I have an application developed with CakePHP, where I'm using the AuthComponent for Authentication and Authorization.
I'm making an action where the user can register on the application using Facebook.
I used HybridAuth to integrate Facebook with my application and I get the user data information to manipulate.
Now, I'm receiving the data correctly, but when I try to force a manual login and redirect the user to an authorized page, the user receives the authentication error.
My code:
$this->Auth->login($user_exists['User']);
$this->redirect($this->Auth->redirect());
Where $user_exists['User'] is equal to:
$user_exists = $this->User->findByUsername($profile->email);
Can somebody tell me what I'm doing wrong and why CakePHP won't accept my data to make a forced login?
Thanks!
Where $user_exists['User'] is equal to: $user_exists
That is your problem right there.
Those cannot be equal since the latter contains a deep array with
'User' => array(...)
and the first one is directly the array(...)
So make sure you pass in the (flat) User array directly.
->login($data)
with
$data = array('id' => 1, 'username' => 'foo, ...)
Related
I'm a newbie to cakephp and I don't quit get it.
I'm building a system where users login and register some data. And I want the users to only see their own data. How do I do this? I was thinking about making a kind of restriction in the model or do I have to code this in every function (Connected to the views)?
I have a well functioning system With user login etc, but I can't separate the data access to the users.
I can't figure this out and I might think that's a bit because I might not know what to ask about. Hoping that some can give me a hand.
You have the logged in users id via $this->Auth->user('id');. You then have to set a condition on your find calls where user_id = $userId.
$userId = $this->Auth->user('id');
$this->SomeRelatedModel->find('all', array(
'conditions' => array(
'SomeRelatedModel.user_id' => $userId,
),
));
You can also pass the $userId variable to the model and do your find calls in there (either methods or custom find calls).
If a lot of your models/find calls need to filter by user id, you may want to create a behavior and use beforeFind callback to add the condition to the query.
When user will login, Auth will store Id in session. you can access it by using
$this->Session->read('Auth.User.id') or $this->Auth->user('id') or AuthComponent::user('id')
$this->User->find('all',array(
'conditions'=>array('id'=>$this->Session->read('Auth.User.id')),
'fields'=>'...............'));
I realize this might not be a clear cut "problem/answer" question, but I think it's worth asking.
In controllers, it seems that there are three options which access the Auth object:
$this->Auth->user
$this->User
$user
They each return the record for the logged in user, and I cannot see much of a difference between them.
Now, it occurs to me that, at a glance, $this->User could be a bit confusing or unclear if working in an associated model $this->Posts->User.
But apart from that, is there a difference between these three options?
$this->Auth->user() returns the currently authenticated user from the session.
$this->User is a model and you won't get the currently authenticated user unless you use the session data (either from Session or Auth component) to get the user id. Either way you'd have to do a query every request to get info about the logged in user.
$user .. is just a variable. I don't understand how this is an "options which access the Auth object"
If you want info about the currently logged in user, use $this->Auth->user();
In cakephp 2 you must use AuthComponent::user($user_field) to access authenticated user data , for example :
for id of user that authenticated you must use AuthComponent::user('id').
As tirang said $this->User is a model and $user just a variable.
I'm using CakePHP v2 on a LAMP server and I appear to have a problem with the session not automatically renewing itself if the user stays active.
In other words, if I set the session cookie to 3 days then the user gets logged out after 3 days even if they've been active the whole time.
At first, I though that this might be the correct behaviour but then when I posted a qustion about it ( Extending the life of the CakePHP Session Cookie ) the only answer I got tended to suggest that the bahaviour I'm experiencing is NOT the default behaviour.
So, presumably I have done something wrong somewhere. Here is what I've put in APP/Config/core.php:
Configure::write('Session', array(
'defaults' => 'database',
'cookie' => 'mycookie',
'timeout' => 4320 //3 days
));
I just want the cookie to stay valid for 3 days from the last activity of the user. What it's doing at the moment is expiring after 3 days even if the user has been active the whole time.
put this in your afterFilter action in AppController:
$this->Session->renew();
This renews the session cookie.
(Putting it in beforeFilter caused my admin session to expire if i went to frontend for some reason.)
I think you need to create a custom session handler to achieve your requirement.(Just simply update the session's expire when read it.)
I have language-prefixed URLs working great (site.com/en/controller/action and site.com/fr/controller/action, etc.), but if somebody enters a URL without the language, I want to redirect to a URL that has the language. So site.com/controller/action redirects to site.com/xx/controller/action where xx is a value specifying the language, that is stored in the session (or a cookie).
I suspect I can just look up the language index in the $this->params array, and simply redirect if I don't find it. Something like:
if (!isset($this->params['language']) {
$this->redirect(array('controller' => $this->controller, 'action' => $this->action, 'language' => $this->Session->read('Config.language')));
}
But my concern is that this would drop any POST or GET data.
What am I missing?
Thanks!
I' not huge expert in this case but I have understood that it's good practise to always redirect POST data. So before checking language, do what you should do with POST data, and after that do a redirect with proper language in url.
Look this:
Insert cakephp POST params into URL
You can also look this->params for GET data and pass that to $this->redirect to carry it on.
I am looking for an insight into the best approach to create an administrator section in CakePHP. I've looked at plugins like BrowniePHP as well as others, but I am not entirely satisfied with using plugins. So I am trying to create my own which will encompass the things I need. I;ve looked at some tutorials, but cant find the right answer.
I am currently creating a vast application, which is about 10% done, but I now feel the need to have an admin section before moving on.
Basically I would like a section where I can add new articles, approve comments, deny user access, etc. This section should only be accessible by an administrator.
Also, this administrator section must be able to save to any other model.
I am still learning CakePHP and any detailed instruction would be appreciated.
to create an admin-section the first thing you have to do is to manually edit the core.php within /app/config and write the setting Routing.prefixes. This line should be around line 88 somewhere and you just have to uncomment it.
In case you can't find it, it should look like this:
Configure::write('Routing.prefixes', array('admin'));
So now you can write your admin-functions within your controllers like this:
function admin_edit($id = null) {
//your admin function
}
You don't need access to every model since your writing these function within your controllers like every other "normal" action.
You just have to connect a route to handle the admin-actions:
Router::connect('/admin/:controller/:action/*', array('admin' => true, 'prefix' => 'admin', 'controller' => 'pages'));
// 'admin' => true is a variable for you so you can check if it's an admin-action which is requested
// 'prefix' => 'admin' means that you can write function with this prefix like above
You can then access these actions via the url http://yourapp.com/admin/controller/action
If you now use the Auth-Component you can write methods for checking if a user is allowed to access these methods.
For further information please read these manual-entrys:
Prefix-Routing
Authentication (Auth-Component)