Develop Reference

CakePHP login redirects users back to login page (IE11 and Edge)

I have a CakePHP application (v 2.7), which contains a fairly standard login element using the Auth component. This works fine for the majority of users, however, a handful of users are reporting that they cannot sign in - when they attempt to do so they are redirected back to the login page, with no error message.
I have built some logging in to the site to check what is happening and it seems that the login is going through fine (everything in my login action is logged working as desired) until they hit the redirect part of the code, then they are not redirected to the intended page.
All the users who are having problems seem to be coming to the site through the same company network - not sure if that's of relevance or not! However, all have cookies enabled (I have added a script to display an error if they are not enabled).
I have tested the site in IE11, Edge 11, 12 + 13 (the browsers that users appear to be having issues with) but cannot replicate the issue, regardless of the security settings on the browser.
Could this issue be related to settings in the network that the users are accessing the site from? Are there any settings I should try to get them to check? Sorry - I'm pretty stumped by this one, as I just cannot replicate it, any pointers towards the questions I should be asking would be useful.
The relevant sections of my code are below. If there are any bits that would be helpful please let me know.
Thanks in advance for any help.
In the AppController (components)
public $components = array(
'Session',
'Cookie',
'Security' => array(
'csrfExpires' => '+300 minutes',
'csrfUseOnce' => false
),
'Auth' => array(
'loginAction' => array('controller' => 'users', 'action' => 'login', 'admin' => false),
'loginRedirect' => array('controller' => 'course_sections', 'action' => 'index', 'admin' => false),
'logoutRedirect' => array('controller' => 'website_pages', 'action' => 'view', 'home', 'admin' => false),
'authorize' => array('Controller'),
'authenticate' => array(
'all' => array(
'scope' => array('User.is_archived' => 0, 'Client.is_active' => 1),
'contain' => array('UserGroup'),
'passwordHasher' => 'Blowfish'
),
'Form' => array(
'fields' => array(
'username' => 'email',
'password' => 'password'
)
)
),
'Acl'
);
In the UsersController
public function login(){
// If user has submitted the form
if ($this->request->is(array('post', 'put'))) {
if ($this->Auth->login()) {
$this->log('Successfully logged in. Cookie Status: ' . $this->request->data['User']['cookies'], $this->Auth->user('public_id'));
// Redirect
return $this->redirect($this->Auth->redirectUrl());
} else {
// Log failed login attempt
$this->log('Unsusccessful login attempt using email: ' . $this->request->data['User']['email'], 'nosuccess');
$this->Session->setFlash($this->FlashMessage->translateFlash('invalid_login', false));
}
}
}
I am using database backed sessions, but the issue is the same whether using these or PHP ones.

CakePHP session refreshes at each request

I'm working on my first app w/ CakePHP 2.3 and I'm having an issue where I can login (no auth errors), but my session isn't sticking around so I'm sent back to the login page when the Auth->redirect() is called. I'm sure I'm just missing a setting or have something configured slightly wrong, but I haven't been able to find it.
# core.php
# session record is written the the database, but the same record's id changes w/ every request
Configure::write('Session', array(
'defaults' => 'database',
));
Configure::write('Security.level', 'medium');
I've tried tweaking the various Session.X parameters, but nothing has made any difference. I'm using bcrypt authentication with the following settings in my AppController:
'Auth' => array(
'authenticate' => array(
'Blowfish' => array(
'fields' => array( 'username' => 'email' ),
'scope' => array( 'active' => '1' )
),
),
'authorize' => array( 'Controller' ),
'loginAction' => array( 'admin' => false, 'controller' => 'users', 'action' => 'login' ),
'loginRedirect' => array( 'admin' => true, 'controller' => 'activities', 'action' => 'index' ),
'logoutRedirect' => array( 'admin' => false, 'controller' => 'users', 'action' => 'login' ),
),
What piece am I missing?
UPDATE
Realizing that this is only happening in my dev environment, I compared my Cake config (database, core, bootstrap) and php.ini values -- no differences. I'm stumped.

Holy Headslap, Batman.
So here's the issue. I'm storing sessions in the database. Somewhere, somehow, an (obviously) automated process changed the cake_sessions.data field to cake_sessions.DATA. Although I've looked at the database a thousand times while debugging this, I just noticed that difference.
Problem solved.
Moral of the story: Developers, don't let your database field names grow up and change case.

You need to set 'Session' as a component too.

How to know webroot in core.php

I'm using CakePHP 2.3.1.
Our server has some independent applications in one server. So I want to change session.cookie_path setting following the Cookbook :
Configure::write('Session', array(
'defaults' => 'php',
'ini' => array(
'session.cookie_path' => '/app/dir'
)
));
I could change it successfully with this. But here is a problem. I need to set session.cookie_path value to webroot dynamically (without string literal value such as '/app/dir').
I've tried to use $this->webroot following this Q&A, but of course it does not work because there is no controller in the file app/Config/core.php.
Any ideas?

I realized a php variable is available : $_SERVER['REQUEST_URI'].
So I could solve the problem.
$requestURI = $_SERVER['REQUEST_URI'];
$webroot = preg_replace('/(^\/[^\/]+\/).*$/', '$1', $requestURI);
//echo $webroot;
Configure::write('Session', array(
'defaults' => 'cake',
'ini' => array(
'session.cookie_path' => $webroot // looks like '/app/'
)
));
But this solution does not have reusability enough : it would not work for apps located in deeper directories such as /apps/app1/.
I'm still awaiting a better solution.

Error Loading Views After Changing Route Value of module.config.php - Zend Framework

This question is regarding Zend Framework application version: 2.1.3. I, the developer, am new to Zend Framework and would greatly value your assistance.
I was making a module for a 'Donor Management System' of a church. The module I am working on is called the 'QueryBuilder'. Previous modules were fine and works great. I use the Zend Helper for Sublime Text and it generated some thing similar for the module.config.php
<?php
/**
*
* #package QueryBuilder
*/
return array(
'controllers' => array(
'invokables' => array(
'QueryBuilder\Controller\QueryBuilder' => 'QueryBuilder\Controller\QueryBuilderController',
),
),
// The following section is new and should be added to your file
'router' => array(
'routes' => array(
'querybuilder' => array(
'type' => 'segment',
'options' => array(
'route' => '/querybuilder[/:action][/:id]',
'constraints' => array(
'action' => '[a-zA-Z][a-zA-Z0-9_-]*',
'id' => '[0-9]+',
),
'defaults' => array(
'controller' => 'QueryBuilder\Controller\QueryBuilder',
'action' => 'index',
//'action' => 'search',
//'action' => 'recent',
),
),
),
),
),
'view_manager' => array(
'template_path_stack' => array(
'querybuilder' => __DIR__ . '/../view',
),
),
);
?>
Determined to have a little bit of fun after making some successful modules, I changed the router as follows.
<?php
/**
*
* #package QueryBuilder
*/
return array(
'controllers' => array(
'invokables' => array(
'QueryBuilder\Controller\QueryBuilder' => 'QueryBuilder\Controller\QueryBuilderController',
),
),
// The following section is new and should be added to your file
'router' => array(
'routes' => array(
'querybuilder' => array(
'type' => 'segment',
'options' => array(
'route' => '/query-builder[/:action][/:id]',
'constraints' => array(
'action' => '[a-zA-Z][a-zA-Z0-9_-]*',
'id' => '[0-9]+',
),
'defaults' => array(
'controller' => 'QueryBuilder\Controller\QueryBuilder',
'action' => 'index',
//'action' => 'search',
//'action' => 'recent',
),
),
),
),
),
'view_manager' => array(
'template_path_stack' => array(
'querybuilder' => __DIR__ . '/../view',
),
),
);
?>
Note: Only the route value was changed from /querybuilder... to /query-builder.... When I tried to access the route http://konnections/query-builder I got some error but I didn't go through it.
Wondering why I wan't to be a hero, I changed the value back to its defaults. And tried to load http://konnections/querybuilder but it also gave an error.
Zend\View\Renderer\PhpRenderer::render: Unable to render template "query-builder/query-builder/index"; resolver could not resolve to a file
No where in the code of the module you could find the words query-builder. So common sense says there can be no way query-builder/query-builder/index needs to be accessed.
Thinking it might be some caching, I looked for it in the entire application folder. Then I restarted Apache, the computer, deleted and made a new Module with the same name QueryBuilder and still the error is there.
Note: This is a plugin that was done nothing with. I only changed the route value thinking it will make the URL look neater.
Here is what I end up with [Image]:
Nope, this is not IE, because I tried in Chrome (which didn't access the query-builder url) as well.
The whole of Zend Folder (the root of the website) has no reference to query-builder. Where does it come from and how can I change it?
Thanks in advance.

from ZF1 series (http://framework.zend.com/manual/1.12/en/zend.controller.basics.html), ZF2 is the same but not found this description on manual.
Case Naming Conventions
Since humans are notoriously inconsistent at maintaining case sensitivity when typing links, Zend Framework actually normalizes path information to lowercase. This, of course, will affect how you name your controller and actions... or refer to them in links.
If you wish to have your controller class or action method name have multiple MixedCasedWords or camelCasedWords, you will need to separate those words on the url with either a '-' or '.' (though you can configure the character used).
As an example, if you were going to the action in FooBarController::bazBatAction(), you'd refer to it on the url as /foo-bar/baz-bat or /foo.bar/baz.bat.

I am Ziyan, the one who asked the question in the first place.
After not finding a solution in Google, I wondered in to making another module and ended up with the same plight. Confused I made a new installation of Zend Framework and made a module with the same name.
Zend\View\Renderer\PhpRenderer::render: Unable to render template "query-builder/query-builder/index"; resolver could not resolve to a file did not go away.
Knowing it is not some thing like reconfiguration, I looked closer.
It seemed to put a dash between every word. I was like Zend is insane! But no, it seems to be splitting the Module name from each upper case letter and adjoining them using a '-' (dash).
In my case QueryBuilder becomes query-builder or plugin named HelloModules would be hello-modules.
So the view manager seems to be looking for ../views/query-builder/query-builder/index.
In my case, ZF Helper for Sublime text needs to look in to the situation. If you could fix the plugin at GitHub it would be great. I will give a try my self.
I couldn't find any proof for my claiming and no time to go through the source codes. Would be glad if some one provide some links.

CakePHP 2.0: ACL not working

I have used ACL in CakePHP 1.3 without a single issue, after 2 weeks of bitter frustrations it still does not work in CakePHP 2.0.
I have followed the Cake ACL tutorial EXACTLY, but nothing happens. All Aros are in correctly, same for ACOS and permissions.
After all this, I can enter all denied actions without a problem.
Hereby my AppController:
public $components = array('Acl','Auth'=> array(
'authenticate' => array(
'Actions',
'Form' => array(
'fields' => array('username' => 'email')
),
)
), 'Session', 'MathCaptcha', 'RequestHandler');
In my BeforeFilter:
$this->Auth->actionPath = 'controllers';
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
$this->Auth->logoutRedirect = array('controller' => 'pages', 'action' => 'home');
$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'profile');
$this->Auth->allow('display');
Does someone have an idea what goes wrong. Thanks!

In CakePHP 2.0 I've made this way:
app/Controller/AppController.php
class AppController extends Controller {
public $components = array(
// others components...
'Session',
'Acl',
'Auth'=> array(
// Setting AUTHORIZATION "What can you do?"
'authorize' => array(
'Actions' => array(
'actionPath' => 'controllers'
)
),
// Setting AUTHENTICATION "Who are you?"
'authenticate' => array(
'Form' => array(
'fields' => array(
'username' => 'email', 'password' => 'password'
)
)
)
)
);
// other stuffs...
With this aproach, ACL will make all dirty job. Is not necessary to check permitions, as you probably know.
I believe you are Ok about AROs and ACOs, not big deal. Just in case:
http://book.cakephp.org/2.0/en/tutorials-and-examples/simple-acl-controlled-application/simple-acl-controlled-application.html#simple-acl-controlled-application
The CakeBook for 2.0 shows a Console plugin called AclExtras that build your ACOs. Your AROs will be built as users and groups are added/deleted. I've used this plugin to generate AROs regarding my already filled tables: http://www.alaxos.ch/blaxos/pages/view/plugin_acl. This works fos 1.3, but there is a beta version for 2.0 that works ok.
After that, You must set up permitions. Manually (or from Console) as this links describes: http://book.cakephp.org/2.0/en/tutorials-and-examples/simple-acl-controlled-application/part-two.html#setting-up-permissions. Or visually with Alaxos's Plugin.
I hope this help! It's worked for me. I'm using CakePHP 2.0.2

The Auth component changed quite a bit from CakePHP 1.3 to 2.0. I bumped into similar issues migrating an app from 1.3 to 2.0. I found that setting the authorize option was where I needed to make my change:
In beforeFilter:
$this->Auth->authorize = array(
'Actions' => array(
'userModel' => 'User',
'actionPath' => 'users'
)
);
The userModel was the model class used in the Aro table. The actionPath is the root level of the actions that Acl checks in the Aco table.
You may also want to deny then allow:
$this->Auth->deny('*');
$this->Auth->allow('display');
Hope this helps.