I'm completely lost in trying to setup the AuthComponent.
Every login fails.
Here's my AppController beforeFilter function:
public function beforeFilter() {
$this->Auth->authenticate = array(
'all' => array(
'userModel' => 'ClientUser',
'fields' => array(
'username' => 'login',
'password' => 'password'
)
)
);
$this->Auth->loginAction = array('controller' => 'client_users', 'action' => 'login');
$this->Auth->loginRedirect = array('controller' => 'static', 'action' => 'clientcenter');
$this->Auth->logoutRedirect = array('controller' => 'static', 'action' => 'home');
// I deny stuff later on
$this->Auth->allow();
}
And here's the login function in the ClientUsers controller:
public function login() {
// Check login data
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Username or password is incorrect'), 'default', array(), 'auth');
}
}
And it always fails. And I have no idea why.
This is my $request->data content: (I've actually used "login" and "username" as field name, none work)
ClientUser
login: user#email.com
password: thepassword
Client passwords are hashed in the Model, using the authcomponent (which is imported at the top of the script. I used the security hash function earlier, but that also did not work):
public function beforeSave($options) {
$this->data['ClientUser']['password'] = AuthComponent::password($this->data['ClientUser']['password1']);
return true;
}
Where is you Auth adapter?
as explained on http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#authentication-objects
// at least one adapter is necessary (here Form)
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
)
)
);
Related
I have used Auth component in my OrdersController as follows:
public $components = array(
'Session',
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array(
'username' => 'email', //Default is 'username' in the userModel
'password' => 'password' //Default is 'password' in the userModel
),
'userModel' => 'Agent'
)
),
'loginAction' => array(
'controller' => 'admins',
'action' => 'login'
),
'loginRedirect' => array('controller' => 'admins', 'action' => 'deshboard'),
'logoutRedirect' => array('controller' => 'admins', 'action' => 'login'),
'authError' => "You can't acces that page",
'authorize' => 'Controller'
)
);
public function beforeFilter() {
parent::beforeFilter();
// Allow users to register and logout.
$this->Auth->allow('login','index');
}
When I tried to login and username and password matched it redirect to adminc/deshboard with the following error message:
$controller does not implement an isAuthorized() method.
Error: An Internal Error Has Occurred.
I searched google for couple of hours no solution. What am I doing for this error? Thanks for your time.
You need to implement isAuthorized(), like so:
class OrdersController extends Controller {
//...
public function isAuthorized($user) {
//auth check
//return boolean
}
//...
}
See http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html for more info.
I want to redirect http://localhost/amrajegeachi14/admins/deshboard after successful login and http://localhost/amrajegeachi14/admins/login if login failed. My code inside adminsController:
class AdminsController extends AppController {
var $layout = 'admin';
public function beforeFilter() {
parent::beforeFilter();
// $this->Auth->allow('login');
}
function isAuthorized($user) {
if (isset($user['Admin'])) {
if ($user['Admin']['status'] == 'active') {
return TRUE;
}
}
return FALSE;
}
function login() {
$this->loadModel('Admin');
$this->layout = "admin-login";
// if already logged in check this step
if ($this->Session->check('Auth.User')) {
return $this->redirect(
array('controller' => 'admins', 'action' => 'deshboard'));
}
// after submit login form check this step
if ($this->request->is('post')) {
$password = Security::hash($this->request->data['Admin']['password'], NULL, true);
$admin = $this->Admin->find('first', array(
'conditions' => array('email' => $this->request->data['Admin']['email'], 'password' => $password)
));
if ($this->isAuthorized($admin)) {
$this->Auth->login($this->request->data['Admin']);
return $this->redirect('/admins/deshboard');
} else {
$this->Session->setFlash('Invalid username/password combination OR you are blocked, try again');
return $this->redirect('/admins/login');
;
}
}
}
public function logout() {
// $user = $this->Auth->user();
// $this->Session->destroy();
$this->Session->setFlash('you have successfully logged out');
$this->Auth->logout();
return $this->redirect(array('controller' => 'admins', 'action' => 'login'));
}
function deshboard() {
}
}
Code Inside AppController.php
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array(
'username' => 'email', //Default is 'username' in the userModel
'password' => 'password' //Default is 'password' in the userModel
),
'userModel' => 'Agent'
)
),
'loginAction' => array(
'controller' => 'admins',
'action' => 'login'
),
'loginRedirect' => array('controller' => 'admins', 'action' => 'deshboard'),
'logoutRedirect' => array('controller' => 'admins', 'action' => 'login'),
'authError' => "You can't acces that page",
'authorize' => 'Controller'
)
);
public function beforeFilter() {
//parent::beforeFilter();
$this->Auth->allow('index');
}
}
When I try to login it redirects to http://localhost/amrajegeachi14/admins/login if login failed. its fine. but when I provide valid email and password and login successful it redirects to http://localhost/amrajegeachi14/amrajegeachi14/admins/deshboard. its wrong it should be http://localhost/amrajegeachi14/admins/deshboard
I am surprised when I changed the isAuthorized() function as follows:
function isAuthorized($user) {
if (isset($user['Admin'])) {
if ($user['Admin']['status'] == 'active') {
return TRUE;
}
}
return true;
}
it redirects http://localhost/amrajegeachi14/admins/deshboard with successful login. But in this case login will be okay with incorrect username and password.
This problem kills my sleep, makes me crazy and I am so much disappointed. I searched google for two days but no appropriate solution. Please help me.
The problem is that your user is never logged in because you did not follow the CakePHP way of authenticating an user. Here is your code with comments:
// This should not be here... This should either be in a authentication
// component, or maybe not present at all if you use default authentication.
$password = Security::hash($this->request->data['Admin']['password'], NULL, true);
$admin = $this->Admin->find('first', array(
'conditions' => array(
'email' => $this->request->data['Admin']['email'],
'password' => $password
)
));
// This should not be called manually.
if ($this->isAuthorized($admin)) {
// Your problem is probably here, since you never check the return
// value of the login function.
$this->Auth->login($this->request->data['Admin']);
// You should use $this->Auth->redirectUrl()
return $this->redirect('/admins/deshboard');
} else {
$this->Session->setFlash('Invalid username/password combination OR you are blocked, try again');
return $this->redirect('/admins/login');
}
I am pretty sure that the $this->Auth->login () call always return false. The login method will try to authenticate an user, using the authentication component you specified (or the default one).
Your passwords are probably hashed in your DB, but you did not tell the component how to hash them, so it cannot authenticate your users...
hi everyone back at coding. stuck with a strange error. the auth component on cakephp logs the user in and is also redirecting the user to the dashboard page but the error is that when the user lands on the dashboard the login form is still visible and the actual content of the dashboard is not showing.
//AppController.php
// Pass settings in $components array
public $components = array(
'Session',
'Auth' => array(
'loginAction' => array(
'controller' => 'Admins',
'action' => 'Dashboard',
///'plugin' => 'users'
),
'logoutRedirect' => array(
'controller' => 'Admins',
'action' => 'Login',
),
'authError' => 'Enter correct admin username and password',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'admin#test.com',
'password' => 'pass')
)
)
)
);
public function beforeFilter(){
//non-logged in users
$allowed = array('Login', 'Logout');
$this->Auth->allow($allowed);
$user = null;
if($this->Session->read('user')){
$user = $this->Session->read('user');
$this->user = $user;
$this->set('user', $user);
$this->redirect(array('controller'=>'Admins', 'action'=>'Dashboard'));
}
}
i'm not storing the admin login information in table since only one admin is required.
//Login function in AdminsController.php
public function Login(){
if($this->request->is('post')){
if($this->data['Admins']['username']=='admin#test.com' && $this->data['Admins']['password'] == 'pass'){
$this->Auth->login();
$this->Session->write($this->user, $this->data['Admins']['username']);
$this->Session->setFlash('Welcome Back !');
$this->redirect(array('controller'=>'Admins', 'action'=>'Dashboard'));
}
}
}
public function Dashboard(){
//pr($this->Session->read($user));
//pr($this->user);
//exit;
}
kindly ask for more information if needed, the problem is in the display for the ctp file, it displays the login.ctp rather than dashboard.ctp
I'm trying to make a simple login system for my users, but I can't figure out why it won't log me in, the Auth->login() method always returns FALSE (incorrect information) for some reason... might be something with password hashing.
I have cakePHP 2.5.2.
Here is a screenshot of my issue: ISSUE
My beforeSave() method in UsersController:
public function beforeSave($options = array()) {
$this->request->data['User']['password'] = Security::hash($this->request->data['User']['password']);
}
and the login() method:
function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->Session->setFlash(__('You\'ve successfully logged in.' . ' <b>' . $this->Session->read('User.login') . '</b>'), 'alert', array(
'plugin' => 'BoostCake',
'class' => 'alert-success'
), 'success');
return $this->redirect($this->Auth->redirectUrl());
//// $this->redirect($this->Auth->redirectUrl());
} else {
// var_dump($this->Auth->user());
$this->Session->setFlash(__('Sorry, the information you\'ve entered is incorrect.'), 'alert', array(
'plugin' => 'BoostCake',
'class' => 'alert-danger'
), 'danger');
}
}
}
here's the Auth component:
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'pages', 'action' => 'home'),
'logoutRedirect' => array('controller' => 'pages', 'action' => 'home'),
'loginAction' => array('controller' => 'users', 'action' => 'login'),
'authError' => 'You are not authorized to access this page.',
'authenticate' => array(
'Form' => array(
'userModel'=>'User',
'fields' => array(
'username' => 'login',
'password'=>'password')
)
),
'flash' => array(
'element' => 'alert',
'key' => 'auth',
'params' => array(
'plugin' => 'BoostCake',
'class' => 'alert-danger'
)
),'authorize'=>array('Controller'),
)
,'DebugKit.Toolbar'
);
Yes it's incorrect I removed everything and it works I don't know how
Move your beforeSave method to your Model, not the Controller.
When saving data Cake looks for any functions that should run before inserting the data in your Model.
You will also need to create a new user (if you look in your database you should find that the password has been stored as plaintext because the hashing in the beforeSave would never have been called.
I think you should provide the Security::hash() function blowfish or set the app's internal salt to true.
Like this:
public function beforeSave($options = array()) {
$this->request->data['User']['password'] = Security::hash($this->request->data['User']['password'], null, true);
}
This is the way, the deprecated AuthComponent::password() function works.
Just tested it this way in my Cake App and it work's fine.
See http://api.cakephp.org/2.4/class-Security.html#_hash
Edit:
beforeSave() should be in the User's Model, not in the User's Controller
I'm having some issues with the authentication component. Every time I try to login in with a user (I've checked that user exists in the database with correct params), my application throws me a failure login message.
I have two models, Accounts and Employees, where one Employee belongsTo Account, and one Account hasOne Employee. I save the data with saveAssociated(), and everything is ok in the database, but it's impossible to login.
I've been searching for solutions, and repeating the CookBook tutorials once and another, and I can't find what I'm doing wrong.
Here is some code:
class AppController extends Controller {
public $components = array(
'DebugKit.Toolbar',
'Session',
'Auth' => array(
'loginAction' => array('controller' => 'accounts', 'action' => 'login'),
'loginRedirect' => array('controller' => 'snippets', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'snippets', 'action' => 'index'),
'authorize' => array('Controller')));
public function beforeFilter() {
$this->Auth->loginAction = array('controller' => 'accounts', 'action' => 'login');
$this->Auth->authenticate = array(
AuthComponent::ALL => array(
'userModel' => 'Account',
'fields' => array('username' => 'username', 'password' => 'password')),
'Basic',
'Form');
$this->Auth->allow('index', 'view');
My login function:
public function login() {
if($this->request->is('post')) {
if ($this->Auth->login()) {
$this->Session->setFlash(__('Welcome'));
return $this->redirect(array('controller' => 'snippets', 'action' => 'index'));
//return $this->redirect($this->Auth->redirect());
}
$this->Session->setFlash(__('Wrong password or email'), 'default', array(), 'auth');
}
}
Please, someone can tell me what I'm doing wrong? If you need to see some other code sections, tell me.
Thanks!
When Using ControllerAuthorize 'authorize' => array('Controller') you need to implement an isAuthorized() method that returns a boolean in your AppController.
public function isAuthorized($user = null) {
// Any registered user can access public functions
if (empty($this->request->params['admin'])) {
return true;
}
// Only admins can access admin functions
if (isset($this->request->params['admin'])) {
return (bool)($user['role'] === 'admin');
}
// Default deny
return false;
}
You can check the Auth Section of the docs the docs for more info, search for "Using ControllerAuthorize"