I'm having some issues with the authentication component. Every time I try to login in with a user (I've checked that user exists in the database with correct params), my application throws me a failure login message.
I have two models, Accounts and Employees, where one Employee belongsTo Account, and one Account hasOne Employee. I save the data with saveAssociated(), and everything is ok in the database, but it's impossible to login.
I've been searching for solutions, and repeating the CookBook tutorials once and another, and I can't find what I'm doing wrong.
Here is some code:
class AppController extends Controller {
public $components = array(
'DebugKit.Toolbar',
'Session',
'Auth' => array(
'loginAction' => array('controller' => 'accounts', 'action' => 'login'),
'loginRedirect' => array('controller' => 'snippets', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'snippets', 'action' => 'index'),
'authorize' => array('Controller')));
public function beforeFilter() {
$this->Auth->loginAction = array('controller' => 'accounts', 'action' => 'login');
$this->Auth->authenticate = array(
AuthComponent::ALL => array(
'userModel' => 'Account',
'fields' => array('username' => 'username', 'password' => 'password')),
'Basic',
'Form');
$this->Auth->allow('index', 'view');
My login function:
public function login() {
if($this->request->is('post')) {
if ($this->Auth->login()) {
$this->Session->setFlash(__('Welcome'));
return $this->redirect(array('controller' => 'snippets', 'action' => 'index'));
//return $this->redirect($this->Auth->redirect());
}
$this->Session->setFlash(__('Wrong password or email'), 'default', array(), 'auth');
}
}
Please, someone can tell me what I'm doing wrong? If you need to see some other code sections, tell me.
Thanks!
When Using ControllerAuthorize 'authorize' => array('Controller') you need to implement an isAuthorized() method that returns a boolean in your AppController.
public function isAuthorized($user = null) {
// Any registered user can access public functions
if (empty($this->request->params['admin'])) {
return true;
}
// Only admins can access admin functions
if (isset($this->request->params['admin'])) {
return (bool)($user['role'] === 'admin');
}
// Default deny
return false;
}
You can check the Auth Section of the docs the docs for more info, search for "Using ControllerAuthorize"
Related
hi everyone back at coding. stuck with a strange error. the auth component on cakephp logs the user in and is also redirecting the user to the dashboard page but the error is that when the user lands on the dashboard the login form is still visible and the actual content of the dashboard is not showing.
//AppController.php
// Pass settings in $components array
public $components = array(
'Session',
'Auth' => array(
'loginAction' => array(
'controller' => 'Admins',
'action' => 'Dashboard',
///'plugin' => 'users'
),
'logoutRedirect' => array(
'controller' => 'Admins',
'action' => 'Login',
),
'authError' => 'Enter correct admin username and password',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'admin#test.com',
'password' => 'pass')
)
)
)
);
public function beforeFilter(){
//non-logged in users
$allowed = array('Login', 'Logout');
$this->Auth->allow($allowed);
$user = null;
if($this->Session->read('user')){
$user = $this->Session->read('user');
$this->user = $user;
$this->set('user', $user);
$this->redirect(array('controller'=>'Admins', 'action'=>'Dashboard'));
}
}
i'm not storing the admin login information in table since only one admin is required.
//Login function in AdminsController.php
public function Login(){
if($this->request->is('post')){
if($this->data['Admins']['username']=='admin#test.com' && $this->data['Admins']['password'] == 'pass'){
$this->Auth->login();
$this->Session->write($this->user, $this->data['Admins']['username']);
$this->Session->setFlash('Welcome Back !');
$this->redirect(array('controller'=>'Admins', 'action'=>'Dashboard'));
}
}
}
public function Dashboard(){
//pr($this->Session->read($user));
//pr($this->user);
//exit;
}
kindly ask for more information if needed, the problem is in the display for the ctp file, it displays the login.ctp rather than dashboard.ctp
I'm trying to make a simple login system for my users, but I can't figure out why it won't log me in, the Auth->login() method always returns FALSE (incorrect information) for some reason... might be something with password hashing.
I have cakePHP 2.5.2.
Here is a screenshot of my issue: ISSUE
My beforeSave() method in UsersController:
public function beforeSave($options = array()) {
$this->request->data['User']['password'] = Security::hash($this->request->data['User']['password']);
}
and the login() method:
function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->Session->setFlash(__('You\'ve successfully logged in.' . ' <b>' . $this->Session->read('User.login') . '</b>'), 'alert', array(
'plugin' => 'BoostCake',
'class' => 'alert-success'
), 'success');
return $this->redirect($this->Auth->redirectUrl());
//// $this->redirect($this->Auth->redirectUrl());
} else {
// var_dump($this->Auth->user());
$this->Session->setFlash(__('Sorry, the information you\'ve entered is incorrect.'), 'alert', array(
'plugin' => 'BoostCake',
'class' => 'alert-danger'
), 'danger');
}
}
}
here's the Auth component:
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'pages', 'action' => 'home'),
'logoutRedirect' => array('controller' => 'pages', 'action' => 'home'),
'loginAction' => array('controller' => 'users', 'action' => 'login'),
'authError' => 'You are not authorized to access this page.',
'authenticate' => array(
'Form' => array(
'userModel'=>'User',
'fields' => array(
'username' => 'login',
'password'=>'password')
)
),
'flash' => array(
'element' => 'alert',
'key' => 'auth',
'params' => array(
'plugin' => 'BoostCake',
'class' => 'alert-danger'
)
),'authorize'=>array('Controller'),
)
,'DebugKit.Toolbar'
);
Yes it's incorrect I removed everything and it works I don't know how
Move your beforeSave method to your Model, not the Controller.
When saving data Cake looks for any functions that should run before inserting the data in your Model.
You will also need to create a new user (if you look in your database you should find that the password has been stored as plaintext because the hashing in the beforeSave would never have been called.
I think you should provide the Security::hash() function blowfish or set the app's internal salt to true.
Like this:
public function beforeSave($options = array()) {
$this->request->data['User']['password'] = Security::hash($this->request->data['User']['password'], null, true);
}
This is the way, the deprecated AuthComponent::password() function works.
Just tested it this way in my Cake App and it work's fine.
See http://api.cakephp.org/2.4/class-Security.html#_hash
Edit:
beforeSave() should be in the User's Model, not in the User's Controller
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
}
this is my login script and
public $components = array('Acl', 'Session',
'Auth' => array('authorize' => array('Controller'),
'loginRedirect' => array('controller' => 'users', 'action' => 'dashboard'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'authenticate' => array('Form' => array('fields' => array('username' => 'email')))
)
);
this is auth compnents in appcontroller.php
it is logging in using email and password but it is not redirecting to user/dashboard
but instead of that if i put any external urls it redirects perfectly
eg: 'loginRedirect' => 'http://google.com',
it redirects to google
i am totally lost.kindly help
Make sure you are allowed to view the dashboard page using: AuthComponent::allow():
Add this method to your controller:
public function beforeFilter() {
$this->Auth->allow('dashboard');
}
Make sure there is a route set for the dashboard page
I'm completely lost in trying to setup the AuthComponent.
Every login fails.
Here's my AppController beforeFilter function:
public function beforeFilter() {
$this->Auth->authenticate = array(
'all' => array(
'userModel' => 'ClientUser',
'fields' => array(
'username' => 'login',
'password' => 'password'
)
)
);
$this->Auth->loginAction = array('controller' => 'client_users', 'action' => 'login');
$this->Auth->loginRedirect = array('controller' => 'static', 'action' => 'clientcenter');
$this->Auth->logoutRedirect = array('controller' => 'static', 'action' => 'home');
// I deny stuff later on
$this->Auth->allow();
}
And here's the login function in the ClientUsers controller:
public function login() {
// Check login data
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Username or password is incorrect'), 'default', array(), 'auth');
}
}
And it always fails. And I have no idea why.
This is my $request->data content: (I've actually used "login" and "username" as field name, none work)
ClientUser
login: user#email.com
password: thepassword
Client passwords are hashed in the Model, using the authcomponent (which is imported at the top of the script. I used the security hash function earlier, but that also did not work):
public function beforeSave($options) {
$this->data['ClientUser']['password'] = AuthComponent::password($this->data['ClientUser']['password1']);
return true;
}
Where is you Auth adapter?
as explained on http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#authentication-objects
// at least one adapter is necessary (here Form)
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
)
)
);
I cannot login any users using AuthComponent.
The user table's name is users, with some important fields such as user_id, user_password, there is no hashing on the password field.
This is my AppController
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'home'),
'authError' => 'You cannot view this page',
'authorize' => array('controller')
)
);
public function isAuthorize($user) {
return true;
}
public function beforeFilter() {
$this->Auth->allow('home');
}
}
This is my UsersController
class UsersController extends AppController {
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash('Cannot login in');
}
}
}
}
This is my User model.
class User extends AppModel {
public $name = 'User';
public $primaryKey = 'user_id';
public $belongsTo = 'Group';
}
This is my View
<h2>Login</h2>
<?php
echo $this->Form->create();
echo $this->Form->input('user_id', array('label' => 'User ID', 'type' => 'text'));
echo $this->Form->input('user_password', array('label' => 'Password', 'type' => 'password'));
echo $this->Form->end('Login');
?>
When I typed corrected user_id and password then pressed the Login button, I got the message from the UsersController that I cannot login. What went wrong here???
Also, I really don't understand about the concept of AuthComponent:login(), how does it work to check user_id and password againt the database, how doest it know which field conttains user_id, and which one contains the password???
Please help.
Thanks.
Kongthap
A few things I noticed:
public function isAuthorize($user) {
This method is missing a 'd' on the end. It should be
public function isAuthorized($user) {
Next, by default, Cake expects to identify the user by fields named 'username' and 'password'. So, if you want to change that, you'll need to do this:
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'home'),
'authError' => 'You cannot view this page',
'authorize' => array('controller'),
'authenticate' => array(
'Form' => array( // THIS IS WHERE YOU CHANGE THE DEFAULT FIELDS
'fields' => array('username' => 'user_id','password' => 'user_password')
)
)
)
);
That code isn't tested but should set you on the right track. But as Dave said, it's really worth reading through the complete doco to understand how it all works: http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
Last, I'm not sure that 'user_id' is a good choice of column name. You'd expect a column name of 'user_id' to be a foreign key in some table, pointing to the 'id' column of a 'users' table. If that's not the function it serves, you should probably go with a different name.