CakePHP redirect loop - cakephp

I'm having the weirdest Cake error with my code. When the code below calls the add() method (also reproduced here and from a different controller), the code redirects him back with a 302 found HTTP code to the edit() action (in essence, to the user it appears as if nothing happens). To further complicate matters, when I call the same URL when I'm not on that page (despite the pages not being reliant on each other), I get redirected to the base of my app, which results in a redirect loop. I tried calling other methods from this controller (with their proper arguments) to see if this was just a problem with the add() action, but I get the same redirect loop. I've already checked all over SE but cannot find a relevant answer.
Here is the relevant code:
function edit($id=null) {
if(!$id) {
$this->Session->setFlash('Invalid!');
$this->redirect(array(
'action' => 'index')
);
}
else {
//Get the slides themselves
$slides = $this->Slide->find('all', array('conditions' => array('Slide.module_id' => $id)));
$this->set('slides', $slides);
//Get the data for the Module
$module = $this->Module->find('first',
array(
'conditions' => array (
'Module.id' => $id
),
'fields' => array(
'Module.module_name',
'Module.id')
)
);
}
}
And here is the add() code (again, from a different module):
function add($module = null) {
if ($this->request->is('get')) {
//Set some variables for the view (this code I know works as it has been used successfully elsewhere
}
else { //User is POSTing
$this->Slide->create();
$this->Slide->save($this->data);
}
}
Thanks to everyone in advance; I couldn't do this without your support!
EDIT: Here is the AppController code:
public $components = array(
'Auth' => array(
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
),
'loginAction' => array(
'controller' => 'users',
'action' => 'login'
),
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
),
'logoutRedirect' => array('/')
),
'Session'
);
public $helpers = array('Html', 'Form', 'Session');
public function isAuthorized() {
return true;
}
public function Controller() {
}
}

Related

CakePhp bad Auth redirection

I just started learning about the Auth component and I'm having a problem with redirection. The path of my local aplication is: localhost/school but when a logged user tries to acces to a url he isnt't allowed the site redirects to localhost/school/school and it says "The requested address '/school/school/' was not found on this server". I want no redirection when this happens, just show "you are not allowed" in the same page or maybe redirect to specific error page, how can I do that?. I have no problems with login or logout redirection, only what I said before. This is my App Controller:
public $components = array(
'Acl',
'Auth' => array(
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
)
),
'Session'
);
public $helpers = array('Html', 'Form', 'Session');
public function beforeFilter() {
//Configure AuthComponent
$this->Auth->loginAction = array(
'controller' => 'users',
'action' => 'login'
);
$this->Auth->logoutRedirect = array(
'controller' => 'users',
'action' => 'login'
);
$this->set('current_user',$this->Auth->User());
$this->Auth->authError = "You're not allowed.";
}
I had the same problem and I solved it.
Try this code in AppController
public function beforeFilter() {
//Configure AuthComponent
// note just these two lines
$this->Auth->unauthorizedRedirect=FALSE ;
$this->Auth->authError="Access Denied";
$this->Auth->loginAction = array(
'controller' => 'users',
'action' => 'login'
);
$this->Auth->logoutRedirect = array(
'controller' => 'users',
'action' => 'login'
);
$this->Auth->loginRedirect = array(
'controller' => 'posts',
'action' => 'add'
);
$this->Auth->allow('display');
//$this->Auth->allow();
}
class AppController extends Controller {
// added the debug toolkit
// sessions support
// authorization for login and logut redirect
public $components = array(
'Session','Flash',
'Auth' => array(
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'authError' => 'You must be logged in to view this page.',
'loginError' => 'Invalid Username or Password entered, please try again.'
));
// only allow the login controllers only
public function beforeFilter() {
$this->Auth->allow('login');
}
public function isAuthorized($user) {
// Here is where we should verify the role and give access based on role
return true;
}
}
and in your controller it should be like this :
class UsersController extends AppController {
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('login','add');
}
public function login() {
//if already logged-in, redirect
if($this->Session->check('Auth.User')){
$this->redirect(array('action' => 'index'));
}
// if we get the post information, try to authenticate
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->Flash->set(__('Welcome, '. $this->Auth->user('username')));
$this->redirect($this->Auth->redirectUrl());
} else {
$this->Flash->set(__('Invalid username or password'));
}
}
}
If you're not allowing someone access to a page, then what do you want the controller to do when they request it?
For example, you can set a redirect with :
$this->redirect(array(
'controller'=>'users',
'action' => 'login'));`
You can display a message using Session::setFlash();
localhost/projectName/projectName is a redirection when you don't have permission to this action. I had same problem. I comment for a moment 'Actions' => array('actionPath' => 'controllers') ) in $components. After that I set aros_acos by executing this code:
$group = $this->User->Group->read(null,'1');
$this->Acl->allow($group, 'controllers/Users/controlPanel');
After that I uncomment code, and in action 'controlPanel' and error disappear :) I don't know how I can change this redirection, but if I have record in aros_acos everything works.

Error: Call to a member function find() on a non-object in Cakephp

I have a database there have two table tutorials and districts tutorials has a one to one relation with district.Here in tutorials add page I am trying to get districts list.
So I have Coded in TutorialsController in add methods below code
public function add() {
if ($this->request->is('post')) {
$this->Tutorial->create();
if ($this->Tutorial->save($this->request->data)) {
$this->Session->setFlash(__('The tutorial has been saved.'));
return $this->redirect(array('action' => 'index'));
} else {
$this->Session->setFlash(__('The tutorial could not be saved. Please, try again.'));
}
}
$districts = $this->Tutorial->District->find('list');
$this->set(compact('districts'));
}
I have ensured
var $uses = array('Tutorial','District');
Relation code in Tutorial
public $belongsTo = array(
'Districts' => array(
'className' => 'Districts',
'foreignKey' => 'districts_id',
'conditions' => '',
'fields' => '',
'order' => ''
)
);
Still I am facing error Call to a member function find() on a non-object in line code
$districts = $this->Tutorial->District->find('list');
I have used var $uses = array('Tutorial','District');
Why still this error is giving ?
Remove var $uses = array('Tutorial','District');(its unnecessary while models are associated) and edit as-
public $belongsTo = array(
'District' => array( // remove 's'
'className' => 'Districts',
'foreignKey' => 'districts_id',
'conditions' => '',
'fields' => '',
'order' => ''
)
);

Download function not working CakePHP

I read the documentation regarding file downloads, however I can't seem to get this to work.
I have read through questions here as well, and have had no luck.
My function looks as follows:
public function generate($id) {
$this->layout = 'ajax';
$this->Magazine->recursive = 2;
$DistributionLists = $this->Magazine->DistributionList->find('all',
array(
'conditions' => array(
'Magazine.id' => $id
),
'order' => array(
'DistributionList.priority ASC'
)
)
);
$this->set('magazine',$DistributionLists[0]['Magazine']['magazine_name']);
$this->set(compact('DistributionLists'));
}
public function download() {
$this->viewClass = 'Media';
$params = array(
'id' => "Magazine Distribution List.doc",
'name' => "Magazine Distribution List",
'download' => true,
'extension' => 'doc',
'path' => APP . "tmp" . DS
);
$this->set($params);
unlink(APP."tmp".DS);
$this->redirect(array('action'=>'index'));
}
public function afterFilter() {
parent::afterFilter();
if($this->action == 'generate') {
$this->redirect(array('action'=>'download'));
}
}
The reason I have an afterFilter function is because the word document that needs to be downloaded is created in the view file.
Does anyone know why this doesn't work?
You have to remove the call to the redirect method in your download method because it prevents your view from getting "rendered" due to the redirect.

Restricting and redirecting other user from admin in cakePHP

I'm getting issue after logging in the site. There are two kinds of users i.e. 'admin','employer'. When I've logged in by employer, I can access the restricted area of Admin. Below is the AppController of the site..
class AppController extends Controller {
public $helpers = array('Form', 'Html', 'Js', 'Time', 'Auth');
// Change template extension to .php instead of .ctp
var $ext = '.php';
public $components = array(
'Session',
'Auth' => array(
'loginAction' => array(
'controller' => 'users',
'action' => 'login'
),
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'authenticate' => array('Form' => array('fields' => array('username' => 'email'))),
'authorize' => array('Controller')
)
);
public function isAuthorized($user) {
// Admin can access every action
if (isset($user['type']) && $user['type'] === 'admin') {
return true;
}
// Default deny
return false;
}
public function beforeFilter() {
$this->Auth->allow(array('view', 'index','assessment','question'));
}
}
Now here is the controller which has methods for admin.
class TopicsController extends AppController {
public $scaffold = 'admin';
public function beforeFilter() {
if($this->Auth->user('type')!='employer'){
parent::beforeFilter();
$this->Auth->allow(array('view', 'index','moveup'));
} else {
$this->Auth->deny(array('view', 'index','moveup'));
$this->redirect(array('controller' => 'employer' , 'action' => 'index'));
}
}
public function isAuthorized($user) {
return true;
}
public function index() {
$this->set('topics', $this->Topic->children());
}
}
If admin URL is www.example.com/admin/topics , Employer is redirected to www.example.com/admin/employer which is not right URL to be redirected.
Also want to know about public $scaffold = 'admin'; as It's little unclear to me.
Please help me..
Ok.. Found one way to redirect, which made my issue solved for a now.. Still looking for proper answer if anybody has..
I changed code from
$this->redirect(array('controller' => 'employer' , 'action' => 'index'));
to
$this->redirect('employer');
..
EDIT: Thanks Alex, I've used
$this->redirect(array('controller' => 'employer' , 'action' => 'index', 'admin'=>false));
and it's working too..

Better approach to do this for security and code management purpose

I am working on a Cakephp 2.3 on a very big project and I'm about to launch my site worldwide.
I have a login system on my app. I am sharing my code because I want to make sure if I am coding right or not ... and also any check for any functions missing or if any advice of adding something or removing something in the code would be greatly appreciated. And also comment in security perspective too...
Do tell me some tips of making my website faster.. for example how to write faster queries or remove unwanted from this blabla
class UsersController extends AppController
{
public $components = array('Cookie');
public function beforeFilter()
{
parent::beforeFilter();
App::uses('Utility', 'Utility');
$this->Auth->allow('index');
$this->Security->requireSecure('login'); // for security
$this->Auth->authenticate = array(
'Authenticate.Cookie' => array(
'fields' => array(
'username' => 'email',
'password' => 'password'
),
'userModel' => 'User',
'scope' => array(
'User.active' => 1
)
),
'Authenticate.MultiColumn' => array(
'fields' => array(
'username' => 'email',
'password' => 'password'
),
'columns' => array(
'email',
'mobileNo'
),
'userModel' => 'User'
)
);
}
public function index()
{
$this->layout = 'logindefault';
if (!$this->Auth->login() || !$this->Auth->loggedIn()) {
$this->redirect(array(
'controller' => 'users',
'action' => 'login'
));
} else {
$this->redirect(array(
'controller' => 'users',
'action' => 'dashboard'
));
}
}
public function login()
{
$this->layout = 'logindefault';
$this->set('title_for_layout', 'Account Login');
if ($this->Auth->login() || $this->Auth->loggedIn()) {
$lastLogin = $this->Auth->User('lastLogin');
if ($lastLogin != null) {
$this->redirect($this->Auth->redirect());
} else {
$this->redirect(array(
'controller' => 'Userinfo',
'action' => 'gettingstarted'
));
}
} else {
if ($this->request->is('post')) {
$mobileNo = $this->request->data['User']['email'];
$mobileNo = Utility::addPlusToMobileNo($mobileNo);
$this->request->data['User']['email'] = $mobileNo;
if ($this->Auth->login() || $this->Auth->loggedIn()) {
if ($this->Session->check('Auth.User')) {
$this->_setCookie($this->Auth->user('idUser'));
$lastLogin = $this->Auth->User('lastLogin');
if ($lastLogin != null) {
$this->redirect(array(
'controller' => 'users',
'action' => 'dashboard'
));
} else {
$this->redirect(array(
'controller' => 'Userinfo',
'action' => 'gettingstarted'
));
}
}
} else {
$this->Session->setFlash('Incorrect Email/Password Combination');
}
}
}
}
protected function _setCookie($id)
{
if (!$this->request->data('User.remember_me')) {
return false;
}
$data = array(
'username' => $this->request->data('User.email'),
'password' => $this->request->data('User.password')
);
$this->Cookie->write('User', $data, true, '1 week');
return true;
}
public function logout()
{
$this->Cookie->delete('User');
$this->redirect($this->Auth->logout());
}
Looks like you're already using the SecurityComponent if you want to secure your app use it everywhere. For AJAX forms white list only the fields you need, dont disable the component!
Put App::uses('Utility', 'Utility'); on top of the file
$mobileNo = Utility::addPlusToMobileNo($mobileNo); should happen in the model beforeSave()
If this is supposed to be used world wide I assume you want translations, this is missing the translation method call __() setFlash('Incorrect Email/Password Combination');
Most of the code CAN and should go into the model layer
Are there unit tests? If not add unit tests, specially test validation of data and false data input. You want ~85%+ Code Coverage for unit tests.
You're not following the CakePHP coding standards
There is no way to tell you more than this without being able to access the whole app code and doing a code review (I could do that). For queries, always just query the data you need, check the generated SQL queries, use DebugKit to check the query times to find slow querys and slowly rendering pages.

Resources