There I have two tables
1) aucusers
2) user_types
For use auth component I used bellow code in appcontroller
public $components = array('Session','RequestHandler','Paginator'=>array('limit'=>4),'Auth'=>array(
'loginAction' => array(
'controller' => 'aucusers',
'action' => 'login'
),
'loginRedirect' => array('controller' => 'aucusers','action' => 'add'),
'logoutRedirect' => array('controller' => 'aucusers','action' => 'add'),
'authError'=>'You can not access this page!!',
));
public function beforeFilter() {
$this->set('logged_in', $this->Auth->loggedIn());
$this->set('current_user',$this->Auth->user());
parent::beforeFilter();
$this->Paginator->settings = array(
'limit'=>4
);
In model for Hash password I have used
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$passwordHasher = new SimplePasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash(
$this->data[$this->alias]['password']
);
}
return true;
}
In aucusers controller I have add
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
}
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
public function logout() {
return $this->redirect($this->Auth->logout());
}
After add
$this->Auth->allow()
I have made a user.But when I am going to login, it showing me
Invalid username or password, try again.
As far as I know, you have to define which hashing method you are using.
From http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'passwordHasher' => array(
'className' => 'Simple',
'hashType' => 'sha256'
)
)
)
)
);
Related
I'm using BotDetect Captcha in a CakePHP 2.6 application, and have implemented it as per the instructions on this page:
How To Add BotDetect Protection To CakePHP 2.6 Applications
The Captcha is working great on the controller/view where I need it.
However, it seems to be interfering somehow with the standard login process used by the same controller.
Here's my header for the controller which loads the BotDetect Component:
public $components = array('RequestHandler','Epd','BotDetect.Captcha' => array(
'CaptchaId' => 'EpdCaptcha',
'UserInputId' => 'CaptchaCode'));
Here's my login function:
public function login() {
$this->layout='login';
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirectUrl());
}
else
{
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
And here's my AppController.php:
class AppController extends Controller {
public $components = array(
'Auth' => array(
'loginRedirect' => array(
'controller' => 'users',
'action' => 'selectorg'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'authenticate' => array(
'Form' => array(
)
)
),
'Session'
);}
Now when I login to the app, the auth component isn't authorizing the login, and it's just bouncing back to the login screen. But when I remove the BotDetect component, the login works perfectly. I've tried changing the order of loading Components to see if that makes any difference... but to no avail.
Any suggestions?
Here is an example to integrate BotDetect Captcha component in cakephp 2.6 and it's working ok for me.
Controller: UsersController.php:
<?php
App::uses('AppController', 'Controller');
class UsersController extends AppController {
public $components = array(
'RequestHandler',
'BotDetect.Captcha' => array(
'CaptchaId' => 'EpdCaptcha',
'UserInputId' => 'CaptchaCode'
)
);
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('logout');
$this->Security->validatePost = false;
}
public function selectorg() {
echo 'selectorg';
$this->autoRender = false;
}
public function login() {
$this->set('captchaHtml', $this->Captcha->Html());
if ($this->request->is('post')) {
$isHuman = $this->Captcha->Validate($this->request->data['User']['CaptchaCode']);
unset($this->request->data['User']['CaptchaCode']);
if ($isHuman && $this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
} else {
if (!$isHuman) {
$this->Session->setFlash(__('CAPTCHA validation failed, try again.'));
} else {
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
}
}
public function logout() {
return $this->redirect($this->Auth->logout());
}
}
Controller: AppController.php:
class AppController extends Controller {
public $components = array(
'Security',
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'users',
'action' => 'selectorg'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'authenticate' => array('Form' => array('passwordHasher' => 'Blowfish'))
)
);
}
View: login.ctp
<?php
echo $this->Html->css(CaptchaUrls::LayoutStylesheetUrl(), array('inline' => false));
echo $this->Form->create('User');
echo $this->Form->input('username');
echo $this->Form->input('password');
echo $this->Html->div('captcha', $captchaHtml, false);
// Captcha code user input textbox
echo $this->Form->input('CaptchaCode', array(
'label' => 'Retype the characters from the picture:',
'maxlength' => '10',
'style' => 'width: 300px;'
)
);
echo $this->Form->end('Submit');
?>
Model: User.php
<?php
App::uses('AppModel', 'Model');
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');
class User extends AppModel {
public $name = 'User';
public $validate = array(
'username' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'Please enter your username'
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'Username already exists'
)
),
'password' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'Please enter your password'
)
)
);
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash(
$this->data[$this->alias]['password']
);
}
return true;
}
}
I have a table name admin_users, I am trying to use auth component here. So I have written in appcontroller bellow code
public $components = array('Session','RequestHandler','Paginator'=>array('limit'=>4),'Auth'=>array(
'loginAction'=>array(
'controller'=>'adminusers',
'action'=>'login'
),
'loginRedirect' => array('controller' => 'adminusers','action' => 'index'),
'logoutRedirect' => array('controller' => 'adminusers','action' => 'index'),
'authError'=>'You can not access this page!!',
));
For set user I have written
public function beforeFilter() {
//$this->Auth->allow();
$this->set('logged_in', $this->Auth->loggedIn());
$this->set('current_user',$this->Auth->user());
parent::beforeFilter();
$this->Paginator->settings = array(
'limit'=>4
);
}
I have made a method call login() in adminusers controller
public function login() {
$this->layout = 'login';
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
}
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
For hash password I have written in AdminUser model
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$passwordHasher = new SimplePasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash(
$this->data[$this->alias]['password']
);
}
return true;
}
This is the login.ctp
<?php echo $this->Form->create('AdminUser'); ?>
<?php
echo $this->Form->input('username',array(
'label' => false,
'placeholder'=>'UserName'
));
echo $this->Form->input('password',array(
'label' => false,
'placeholder'=>'Password'
));
?>
After used allow() mathod, I have created a user and here hash password working fine.But the problem is when I am trying to login, It is giving me "Invalid username or password, try again".
In your login.ctp you create an AdminUser.
Auth uses the model 'User' as default.
You need to define your own model in the Auth-Component.
public $components = array('Session','RequestHandler','Paginator'=>array('limit'=>4),'Auth'=>array(
'loginAction'=>array(
'controller'=>'adminusers',
'action'=>'login'
),
'loginRedirect' => array('controller' => 'adminusers','action' => 'index'),
'logoutRedirect' => array('controller' => 'adminusers','action' => 'index'),
'authError'=>'You can not access this page!!',
'authenticate' => array(
'Form' => array(
'userModel' => 'AdminUser',
'passwordHasher' => 'Blowfish'
)
)
));
I am trying to get my login working but I seemed to run into a problem. Could someone please help? I am using the 'Employees' as the user of the database. Below is my code for AppController, EmployeeController, Employee and login.ctp:
App Controller:
class AppController extends Controller {
public $components = array(
'DebugKit.Toolbar',
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'employees', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'employees', 'action' => 'login'),
'authError' => 'You must be logged in to view this page.',
'loginError' => 'Invalid Username or Password entered, please try again.'
));
// only allow the login controllers only
public function beforeFilter() {
$this->Auth->allow('login');
}
}
Employees Controller:
class EmployeesController extends AppController {
//..other code
/**
* Components
*
* #var array
*/
//public $components = array('Paginator');
public $paginate = array(
'limit' => 25,
'conditions' => array('status' => '1'),
'order' => array('Employee.employee_username' => 'asc' )
);
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('login','add');
}
public function login() {
//if already logged-in, redirect
if($this->Session->check('Auth.Employee')){
$this->redirect(array('action' => 'index'));
}
// if we get the post information, try to authenticate
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->Session->setFlash(__('Welcome, '. $this->Auth->user('username')));
$this->redirect($this->Auth->redirectUrl());
} else {
$this->Session->setFlash(__('Invalid username or password'));
}
}
}
public function logout() {
$this->redirect($this->Auth->logout());
}
/**
* index method
*
* #return void
*/
public function index() {
$this->paginate = array(
'limit' => 6,
'order' => array('Employee.employee_username' => 'asc' )
);
$employees = $this->paginate('Employee');
$this->set(compact('employees'));
}
Employee Model:
class Employee extends AppModel {
//..other code
function isUniqueUsername($check) {
$username = $this->find(
'first',
array(
'fields' => array(
'Employee.id',
'Employee.employee_username'
),
'conditions' => array(
'Employee.employee_username' => $check['username']
)
)
);
if(!empty($username)){
if($this->data[$this->alias]['id'] == $username['Employee']['id']){
return true;
}else{
return false;
}
}else{
return true;
}
}
/**
* Before isUniqueEmail
* #param array $options
* #return boolean
*/
function isUniqueEmail($check) {
$email = $this->find(
'first',
array(
'fields' => array(
'Employee.id'
),
'conditions' => array(
'Employee.employee_email' => $check['email']
)
)
);
if(!empty($email)){
if($this->data[$this->alias]['id'] == $email['Employee']['id']){
return true;
}else{
return false;
}
}else{
return true;
}
}
public function alphaNumericDashUnderscore($check) {
// $data array is passed using the form field name as the key
// have to extract the value to make the function generic
$value = array_values($check);
$value = $value[0];
return preg_match('/^[a-zA-Z0-9_ \-]*$/', $value);
}
public function equaltofield($check,$otherfield)
{
//get name of field
$fname = '';
foreach ($check as $key => $value){
$fname = $key;
break;
}
return $this->data[$this->name][$otherfield] === $this->data[$this->name][$fname];
}
/**
* Before Save
* #param array $options
* #return boolean
*/
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = $passwordHasher->hash(
$this->data[$this->alias]['password']
);
}
// if we get a new password, hash it
if (isset($this->data[$this->alias]['password_update'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password_update']);
}
// fallback to our parent
return parent::beforeSave($options);
//return true;
}
}
Login page:
<div class=“employees form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('Employee'); ?>
<fieldset>
<legend>
<?php echo __('Please enter your username and password'); ?>
</legend>
<?php echo $this->Form->input('username');
echo $this->Form->input('password');
?>
</fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>
1.Adapt the config of your Auth component regarding userModel, fields and passwordHasher:
public $components = array(
'DebugKit.Toolbar',
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'Employee', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'Employee', 'action' => 'login'),
'authError' => 'You must be logged in to view this page.',
'loginError' => 'Invalid Username or Password entered, please try again.',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'username', 'password' => 'password'),
'userModel'=>'Employee',
'passwordHasher' => 'name of your password hasher'
))
));
2.Regarding CakePHP´s code convetion rename your controller to EmployeeController
3.In your Employee model instead your isUniqueUsername and isUniqueEmail you better use validation rule isUnique
4.Use same password hasher for creating password and update password
To use Employee table for Authentication:
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'username'),
'userModel'=>'Employee'
)
)
)
);
I'm completely lost in trying to setup the AuthComponent.
Every login fails.
Here's my AppController beforeFilter function:
public function beforeFilter() {
$this->Auth->authenticate = array(
'all' => array(
'userModel' => 'ClientUser',
'fields' => array(
'username' => 'login',
'password' => 'password'
)
)
);
$this->Auth->loginAction = array('controller' => 'client_users', 'action' => 'login');
$this->Auth->loginRedirect = array('controller' => 'static', 'action' => 'clientcenter');
$this->Auth->logoutRedirect = array('controller' => 'static', 'action' => 'home');
// I deny stuff later on
$this->Auth->allow();
}
And here's the login function in the ClientUsers controller:
public function login() {
// Check login data
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Username or password is incorrect'), 'default', array(), 'auth');
}
}
And it always fails. And I have no idea why.
This is my $request->data content: (I've actually used "login" and "username" as field name, none work)
ClientUser
login: user#email.com
password: thepassword
Client passwords are hashed in the Model, using the authcomponent (which is imported at the top of the script. I used the security hash function earlier, but that also did not work):
public function beforeSave($options) {
$this->data['ClientUser']['password'] = AuthComponent::password($this->data['ClientUser']['password1']);
return true;
}
Where is you Auth adapter?
as explained on http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#authentication-objects
// at least one adapter is necessary (here Form)
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
)
)
);
I have a problem with logging in on a different Model than User with AuthController.
It's administrators, not users table.
In my Administrator Model I have:
function beforeSave(){
if(isset($this->data['Administrator']['password']))
$this->data['Administrator']['password'] = AuthController::password($this->data['Administrator']['password']);
return true;
}
AppController:
public $components = array(
'Session',
'Auth' => array(
'loginAction' => array('controller' => 'administrators', 'action' => 'login'),
'loginRedirect' => array('controller' => 'Home', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'Home', 'action' => 'index'),
'authError' => "You can't access that page.",
'authorize' => array('Controller')
)
);
public function beforeFilter(){
$this->Auth->userModel = 'Administrator';
}
In AdministratorController:
public function login(){
if($this->request->is('post')){
if($this->Auth->login()){
$this->redirect($this->Auth->redirect());
}
else{
$this->Session->setFlash('Your username/password combination was incorrect.');
}
}
}
public function logout(){
$this->redirect($this->Auth->logout());
}
public function beforeFilter(){
parent::beforeFilter();
}
And view:
<?php
echo $this->Form->create('Administrator', array('controller' => 'administrators', 'action' => 'login'));
echo $this->Form->input('username');
echo $this->Form->input('password');
echo $this->Form->end('Login');
?>
I debugged $this->request->data['Administrator']['password'] and I've got the same hash like in the database.
I don't know why it always says that the username/password is incorrect.
You can do it by including the following code in your AppController.
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'userModel' => 'Administrator',
'fields' => array(
'username' => 'USER_LOGINNAME',
'password' => 'USER_PASSWORD'
)
)
)
)
);
In AppController beforeFilter() method write the following:
public function beforeFilter()
{
if($this->Auth->user('USER_ID'))
{
$this->set('logged_in', true);
}
else
{
$this->set('logged_in', false);
}
//Configure AuthComponent
$this->Auth->userScope = array('Administrator.USER_STATUS' => '1');
$this->Auth->loginAction = array('controller' => 'administrators', 'action' => 'login');
$this->Auth->logoutRedirect = array('controller' => 'administrators', 'action' => 'login');
$this->Auth->loginRedirect = array('controller' => 'administrators', 'action' => 'dashboard');
}
In your Administrator Model:
public function beforeSave()
{
if(!empty($this->data['Administrator']['USER_PASSWORD']))
{
$this->data['Administrator']['USER_PASSWORD'] = AuthComponent::password($this->data['Administrator']['USER_PASSWORD']);
}
return true;
}
And in your administrators controller:
public function beforeFilter()
{
parent::beforeFilter();
$this->Auth->allow('login');
}
It's AuthComponent::password, not AuthController::password.
public function login(){
if($this->request->is('post')){
if($this->Auth->login()){
// dont use this line /////////////////////////////////////////////////////
$this->redirect($this->Auth->redirect());
////////////////////////////////////////////////////////////////////////////
use this
'loginAction' => array('controller' => 'administrators', 'action' => 'login'),
//////////////////////////////////////////////////////////////////////////
}
else{
$this->Session->setFlash('Your username/password combination was incorrect.');
}
}
}
public function logout(){
$this->redirect($this->Auth->logout());
}
public function beforeFilter(){
parent::beforeFilter();
}