cakephp: cupcake forum login function bug - cakephp

I'm trying to get cupcake forum plugin's login function to work.
In the users_controller.php,
since the $user variable in the login function was not populated, it was giving errors. So I modified the login function as below:
public function login() {
if (!empty($this->data)) {
$this->User->set($this->data);
$this->User->action = 'login';
//--------------code that i added--------------
$username=$this->data['User']['username'];
$password=$this->data['User']['password'];
$user=$this->User->find('all',array(
'condition'=>array(
'User.username'=>$username,
'User.password'=>$password
)));
print_r($user);
//------------------------------------------------------------------------
if ($this->User->validates()) {
if ($user == $this->Auth->user()) {
$this->User->login($user);
$this->Session->delete('Forum');
$this->redirect($this->Auth->loginRedirect);
}
else
echo('i\'m not auth user');
}
else
echo('not validated');
}
$this->Toolbar->pageTitle(__d('forum', 'Login', true));
}
print_r($user) displays all the users from User model.
By right it should be displaying only the data of the user who has logged in. How can I achieve that? I'm clueless and this is driving me insane.

$user=$this->User->find('all',array(
'condition'=>array( // here
'User.username'=>$username,
'User.password'=>$password
)));
You have a typo - it should be conditions
As the key is invalid, Cake won't recognise it and just ignores it - so returns all your users.

Related

Auto login after registration in CakePHP 1.3

I create a new User with this code:
controller:
$this->User->createUser($this->data)
Model:
function createUser(){
$this->create();
}
After that I want to login the user. I already tryed this (in the controller):
$this->Auth->login($this->data);
$this->redirect('home');
Unfortunately it does not work that way. Am I doing something wrong?
For cake1.3
In your controller
$id = $this->User->createUser($this->data);
$this->data['User'] = array_merge($this->data['User'], array('id' => $id));
$this->Auth->login($this->data);
$this->redirect('home');
Model
before creating user you've to hash the user entered password and then save into the database
function createUser($data){
$data['User']['password'] = md5($data['User']['password']);
$this->save();
return $this->id; // return id of last saved record
}

cakephp error login when I type a wrong url

This is my problem: I have a admin area and I protect it by a login with name and password .
When I type the url I mean something like that localhost/admin/area it redirect to localhost/user/admin
The problem is if I type a wrong address like localhost/admin/545It toke me to the admin area and an error in ControllerThis is my code:
AppController:
function beforeFilter()
{
$this->Auth->loginAction = array('controller'=>'users','action'=>'login','admin'=>false);
$this->Auth->authorize = array('Controller');
if(!isset($this->request->params['prefix']))
{
$this->Auth->allow();
}
if(isset($this->request->params['prefix']) && $this->request->params['prefix'] == 'admin')
{
$this->layout = 'admin';
}
}
function isAuthorized($user)
{
if(!isset($this->request->params['prefix']))
{
return true;
}
}
menu:
<?php
$pages = $this->requestAction(array('controller'=>'pages','action'=>'menu','admin'=>false)); ?>
<img class="title" src="/img/title.png" alt="studio">
<ul class="menu">
<?php foreach($pages as $k => $v): $v = current($v);?>
and the rest of code is:
function for login:
function login()
{
if ($this->request->is('post'))
{
if ($this->Auth->login())
{
return $this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash("Votre login ou votre mot de passe ne correspond pas");
}
}
}
I think you may be getting confused on the URLs in CakePHP. Here I will cover how they work. I will assume that you have admin routing turned on.
localhost/admin/area
This url is saying take me to the admin_index method in the area controller.
localhost/admin/545
This url is saying take me to the admin_index method in the 545 controller.
If the controller does not exist, you are going to get an area. If you are trying to get to a specific user_id, you may be looking for:
localhost/admin/user/view/545
This will attempt to route the user to the admin_view method in the user controller and pass the 545 user_id. If the user does not have permission to view this, they will be redirected to the login.

$this-Session->destroy() is not destroying the session? v. cakephp 2.0

my UserController.php has logout function that looks like this
function logout()
{
$this->Session->destroy('User');
$this->Session->setFlash('You\'ve successfully logged out.');
var_export($this->Session->read('User'));
//$this->redirect('login');
}
my view Users/index.ctp
<?php echo $this->Html->link('Logout', array('controller' => 'users', 'action' => 'logout')); ?>
When I click "log out" the var_export still displays all the User data and if I go back to Users/index.ctp it still shows me that page even though in my my UserController.php I am checking if User is set
function beforeFilter()
{
$this->__validateLoginStatus();
}
function __validateLoginStatus()
{
if($this->action != 'login' && $this->action != 'logout')
{
if($this->Session->check('User') == false)
{
$this->redirect('login');
}
}
It does not redirect to login page and just brings me to index page.
}
$this->Session->destroy();
The destroy method will delete the session cookie and all session data stored in the temporary file system.
User to remove, use better delete.
$this->Session->delete('User');
If you use the AuthComponent to authenticate the users, you can log them out by using the logout() method.
$this->Auth->logout();
See http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#logging-users-out for Cake 2 or http://book.cakephp.org/1.3/en/view/1262/logout for Cake 1.3
And if you don't use the AuthComponent at all, you should maybe have a look at it as it contains out of the box many functionalities that you have already or will likely implement yourself.

cakephp: signup link on register page not working

I'm trying to use the Auth component only for viewing the progress report of a student. For all other links, authentication is not required. For the discussion board i already have a separate forum plugin.
When the user clicks the progress report link on the navigation bar, the user is directed to /merry_parents/register. Here, new users will click on signup link and existing users will click on login link.
However, my signup link is not working. I'm not being directed to the signup page when I click on signup. What am I doing wrong? any help is much appreciated.
The following is my code:
register.ctp
<?php
echo $this->Html->link('Sign Up','/merry_parents/signup').' for new user |'.$this->Html->link('Login','/merry_parents/login',array()).' for existing user';
?>
merry_parents_controller.php
<?php
class MerryParentsController extends AppController{
var $name='MerryParents';
var $components=array('Auth','Session');
function beforeFilter(){
//$this->Auth->authorize='actions';
$this->Auth->loginAction=array('controller'=>'merry_parents','action'=>'register');
//$this->Auth->loginRedirect=array('controller'=>'merry_parents','action'=>'report_card');
}
function register(){
}
function login(){
}
function logout(){
}
function signup(){
if (!empty($this->data)){
//$this->Auth->password($this->data['MerryParent']['password2'] used to get what the hashed password2 would look like.
if ($this->data['MerryParent']['password']==$this->Auth->password($this->data['MerryParent']['password2'])){
$merryparent_id=$this->MerryParent->field('id',
array('MerryParent.name'=>$this->data['MerryParent']['name'],
'MerryParent.email'=>$this->data['MerryParent']['email'])
);
echo $merryparent_id;
print_r($this->data);
if ($this->MerryParent->save($this->data))//record with $merryparent_id is updated
{
$this->Session->setFlash('You will be receiving an email shortly confirming your login and password.');
$this->Auth->login($this->data); //automatically logs a user in after registration
$this->redirect(array('controller'=>'pages','action'=>'home'));
}
else
echo $this->Session->setFlash(__('Your admission could not be saved, please try again!',true));
}//end if ($this->data['MerryParent']['password']....
else
echo $this->Session->setFlash('Typed passwords did not match');
}//end if (!empty($this->data))
}
}
?>
You have to use following code in your MerryParentsController controller.
function beforeFilter() {
$this->Auth->allow('signup');
}
This will allow your register method to get register.
For more information please read http://book.cakephp.org/view/1255/AuthComponent-Methods

CakePHP: Prevent Auth component's "authError" message on homepage

I have a CakePHP project where I modified "app/config/routes.php" so that the root points to the "Users" controller's "dashboard" action. In other words, these two URLs go to the same place:
http://example.com/
http://example.com/users/dashboard
I have the "Auth" component set up in my "App" controller like so:
class AppController extends Controller {
var $components = array('Auth', 'Session');
function beforeFilter() {
$this->Auth->authorize = 'controller';
$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'dashboard');
if ($this->Auth->user()) {
$this->set('logged_in', true);
}
else {
$this->set('logged_in', false);
}
}
}
I want it so that if a non-authenticated user goes straight to http://example.com/users/dashboard , they are taken to the login page with the "Auth" component's "authError" message showing, but if they go to http://example.com/ , they are taken to the login page without the "Auth" component's "authError" message showing. Is this possible?
I resolved this by putting the following code in my "Users" controller's "login" action:
if ($this->Session->read('Auth.redirect') == $this->webroot && $this->Session->read('Message.auth.message') == $this->Auth->authError) {
$this->Session->delete('Message.auth');
}
been looking for somthing like that for a long time! Thank you.
I had to make a little change then $this->webroot is not "/":
if (str_replace("//","/",$this->webroot.$this->Session->read('Auth.redirect')) == $this->webroot && $this->Session->read('Message.auth.message') == $this->Auth->authError) {
$this->Session->delete('Message.auth');
}
Well, I don't understand why sometimes you show the error and why sometimes not.. but you can afford this creating an isAuthorized method and modifying all the logic of the default AuthComponent behavior.
Open your Auth component and check for method "startup()". There, at it's last line, you will se this:
$this->Session->setFlash($this->authError, $this->flashElement, array(), 'auth');
$controller->redirect($controller->referer(), null, true);
This is the part responsible for displaying the error.
Before it, you will se...
if ($this->isAuthorized($type)) {
return true;
}
So you can change your isAuthorized method to change this message when you want.
Is a lot of work for (I think..) nothing.
PS. There may be a simpler way to be ignoring me
If you really wants to prevent authError message on homepage and simple redirect to login page then you have to put false as parameter of authError
class AppController extends Controller {
public function initialize() {
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authError' => false
]);
}
}

Resources