In cakephp I have two Models User and Account, User belongsTo Account model, now on logon by cakephp UsersController->login method the the associated table automatically added to session variable but when I manually login by $this->Auth->login($user['User']) only User Model data added in the Session variable, how can I achieve Account data Session on manual login?
Manually logging in using $this->Auth->login($data); will populate the session with $data, as stated in the documentation: http://api.cakephp.org/2.5/class-AuthComponent.html#_login
The solution is to login all the data you want. In your case:
$this->Auth->login($user);
Where $user contains the Account data.
I found another way to doing this, all I need to find user and login by method :$this->Auth->login($user);
, now for manual login I have to set all components so I use $this->Session->write('Auth.User', $user); to write all data in session Component which add Associated tables in Session.
Related
I have an old cakephp application which requires login. I was working with the tables in phpmyadmin and I accidentally deleted the user login/password entry from the table. Now I am not able to login in the cakephp application. I tried to create a login entry in the table but I am not sure how to insert a password in it. it is not working with plain text password. I guess, app is looking for encrypted password which I don't know how to add to the table.
Either I need to disable the login from the cakephp application code and direct the user straight to the main page of the app
Or I need to encrypt the password correctly and insert it in the table.
Please help! I am not sure how to achieve either of these solutions.
Go to your Users Controller and add the actions you need to create and save a new user:
$this->Auth->allow('display','save');
so, you'll be able to anter to that controller actions without any login.
Iam new to cakephp and i have a problem with an element. how to display each user account information when ever the user loggedin than click on myaccount link how will show the particular user details. myaccount link is in element.
Finally How to display specific user information when click on the myaccount link. The myaccount link is in element file.
If you want to display the logged In users information in their account page.Then you simply do it by using Session. Cause in CakePHP logged in user's are stored into session.
In this case you can try var_dump($this->Session->read('Auth.User'));, here you can see the logged in users information. And now you can populate users information form it.
If you want login user data then, After your successfully login your user data will be store in Auth User session.
So if you want to fetch whole user data then you can try var_dump($this->Session->read('Auth.User'));
Or
If you want any single field from your login user table then you can use like,
$this->Auth->user('id')
here instead of 'id' you can use any field name of users(where you store your user credentials and details) table.
Make sure your login user data stored in the authentication table i.e if you are storing only username and password in users table and the other details stored in another table with name user_details, then you can not fetch user_details for the login user.
for that you need to store user_details in Auth.User session after login.
I hope this will be helpful for you.
I'm in the process of creating a XML-RPC that interacts with Vbulletin from Cakephp. I currently have the functionality to hit the end point, log a user in, and retrieve the data set, as well as the cookies, etc.
Now, the calls come from Cakephp, I have a users table, which I only store, the usersname from vbulletin, the vbulletin users ID, and their avatar. I'd like to implement some type of auth. I'm not entirely sure if this is possible or not. The only reason I have a users table is to store a minimal set of information. When the user logs in on the Cakephp side, it's actually sending a xml-rpc client call to the vbulletin api, and logging the user in using the api.
So, with all of this known, is it possible to restrict access to various views, etc within cake? I'd like to use some of the basic auth components, such as:
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('add');
}
I'm guessing, if this is not possible, I'll have to manually write the session cookies received from Vbulletin in Cake, but how would I restrict access to the various views and methods within the controllers in doing so?
Update: I ended up using the below to accomplish this.
Since I am storing the vbulletin users id in the users table, I was able to:
$user = $this->User->findByVbulletinid($userid);
$user = $user['User'];
$this->Auth->login($user);
Link to Cakephp manual login not initiating session
Update1: We'll, I thought this was working, until I removed the Debug Kit. Now, after I login, I'm automatically logged out, Really odd.
If I want to call $this->Auth->login($loginData), shouldn't I be able to supply $loginData, which in my case, would look like this:
Array
(
[User] => Array
(
[username] => testuser
[password] => hashedpasswordhere
)
)
Basically, the login method in the Users controller, I cannot simply call $this->Auth->login() because I need to first, take the credentials from the form, and log the user in via the API for vbulletin.
Any thoughts here?
You will have to implement a custom Authentication Handler that is connected to the "Vbulletin". Then when you log a user in $this->Auth->allow('add'); should work just fine.
Also consider additional means of logging a user in. what will happen if that external service is down? Your users will not be able to log in at all?
We are using Cakephp framework version 2.0.6
The site is "supposed" to allow an anonymous user to "add to cart."
We are using the session id (using cake's native session class) to store the anonymous user's information in a db table.
When the user goes to checkout, then we want to ask "are you a current member? If so, click yes to login or no to create an account."
ISSUE:
Regardless of what they choose, the user either then has to login, or create a new user/pass (and then login) which is causing cakephp to regenerate a session ID. This is making it impossible in the new session to grab what that user added to the cart when they were anonymous just 5 minutes prior. In other words, the anonymous user's session id changes between when they are anonymous and after they login/create-user, making it impossible to identify their cart post-login.
Is there a way to prevent cakephp from regenerating a session in this scenario, or a better way to accomplish what we are trying to do while still keeping our order flow (ie: anonymous being allow to add to cart, before login/create)?
It is this reason that shopping carts are more often than not stored in Cookies. That way you can easily retrieve the saved information post-authentication.
If you insist on using Sessions to store this data, consider setting your Security.level setting to 'low'. That should prevent CakePHP from regenerating the session ID.
i use auth componnet in my cakephp project
I add type field into users Mysql table
that enum type: admin, client
i need auth component to redirect admin's to CP page, and client to their profile page and only can access one conttroller..
ofcourse without using ACL or any others related
I'd recommend taking advantage of the isAuthorized() function that you can add in the controller, or the model. Set the AuthComponent::authorize = {'controller'|'model'} to choose which you want to use.
Then you write an isAuthorized() function in the model|controller that returns t/f on auth/not auth for each action. You can do some row-level checking as well, if you'd like.
Now, if instead you just wanted to redirect an admin to their correct pages on login/etc, you can add code to the beforeFilter() method (either in a specific controller, or in app_controller.php). In that, just check to see if the admin value set by the app is the same as the user's admin value (which will be stored by AuthComponent in the Session data, accessible by $this->Auth->User()). Then route appropriately to the admin/non admin areas.
isAuthorized() is the best choice.
i would recommend to separate the users from their groups in the database, so User habtm Group... but It is not a problem if user belongs to one and only one group
I do not recommend ACL for non record-level-based permissions system
Just something to pay attention to, but unless something has changed recently CakePHP does not support ENUM column types.
Your best bet is a Group model ( groups mysql table ) and a group_id field on the users table.
Then you can $hasOne = array( 'Group' ); in your User model.
From there you can follow any one of a HUGE number of group access control tutorials for the Auth Component via an easy google search for "CakePHP Auth User Group"