I'm trying to set up a simple login system, but I'm having a particular problem that I can't solve. I have the following pages that perform self-explanatory actions. They are bookmarked for easy access.
cake/ (home page; must be logged in)
cake/login (must be logged in)
cake/logout (must be logged in)
cake/add (must be logged in)
All seems to work except when I preform the following sequence of actions:
1. log in
2. go to cake/logout to log out (login works immediately after this step)
3. go to cake/logout again immediately
4. attempt to log in but cake/login is just re-displayed and I'm not logged in
5. attempt to log in again and it is successful
I have noticed that $this->Session->flash('auth') is FALSE after step 3 but it is not false after 4. I tried destroying the session before or after logging out with no effect. Any ideas?
My code bits are below:
class UsersController extends AppController {
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('add');
}
public function add() {
if (!empty($this->data)) {
$this->User->create();
if ($this->User->save($this->data)) {
$this->Session->setFlash('User created!');
$this->redirect(array('action'=>'login'));
} else {
$this->Session->setFlash('Please correct the errors');
}
}
}
public function login() {
}
public function logout() {
$this->Session->destroy(); // makes no difference
$this->redirect($this->Auth->logout()); // redirected to login() by default
}
}
class AppController extends Controller {
public $components = array('Auth', 'Session');
}
I think that you are being redirected to the logout screen after your login.
When you go to a page you don't have access to (like the logout screen), you are redirected to login.
Once you enter name and password, you are taken back to your original request.
When that original request happens to be the logout page, logout occurs and you are sent back to the login.
Related
good day everyone, regarding auth component I am doing some tests to understand better the tool, in a probe of concept i want that an authenticated admin user be authorized to access any action, but if the authorized user has the "supervisor" role only be able to the actions index, view and edit in the "RequestsController.php", I am trying this approach:
1) allow everything for admin role and deny everything for anyone else in AppController.php.
2) Allow explicitly "supervisor" in "RequestsController.php" and deny any other role.
The doubt is that after some tests what happens is that if I authorize the admin user just in AppController.php the redirects only allows me to go to /webroot/, but If I allow the admin role in RequestsController.php. I can see requests without problem
IsAuthorize method in AppController
public function isAuthorized($user)
{
//privileges 1 means admin
if ($user['privileges']==1){
debug($user);
return true;
} else {
debug($user);
return false;
}
}
IsAuthorize method in Requests Controller
public function isAuthorized($user)
{
//privileges 9 means supervisor
if ($user['privileges']==9){
debug($user);
$action = $this->request->getParam('action');
if (in_array($action, ['index', 'view', 'edit'])) {
debug($user);
return true;
}
return false;
} else {
debug($user);
return false;
}
}
As I am not clear in the order that the isAuthorized function is handled, or why the redirect to the Request (even if it is "AppController.php" or "RequestsController.php") So this makes me think that I'll have to explicity authorize the admin role in all controllers
When using ControllerAuthorize, AuthComponent will call isAuthorized() method only on active controller. So, in your example, when requesting any action from RequestsController, only RequestsController::isAuthorized() will be called, disallowing access to users which has priviledge other than 9.
If you want to allow admin users to access as well, you should change your RequestsController::isAuthorized() as follows:
public function isAuthorized($user)
{
//privileges 9 means supervisor
if ($user['privileges']==9){
debug($user);
$action = $this->request->getParam('action');
if (in_array($action, ['index', 'view', 'edit'])) {
debug($user);
return true;
}
return false;
} else {
debug($user);
return parent::isAuthorized($user); //changed this line
}
}
Additional info: CakePHP 3.x AuthComponent - Authorization
Simple question
Here is the Auth related code in my AppController that all my Controllers inherit from.
class AppController extends Controller {
public $components = array(
'DebugKit.Toolbar',
'Session',
'Auth'=>array(
//destination after logging in, or auto friendly fowarding depending on what user was trying to access
'loginRedirect'=>array('controller'=>'Access', 'action'=>'login'),
'logoutRedirect'=>array('controller'=>'Access', 'action'=>'logout'),
'authError'=>'You cannot access that page', //Error message whenever someone access a page without auth
'authorize'=>array('Controller') //Where in our application that authorization will occur
)
);
Here is my Access Controller that is supposed to control the logins and logouts
class AccessController extends AppController {
public $helpers = array('Html', 'Form', 'Session', 'Js' => array('Jquery'));
public function index() {
echo "index";
}
public function login() {
$this->layout = 'login';
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash('Your username/password combination was incorrect');
}
}
}
public function logout() {
$this->redirect($this->Auth->logout());
}
Anytime I try to access a page so that the login page is prompted, the browser gives me an error:
The action login is not defined in controller UsersController
Now I am using UsersController for some other purpose (not for logging in and logging out) which is why i specified the AccessController in my AppController for the login/logout redirects.
Why is trying to pull up UsersController?
I think i have fixed it. This website supports my claim
http://boulderinformationservices.wordpress.com/2013/04/25/cakephp-logoutredirect-is-not-the-same-as-loginaction/
I had to add a loginAction to my Auth array to lead to the login screen. Apparently loginRedirect is not what I thought it was.
class AppController extends Controller {
public $components = array(
'DebugKit.Toolbar',
'Session',
'Auth'=>array(
//destination after logging in, or auto friendly fowarding depending on what user was trying to access
'loginRedirect'=>array('controller'=>'access', 'action'=>'login'),
'loginAction'=>array('controller'=>'access', 'action'=>'login'),
'logoutRedirect'=>array('controller'=>'access', 'action'=>'logout'),
'authError'=>'You cannot access that page', //Error message whenever someone access a page without auth
'authorize'=>array('Controller') //Where in our application that authorization will occur
)
);
I am using cakephp 1.3.I want to prevent the admin to access the front-end action.
I am using croogo cms.Is there any configuration settings or anything else by which admin can't visit the front end ?
for example:
Suppose there is any controller named shop, and there are two actions 'buy' and 'detail':
class ShopController extends AppController {
....
....
function beforeFilter() {
$this->Auth->allow(array('detail'));
parent::beforeFilter();
}
function detail() {
$detail= $this->shop->find('first');
...
}
function buy() {
$buy= $this->shop->find('first');
...
}
}
Now when admin is login from admin-panel and comes on http://embidomain.com/shop/detail page he can visit this page but when he goes to shop/buy, then he will asked for login.
I'm trying to use the Auth component only for viewing the progress report of a student. For all other links, authentication is not required. For the discussion board i already have a separate forum plugin.
When the user clicks the progress report link on the navigation bar, the user is directed to /merry_parents/register. Here, new users will click on signup link and existing users will click on login link.
However, my signup link is not working. I'm not being directed to the signup page when I click on signup. What am I doing wrong? any help is much appreciated.
The following is my code:
register.ctp
<?php
echo $this->Html->link('Sign Up','/merry_parents/signup').' for new user |'.$this->Html->link('Login','/merry_parents/login',array()).' for existing user';
?>
merry_parents_controller.php
<?php
class MerryParentsController extends AppController{
var $name='MerryParents';
var $components=array('Auth','Session');
function beforeFilter(){
//$this->Auth->authorize='actions';
$this->Auth->loginAction=array('controller'=>'merry_parents','action'=>'register');
//$this->Auth->loginRedirect=array('controller'=>'merry_parents','action'=>'report_card');
}
function register(){
}
function login(){
}
function logout(){
}
function signup(){
if (!empty($this->data)){
//$this->Auth->password($this->data['MerryParent']['password2'] used to get what the hashed password2 would look like.
if ($this->data['MerryParent']['password']==$this->Auth->password($this->data['MerryParent']['password2'])){
$merryparent_id=$this->MerryParent->field('id',
array('MerryParent.name'=>$this->data['MerryParent']['name'],
'MerryParent.email'=>$this->data['MerryParent']['email'])
);
echo $merryparent_id;
print_r($this->data);
if ($this->MerryParent->save($this->data))//record with $merryparent_id is updated
{
$this->Session->setFlash('You will be receiving an email shortly confirming your login and password.');
$this->Auth->login($this->data); //automatically logs a user in after registration
$this->redirect(array('controller'=>'pages','action'=>'home'));
}
else
echo $this->Session->setFlash(__('Your admission could not be saved, please try again!',true));
}//end if ($this->data['MerryParent']['password']....
else
echo $this->Session->setFlash('Typed passwords did not match');
}//end if (!empty($this->data))
}
}
?>
You have to use following code in your MerryParentsController controller.
function beforeFilter() {
$this->Auth->allow('signup');
}
This will allow your register method to get register.
For more information please read http://book.cakephp.org/view/1255/AuthComponent-Methods
Where is the best place to insert the code to save the user's last login? I am using the CakePHP Auth login system in almost the standard implementation in the manual.
Where can I insert the code so that it will save to the User record just before Auth redirects after login?
You need to disable AuthComponent::autoRedirect if you wish for the code in your UsersController::login() method to execute:
public $components = array(
'Auth' => array(
// ...
'autoRedirect' => false,
),
);
You can then do this in your login action, but you will still need to perform the redirect manually:
public function login() {
if ($this->Auth->user()) { // check user is logged in
$this->User->id = $this->Auth->user('id'); // target correct record
$this->User->saveField('last_login', date(DATE_ATOM)); // save login time
$this->redirect($this->Auth->redirect()); // redirect to default place
}
}