In my User Authentication I need to set a Condition (verified = 1) for the Login to happen. I know that I should be able to do it like this:
$this->Auth->userScope = array('User.verified' => '1');
I tried this in AppController and my UsersController beforeFilter function, but it doesn't do anything. Is there anything else I need to configure for this?
I ended up doing (AppController):
public function isAuthorized($user) {
if ($user['verified'] == '0') {
$this->Session->setFlash('You need to verify your Account first.');
return false;
}
return false;
}
This seems to be inelegant, since there should be the proper (userScope) way to do it, plus I now get two Flashes when verified = 0: The first one is the setFlash from above, and the second one is the regular authError.
I checked both, the Docs and stackoverflow, but I found very little information on this topic.
CakePHP 2.x:
public $components = array(
'Auth' => array(
'loginAction' => array(
'controller' => 'users',
'action' => 'login'
),
'authError' => 'Je hebt geen toegang tot dit gedeelte',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email'),
'scope' => array('is_admin' => '1')
),
)
),
'Session'
);
Update: For cakePHP 3.1 finder option is available since 3.1. Prior to that you can use scope and contain options to modify query.
http://book.cakephp.org/3.0/en/controllers/components/authentication.html#customizing-find-query
$this->Auth->authenticate = array(
AuthComponent::ALL => array(
'scope' => array('User.verified' => '1'),
),
);
$this->Auth->authenticate = array(
'Form' => array(
'scope' => array('User.verified' => '1')
)
);
Assuming the CakePHP Documentation is correct Auth::userScope was renamed to Auth::scope so now you would do something like this:
$this->Auth->scope = array ('User.active' => '1');
Configuring Auth in CakePHP 2.x
Hope this helps.
Try this:
$this->Auth->userScope = array('User.verified = 1');
Related
Having issues logging in with ajax. Can anyone direct me to some documentation that makes sense. This sounds worrying.
In 2.x $this->Auth->login($this->request->data) will log the user in
with whatever data is posted, whereas in 1.3
$this->Auth->login($this->data) would try to identify the user first
and only log in when successful.
$data['User']['email'] = "this";
$data['User']['password'] = "that";
$data = $this->request->input('json_decode', true);
$this->autoRender = false;
$this->response->type('json');
if ($this->Auth->login($data)){
echo "access";
} else {
echo "access denied";
}
It always prints "access".
In AppController.php
'Auth' => array(
'loginRedirect' => array(
'controller' => 'posts',
'action' => 'index'
),
'logoutRedirect' => array(
'controller' => 'pages',
'action' => 'display',
'home'
),
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email'),
'passwordHasher' => 'Blowfish'
),
)
),
Use AuthComponent::identify() instead. But this can (and clearly should) be done better. Your code tells me that you don't have much experience with json in CakePHP.
Check this page of the manual. Also your request should be made with "Accept: application/json" then your data should automatically end up in $this->request->data and then login() should pick it up automatically. The proper way is to send the Accept header and not just rely on the extension, this is general and not just specific to CakePHP.
I am working on a Cakephp 2.3 on a very big project and I'm about to launch my site worldwide.
I have a login system on my app. I am sharing my code because I want to make sure if I am coding right or not ... and also any check for any functions missing or if any advice of adding something or removing something in the code would be greatly appreciated. And also comment in security perspective too...
Do tell me some tips of making my website faster.. for example how to write faster queries or remove unwanted from this blabla
class UsersController extends AppController
{
public $components = array('Cookie');
public function beforeFilter()
{
parent::beforeFilter();
App::uses('Utility', 'Utility');
$this->Auth->allow('index');
$this->Security->requireSecure('login'); // for security
$this->Auth->authenticate = array(
'Authenticate.Cookie' => array(
'fields' => array(
'username' => 'email',
'password' => 'password'
),
'userModel' => 'User',
'scope' => array(
'User.active' => 1
)
),
'Authenticate.MultiColumn' => array(
'fields' => array(
'username' => 'email',
'password' => 'password'
),
'columns' => array(
'email',
'mobileNo'
),
'userModel' => 'User'
)
);
}
public function index()
{
$this->layout = 'logindefault';
if (!$this->Auth->login() || !$this->Auth->loggedIn()) {
$this->redirect(array(
'controller' => 'users',
'action' => 'login'
));
} else {
$this->redirect(array(
'controller' => 'users',
'action' => 'dashboard'
));
}
}
public function login()
{
$this->layout = 'logindefault';
$this->set('title_for_layout', 'Account Login');
if ($this->Auth->login() || $this->Auth->loggedIn()) {
$lastLogin = $this->Auth->User('lastLogin');
if ($lastLogin != null) {
$this->redirect($this->Auth->redirect());
} else {
$this->redirect(array(
'controller' => 'Userinfo',
'action' => 'gettingstarted'
));
}
} else {
if ($this->request->is('post')) {
$mobileNo = $this->request->data['User']['email'];
$mobileNo = Utility::addPlusToMobileNo($mobileNo);
$this->request->data['User']['email'] = $mobileNo;
if ($this->Auth->login() || $this->Auth->loggedIn()) {
if ($this->Session->check('Auth.User')) {
$this->_setCookie($this->Auth->user('idUser'));
$lastLogin = $this->Auth->User('lastLogin');
if ($lastLogin != null) {
$this->redirect(array(
'controller' => 'users',
'action' => 'dashboard'
));
} else {
$this->redirect(array(
'controller' => 'Userinfo',
'action' => 'gettingstarted'
));
}
}
} else {
$this->Session->setFlash('Incorrect Email/Password Combination');
}
}
}
}
protected function _setCookie($id)
{
if (!$this->request->data('User.remember_me')) {
return false;
}
$data = array(
'username' => $this->request->data('User.email'),
'password' => $this->request->data('User.password')
);
$this->Cookie->write('User', $data, true, '1 week');
return true;
}
public function logout()
{
$this->Cookie->delete('User');
$this->redirect($this->Auth->logout());
}
Looks like you're already using the SecurityComponent if you want to secure your app use it everywhere. For AJAX forms white list only the fields you need, dont disable the component!
Put App::uses('Utility', 'Utility'); on top of the file
$mobileNo = Utility::addPlusToMobileNo($mobileNo); should happen in the model beforeSave()
If this is supposed to be used world wide I assume you want translations, this is missing the translation method call __() setFlash('Incorrect Email/Password Combination');
Most of the code CAN and should go into the model layer
Are there unit tests? If not add unit tests, specially test validation of data and false data input. You want ~85%+ Code Coverage for unit tests.
You're not following the CakePHP coding standards
There is no way to tell you more than this without being able to access the whole app code and doing a code review (I could do that). For queries, always just query the data you need, check the generated SQL queries, use DebugKit to check the query times to find slow querys and slowly rendering pages.
What im trying to do here is maintain the variable 42 all throughout all pagination urls. I want my url to change from this
/exams/take/42/page:2
to this
/exams/take/42/items/2
Again,the number 42 is the variable..and the number 2 is the page number..Thanks.
UPDATE :
routes.php
Router::connect('/examinations/take/:id/page/:page',
array('controller' => 'examinations', 'action' => 'take'),
array(
'pass' => array('id', 'page'),
'id' => '[0-9]+',
'page' => '[0-9]+'
)
);
in the view/take
$this->Paginator->options(array('url' => $this->passedArgs));
AppController.php
public function beforeFilter(){
if (isset($this->request->params['page'])) {
$this->request->params['named']['page'] = $this->request->params['page'];
}
}
ive tried this ..but the generated url is the same,/examinations/take/42/page:2 ,when i click the next and prev links..
You've to define custom routes:
http://book.cakephp.org/2.0/en/development/routing.html
Example as below:
Router::connect(
'/exams/take/:id/items/:number',
array('controller' => 'exams', 'action' => 'take'),
array('pass' => array('id', 'number'))
);
Also you can get more information from below url try this:
http://www.sakic.net/blog/changing-cakephp-pagination-urls
yes you can do it with the use of custom routing. for more undrestanding you can see cakephp manual to manage custom routing in pagination
http://book.cakephp.org/2.0/en/development/routing.html
below will be your
e.g.
And by adding this route:
Router::connect('/:id/page/:page',
array('controller' => 'examinations', 'action' => 'take'),
array(
'pass' => array('id', 'page'),
'id' => '[0-9]+',
'page' => '[0-9]+'
)
);
and i does not work you can refer link
I'm having the weirdest Cake error with my code. When the code below calls the add() method (also reproduced here and from a different controller), the code redirects him back with a 302 found HTTP code to the edit() action (in essence, to the user it appears as if nothing happens). To further complicate matters, when I call the same URL when I'm not on that page (despite the pages not being reliant on each other), I get redirected to the base of my app, which results in a redirect loop. I tried calling other methods from this controller (with their proper arguments) to see if this was just a problem with the add() action, but I get the same redirect loop. I've already checked all over SE but cannot find a relevant answer.
Here is the relevant code:
function edit($id=null) {
if(!$id) {
$this->Session->setFlash('Invalid!');
$this->redirect(array(
'action' => 'index')
);
}
else {
//Get the slides themselves
$slides = $this->Slide->find('all', array('conditions' => array('Slide.module_id' => $id)));
$this->set('slides', $slides);
//Get the data for the Module
$module = $this->Module->find('first',
array(
'conditions' => array (
'Module.id' => $id
),
'fields' => array(
'Module.module_name',
'Module.id')
)
);
}
}
And here is the add() code (again, from a different module):
function add($module = null) {
if ($this->request->is('get')) {
//Set some variables for the view (this code I know works as it has been used successfully elsewhere
}
else { //User is POSTing
$this->Slide->create();
$this->Slide->save($this->data);
}
}
Thanks to everyone in advance; I couldn't do this without your support!
EDIT: Here is the AppController code:
public $components = array(
'Auth' => array(
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
),
'loginAction' => array(
'controller' => 'users',
'action' => 'login'
),
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
),
'logoutRedirect' => array('/')
),
'Session'
);
public $helpers = array('Html', 'Form', 'Session');
public function isAuthorized() {
return true;
}
public function Controller() {
}
}
I have the following codes in my model. I wish to display both personal and professional. But currently my below codes isnt working as I just added a plus sign to get both. Individually I am able to display both personal OR professional. How can I change the code below to display all results for both personal and professional?
function getAll($in_id){
$this->PassionsUser->id = $in_id;
return $this->PassionsUser->find('all', array(
'conditions' => array(
'PassionsUser.user_id' => $in_id,
'PassionsUser.type' => 'personal'
)
)); + $this->PassionsUser->id = $in_id;
return $this->PassionsUser->find('all', array(
'conditions' => array(
'PassionsUser.user_id' => $in_id,
'PassionsUser.type' => 'professional'
)
));
}
This should work:
function getAll($id){
return $this->PassionsUser->find('all',
array(
'conditions' => array(
'PassionsUser.user_id' => $id,
'PassionsUser.type' => array('personal', 'professional')
)
)
);
}
Otherwise, see cake's OR capabilities in here