working fine.But the problem is when I am trying to login, It is giving me "Invalid username or password, try again".
In your login.ctp you create an AdminUser.
Auth uses the model 'User' as default.
You need to define your own model in the Auth-Component.
public $components = array('Session','RequestHandler','Paginator'=>array('limit'=>4),'Auth'=>array(
'loginAction'=>array(
'controller'=>'adminusers',
'action'=>'login'
),
'loginRedirect' => array('controller' => 'adminusers','action' => 'index'),
'logoutRedirect' => array('controller' => 'adminusers','action' => 'index'),
'authError'=>'You can not access this page!!',
'authenticate' => array(
'Form' => array(
'userModel' => 'AdminUser',
'passwordHasher' => 'Blowfish'
)
)
));
Related
I'm using BotDetect Captcha in a CakePHP 2.6 application, and have implemented it as per the instructions on this page:
How To Add BotDetect Protection To CakePHP 2.6 Applications
The Captcha is working great on the controller/view where I need it.
However, it seems to be interfering somehow with the standard login process used by the same controller.
Here's my header for the controller which loads the BotDetect Component:
public $components = array('RequestHandler','Epd','BotDetect.Captcha' => array(
'CaptchaId' => 'EpdCaptcha',
'UserInputId' => 'CaptchaCode'));
Here's my login function:
public function login() {
$this->layout='login';
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirectUrl());
}
else
{
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
And here's my AppController.php:
class AppController extends Controller {
public $components = array(
'Auth' => array(
'loginRedirect' => array(
'controller' => 'users',
'action' => 'selectorg'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'authenticate' => array(
'Form' => array(
)
)
),
'Session'
);}
Now when I login to the app, the auth component isn't authorizing the login, and it's just bouncing back to the login screen. But when I remove the BotDetect component, the login works perfectly. I've tried changing the order of loading Components to see if that makes any difference... but to no avail.
Any suggestions?
Here is an example to integrate BotDetect Captcha component in cakephp 2.6 and it's working ok for me.
Controller: UsersController.php:
<?php
App::uses('AppController', 'Controller');
class UsersController extends AppController {
public $components = array(
'RequestHandler',
'BotDetect.Captcha' => array(
'CaptchaId' => 'EpdCaptcha',
'UserInputId' => 'CaptchaCode'
)
);
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('logout');
$this->Security->validatePost = false;
}
public function selectorg() {
echo 'selectorg';
$this->autoRender = false;
}
public function login() {
$this->set('captchaHtml', $this->Captcha->Html());
if ($this->request->is('post')) {
$isHuman = $this->Captcha->Validate($this->request->data['User']['CaptchaCode']);
unset($this->request->data['User']['CaptchaCode']);
if ($isHuman && $this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
} else {
if (!$isHuman) {
$this->Session->setFlash(__('CAPTCHA validation failed, try again.'));
} else {
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
}
}
public function logout() {
return $this->redirect($this->Auth->logout());
}
}
Controller: AppController.php:
class AppController extends Controller {
public $components = array(
'Security',
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'users',
'action' => 'selectorg'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'authenticate' => array('Form' => array('passwordHasher' => 'Blowfish'))
)
);
}
View: login.ctp
<?php
echo $this->Html->css(CaptchaUrls::LayoutStylesheetUrl(), array('inline' => false));
echo $this->Form->create('User');
echo $this->Form->input('username');
echo $this->Form->input('password');
echo $this->Html->div('captcha', $captchaHtml, false);
// Captcha code user input textbox
echo $this->Form->input('CaptchaCode', array(
'label' => 'Retype the characters from the picture:',
'maxlength' => '10',
'style' => 'width: 300px;'
)
);
echo $this->Form->end('Submit');
?>
Model: User.php
<?php
App::uses('AppModel', 'Model');
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');
class User extends AppModel {
public $name = 'User';
public $validate = array(
'username' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'Please enter your username'
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'Username already exists'
)
),
'password' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'Please enter your password'
)
)
);
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash(
$this->data[$this->alias]['password']
);
}
return true;
}
}
There I have two tables
1) aucusers
2) user_types
For use auth component I used bellow code in appcontroller
public $components = array('Session','RequestHandler','Paginator'=>array('limit'=>4),'Auth'=>array(
'loginAction' => array(
'controller' => 'aucusers',
'action' => 'login'
),
'loginRedirect' => array('controller' => 'aucusers','action' => 'add'),
'logoutRedirect' => array('controller' => 'aucusers','action' => 'add'),
'authError'=>'You can not access this page!!',
));
public function beforeFilter() {
$this->set('logged_in', $this->Auth->loggedIn());
$this->set('current_user',$this->Auth->user());
parent::beforeFilter();
$this->Paginator->settings = array(
'limit'=>4
);
In model for Hash password I have used
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$passwordHasher = new SimplePasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash(
$this->data[$this->alias]['password']
);
}
return true;
}
In aucusers controller I have add
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
}
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
public function logout() {
return $this->redirect($this->Auth->logout());
}
After add
$this->Auth->allow()
I have made a user.But when I am going to login, it showing me
Invalid username or password, try again.
As far as I know, you have to define which hashing method you are using.
From http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'passwordHasher' => array(
'className' => 'Simple',
'hashType' => 'sha256'
)
)
)
)
);
I am trying to get my login working but I seemed to run into a problem. Could someone please help? I am using the 'Employees' as the user of the database. Below is my code for AppController, EmployeeController, Employee and login.ctp:
App Controller:
class AppController extends Controller {
public $components = array(
'DebugKit.Toolbar',
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'employees', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'employees', 'action' => 'login'),
'authError' => 'You must be logged in to view this page.',
'loginError' => 'Invalid Username or Password entered, please try again.'
));
// only allow the login controllers only
public function beforeFilter() {
$this->Auth->allow('login');
}
}
Employees Controller:
class EmployeesController extends AppController {
//..other code
/**
* Components
*
* #var array
*/
//public $components = array('Paginator');
public $paginate = array(
'limit' => 25,
'conditions' => array('status' => '1'),
'order' => array('Employee.employee_username' => 'asc' )
);
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('login','add');
}
public function login() {
//if already logged-in, redirect
if($this->Session->check('Auth.Employee')){
$this->redirect(array('action' => 'index'));
}
// if we get the post information, try to authenticate
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->Session->setFlash(__('Welcome, '. $this->Auth->user('username')));
$this->redirect($this->Auth->redirectUrl());
} else {
$this->Session->setFlash(__('Invalid username or password'));
}
}
}
public function logout() {
$this->redirect($this->Auth->logout());
}
/**
* index method
*
* #return void
*/
public function index() {
$this->paginate = array(
'limit' => 6,
'order' => array('Employee.employee_username' => 'asc' )
);
$employees = $this->paginate('Employee');
$this->set(compact('employees'));
}
Employee Model:
class Employee extends AppModel {
//..other code
function isUniqueUsername($check) {
$username = $this->find(
'first',
array(
'fields' => array(
'Employee.id',
'Employee.employee_username'
),
'conditions' => array(
'Employee.employee_username' => $check['username']
)
)
);
if(!empty($username)){
if($this->data[$this->alias]['id'] == $username['Employee']['id']){
return true;
}else{
return false;
}
}else{
return true;
}
}
/**
* Before isUniqueEmail
* #param array $options
* #return boolean
*/
function isUniqueEmail($check) {
$email = $this->find(
'first',
array(
'fields' => array(
'Employee.id'
),
'conditions' => array(
'Employee.employee_email' => $check['email']
)
)
);
if(!empty($email)){
if($this->data[$this->alias]['id'] == $email['Employee']['id']){
return true;
}else{
return false;
}
}else{
return true;
}
}
public function alphaNumericDashUnderscore($check) {
// $data array is passed using the form field name as the key
// have to extract the value to make the function generic
$value = array_values($check);
$value = $value[0];
return preg_match('/^[a-zA-Z0-9_ \-]*$/', $value);
}
public function equaltofield($check,$otherfield)
{
//get name of field
$fname = '';
foreach ($check as $key => $value){
$fname = $key;
break;
}
return $this->data[$this->name][$otherfield] === $this->data[$this->name][$fname];
}
/**
* Before Save
* #param array $options
* #return boolean
*/
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = $passwordHasher->hash(
$this->data[$this->alias]['password']
);
}
// if we get a new password, hash it
if (isset($this->data[$this->alias]['password_update'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password_update']);
}
// fallback to our parent
return parent::beforeSave($options);
//return true;
}
}
Login page:
<div class=“employees form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('Employee'); ?>
<fieldset>
<legend>
<?php echo __('Please enter your username and password'); ?>
</legend>
<?php echo $this->Form->input('username');
echo $this->Form->input('password');
?>
</fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>
1.Adapt the config of your Auth component regarding userModel, fields and passwordHasher:
public $components = array(
'DebugKit.Toolbar',
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'Employee', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'Employee', 'action' => 'login'),
'authError' => 'You must be logged in to view this page.',
'loginError' => 'Invalid Username or Password entered, please try again.',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'username', 'password' => 'password'),
'userModel'=>'Employee',
'passwordHasher' => 'name of your password hasher'
))
));
2.Regarding CakePHP´s code convetion rename your controller to EmployeeController
3.In your Employee model instead your isUniqueUsername and isUniqueEmail you better use validation rule isUnique
4.Use same password hasher for creating password and update password
To use Employee table for Authentication:
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'username'),
'userModel'=>'Employee'
)
)
)
);
I'm trying to use the cakephp built in Auth for a user login. I've managed to validate a user registration (which is located on the same view as the login) but not get the login working.
All i get when trying to login is my 'Invalid username or password, try again' error. I've gone through the blog tutorial but I'm new to cake/php and have only worked on messy projects in 1.3 that sue their own crude authentication.
MarshallsController.php
class MarshalsController extends AppController {
public $helpers = array('Html', 'Form');
public $uses = array("Marshal", "User");
public $components = array("RequestHandler","Session", "Auth");
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('register', 'login');
}
public function index() {
$this->set('users', $this->User->find('all',
array(
'conditions'=>array(
'User.marshall_id'=>$Marshall['Marshall']['id']
)
)));
}
//Run when Marshal attempts to register for login page
public function register(){
if ($this->request->is('post')) {
$this->Marshal->create();
if ($this->Marshal->save($this->request->data)) {
//if new marshall has been saved fetch all their data
$marshal = $this->Marshal->find('first',
array(
'conditions'=>array(
"Marshal.email" => $this->data['Marshal']['email'],
)
)
);
if(!empty($marshal)){
//set marshal session data to track logged in users and their data
$this->Session->write("Marshal",$marshal);
}
$this->Session->setFlash(__('The Marshal has been saved'));
//redirect user to logged in page
$this->redirect(array('controller' => 'pages', 'action' => 'home'));
} else {
$this->Session->setFlash(__('The Marshal could not be saved. Please, try again.'));
echo $this->render('login');
exit();
}
}
else{
//if Marshal has not attempted to login redirect the back to the login/register page
echo $this->render('login');
exit();
}
}
public function login() {
//if user has atempted a login
if ($this->request->is('post')) {
if ($this->Auth->login()) {
//If login detials are correct get user data
$marshal = $this->Marshal->find('first',
array(
'conditions'=>array(
"Marshal.email" => $this->data['Marshal']['email'],
)
)
);
if(!empty($marshal)){
//set marshal session data to track logged in users and their data
$this->Session->write("Marshal",$marshal);
}
//redirect user to the logged in page
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Invalid username or password, try again'));
debug($this->Auth->request->data);
}
Marshal model
class Marshal extends AppModel {
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
}
return true;
}
public $hasMany = array(
'User' => array(
'className' => 'User',
'foreignKey' => 'marshal_id',
'conditions' => array('User.status' => '1'),
)
);
public $validate = array(
'first_name' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'A first name is required'
)
),
'last_name' => array(
'required' => array(
'rule' => array('notempty'),
'message' => 'A last name is required'
)
),
'password' => array(
'required' => array(
'rule' => array('minLength', '8'),
'message' => 'Minimum 8 characters long'
)
),
'email' => 'email'
);
}
login.ctp
<div class="row">
<?php echo $this->Session->flash('auth'); ?>
<div class="sixcol">
<?php
echo $this->Form->create('Marshal', array('action' => 'login'));
echo $this->Form->inputs(array(
'legend' => __('Login'),
'email',
'password'
));
echo $this->Form->end('Login');
?>
</div>
<div class="sixcol last">
<?php
echo $this->Form->create('Marshal', array('action' => 'register'));
echo $this->Form->inputs(array(
'legend' => __('register'),
'first_name',
'last_name',
'email',
'password'
));
echo $this->Form->end('Register');
?>
</div>
By default, CakePHP uses username and password fields but you have email instead of username. You need to specify it:
public $components = array(
'Auth' => array('authenticate' => array('Form' => array( 'userModel' => 'User',
'fields' => array(
'username' => 'email',
'password' => 'password'
)
)
),
'authorize' => array('Controller'),
'loginAction' => array('controller' => 'users', 'action' => 'login'),
'loginRedirect' => array('controller' => 'home', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'authError' => 'You don\'t have access here.',
),
);
This is my working example, feel free to change it for your needs.
You also could check the Security hash method and compare with the password in the database :
Security::setHash('sha1');
(sha1 or md5)
to compare passwords :
Security::hash($password,"sha1", true);
function login() {
//if already logged-in, redirect
// if($this->Session->check('email')){
// $this->redirect(array('action' => ''));
// }
// if we get the post information, try to authenticate
if ($this->request->is('post')) {
$data = $this->request->data;
print_r($data); die;
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
}
$this->Session->setFlash(__('Your username or password was incorrect.'));
}
}
only else codition is true
I have a problem with logging in on a different Model than User with AuthController.
It's administrators, not users table.
In my Administrator Model I have:
function beforeSave(){
if(isset($this->data['Administrator']['password']))
$this->data['Administrator']['password'] = AuthController::password($this->data['Administrator']['password']);
return true;
}
AppController:
public $components = array(
'Session',
'Auth' => array(
'loginAction' => array('controller' => 'administrators', 'action' => 'login'),
'loginRedirect' => array('controller' => 'Home', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'Home', 'action' => 'index'),
'authError' => "You can't access that page.",
'authorize' => array('Controller')
)
);
public function beforeFilter(){
$this->Auth->userModel = 'Administrator';
}
In AdministratorController:
public function login(){
if($this->request->is('post')){
if($this->Auth->login()){
$this->redirect($this->Auth->redirect());
}
else{
$this->Session->setFlash('Your username/password combination was incorrect.');
}
}
}
public function logout(){
$this->redirect($this->Auth->logout());
}
public function beforeFilter(){
parent::beforeFilter();
}
And view:
<?php
echo $this->Form->create('Administrator', array('controller' => 'administrators', 'action' => 'login'));
echo $this->Form->input('username');
echo $this->Form->input('password');
echo $this->Form->end('Login');
?>
I debugged $this->request->data['Administrator']['password'] and I've got the same hash like in the database.
I don't know why it always says that the username/password is incorrect.
You can do it by including the following code in your AppController.
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'userModel' => 'Administrator',
'fields' => array(
'username' => 'USER_LOGINNAME',
'password' => 'USER_PASSWORD'
)
)
)
)
);
In AppController beforeFilter() method write the following:
public function beforeFilter()
{
if($this->Auth->user('USER_ID'))
{
$this->set('logged_in', true);
}
else
{
$this->set('logged_in', false);
}
//Configure AuthComponent
$this->Auth->userScope = array('Administrator.USER_STATUS' => '1');
$this->Auth->loginAction = array('controller' => 'administrators', 'action' => 'login');
$this->Auth->logoutRedirect = array('controller' => 'administrators', 'action' => 'login');
$this->Auth->loginRedirect = array('controller' => 'administrators', 'action' => 'dashboard');
}
In your Administrator Model:
public function beforeSave()
{
if(!empty($this->data['Administrator']['USER_PASSWORD']))
{
$this->data['Administrator']['USER_PASSWORD'] = AuthComponent::password($this->data['Administrator']['USER_PASSWORD']);
}
return true;
}
And in your administrators controller:
public function beforeFilter()
{
parent::beforeFilter();
$this->Auth->allow('login');
}
It's AuthComponent::password, not AuthController::password.
public function login(){
if($this->request->is('post')){
if($this->Auth->login()){
// dont use this line /////////////////////////////////////////////////////
$this->redirect($this->Auth->redirect());
////////////////////////////////////////////////////////////////////////////
use this
'loginAction' => array('controller' => 'administrators', 'action' => 'login'),
//////////////////////////////////////////////////////////////////////////
}
else{
$this->Session->setFlash('Your username/password combination was incorrect.');
}
}
}
public function logout(){
$this->redirect($this->Auth->logout());
}
public function beforeFilter(){
parent::beforeFilter();
}