CakePHP Logs Me Out Prematurely - cakephp

I have a CakePHP app that seems to be terminating my session on one specific action. I have a page which, when a link is clicked, launches a Fancybox overlay of the iframe type. In that overlay, the user fills out and submits a form. The form is submitted properly, does its work (including sending an email), loads the success view and lets me close the overlay, but as soon as I try to get to any other page, I'm sent to the login screen to reauthenticate.
The value of my Security.level config setting is medium and my Session.timeout is 120, so that shouldn't be the problem. Anyone have any idea what could be creating this?
Thanks.

is it possible that your ajax calls and redirects are not going to the same place, eg www.site.com and site.com? I have had that before and also kept getting logged out.

So this wasn't fun to track down, but it was me being an idiot. Buried in the code was some early-stage code to refresh user data in the authenticated session that wasn't doing what it should have been doing. It was attempting to update the entire Auth.User object directly (e.g. $this->Session->write( 'Auth', $user )) instead of calling the login method.
Once I changed the Session::write() code to $this->Auth->login( $user ), everything lined up nicely. A nice bit of reference material on this subject at http://milesj.me/blog/read/31/Refreshing-The-Auths-Session.

Related

How can I disable "confirm form resubmission" messages?

I have set a search page and it's working properly, But when i click on back in browser then the problem(mention below) appears, So how can i can i disable this.
Confirm Form Resubmission
This webpage requires data that you entered earlier in order to be properly displayed. You can send this data again, but by doing so you will repeat any action this page previously performed. Press Reload to resend that data and display this page.
After processing POST on your page
example.com/mypage.php
use
header('Location: example.com/mypage.php');
In this way the post will not be resubmitted and you wont get the alert from browser.
Use the command line option -disable-prompt-on-repost for Chrome.

Backbone.js: How to utilize router.navigate to manipulate browser history?

I am writing something like a registration process containing several steps, and I want to make it a single-page like system so after some studying Backbone.js is my choice.
Every time the user completes the current step they will click on a NEXT button I create and I use the router.navigate method to update the url, as well as loading the content of the next page and doing some fancy transition with javascript.
Result is, URL is updated which the page is not refreshed, giving a smooth user experience. However, when the user clicks on the back button of the browser, the URL gets updated to that of a previous step, but the content stays the same. My question is through what way I can capture such an event and currently load the content of the previous step and present that to the user? Or even better, can I rely on browser cache to load that previously loaded page?
EDIT: in particular, I'm trying something like mentioned in this article.
You should not use route.navigate but let the router decide which form to display based on the current route.
exemple :
a link in your current form of the registration process :
<a href="#form/2" ...
in the router definition :
routes:{
"form/:formNumber" : "gotoForm"
},
gotoForm:function(formNumber){
// the code to display the correct form for the current url based on formNumber
}
and then use Backbone.history.start() to bootstrap routing

Cakephp One login function / multiple login views

I have one website with a login system. However, I would like the login view to be different depending on what link has the user used to get to the login screen.
Something like:
function login ($from_page = null) {
if (isset($page)) $this->render('login_alternate_view');
else $this->render('login'); //default login view
}
And then each of the login views (login.ctp, login_alternate_view.ctp) would have the login form plus other stuff specific to each one.
Is this possible in some way? I've already tried something like the example above but it doesn't work...
So I fixed it using GET variables:
/users/login?some_var=some_value
And then in the login function I catch that variable's value with:
$this->params['url']['some_var'];
This way I can "customize" my login function depending on the link the user uses
First show the real error message you're talking in the comments about and not "something".
I guess that you want the current page url the user is on when he logs in? How to you generate the modal? Request the whole form via ajax or is it embedded in the page you're on? If it's embedded I would put the current page url the user is on in a hidden field "from" in the login form and check that.

How can a canvas app redirect to another tab such as the Wall?

I'm trying to create a so-called "Welcome Tab" app for a business page. What I want to happen is that either my canvas app displays a message when a vistor hasn't Liked the page, or the normal "Wall" tab when they have.
I've done this by setting my canvas page as the default landing tab and then checking the 'liked' parameter passed by Facebook and my PHP can successfully deterime what it should be doing. As per this extract:
if ($results['page']['liked'] == 1) {
$redirect = $pages[$results['page']['id']]['liked']; } else {
$redirect = $pages[$results['page']['id']]['unliked']; }
header('Location: '.$baseurl.$redirect);
However using header() to load a page which in turn contains a little bit of Javascript to do a "top.location = http://www.facebook.com/pages/xxxxxxx/yyyyyyy?sk=wall" redirection takes a second or so and results in the visitor seeing a blank canvas page briefly and then a full page reload.
However this page https://www.facebook.com/ourcarnoustie seems to be able to instantly display the Wall to Likers, and its own "Welcome" tab to non-Likers without any apparent delay or refresh.
Any suggestions or pointers would be greatly appreciated. Thanks.
Facebook defaults to the wall for people who've liked the page. In fact it's usually the reverse that's requested on how to set the welcome page for everyone :)
For what you're asking you shouldn't need to do anything as that's the behavior.
Hmmm this is funny you posted this cause I've just landed myself with the same issue today.
I'm using this php currently to change my html between 'liked' and 'not liked...
<?php
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["page"]["liked"])) {
//echo 'UNLIKED';
} else {
//echo 'USER HAS LIKED';
}
?>
But I also need to find away some how for the users that have already liked the page, to be redirect to the wall - instead of seeing the welcome app.
Because it's inside an iframe, do you think it's possible?
I also looked at that facebook page with welcome app that you said works, and it does work so must be possible unless its an older app that's not using a iframe to pull in the content.
I've found the answer to my own question.
The Facebook Pages FAQ includes this statement:
Why can't I choose a landing tab for existing followers of my Page?
The default landing tab can only be adjusted for people that are not following your Page. Once they follow your Page, they will see the Page's wall as the default.
So people who LIKE the page are automatically taken to the Wall page regardless of the landing tab selected in the Page settings. Therefore the landing tab app doesn't have to do any of the redirection I have been trying to figure out as Facebook already does it anyway!

CakePHP Spark Plug auth plugin causing redirect loops

I am attempting to use the auth plugin Spark Plug on a new CakePHP 1.3 app at http://sandbox.andrewcroce.com. It is easy enough to set up, but for some reason I am getting redirect loop errors when trying to access anything other than the Users controller.
The plugin successfully allows you to register and login, the database appears to be written correctly. Confirmation emails are sent, and the verification link seems to activate a new user. However I am unable to access any page or controller, other than the Users controller. The result is a redirect loop where http://sandbox.andrewcroce.com/errors/unauthorized is repeatedly requested.
For me this raises 2 questions: if I am logged in successfully, why is it trying to direct me to the unauthorized page? and why the heck does it keep redirecting to iself?
I wonder if this is a configuration setting I am not understanding in the spark plug config, but there isn't much explanation in the comments about what these settings do.
Any help would be appreciated.
I'm not sure about the Spark Plug specifics, but whenever you activate the Auth component you need to make sure you specify which actions are allowed for non-authenticated users, or else any requests for the action will be redirected to whatever your error action is. And then, if you error action isn't allowed, it will throw an error, sending you to... you guessed it, your error action, over and over.
Inside every controller, you need something inside your beforeFilter() method like this:
function beforeFilter() {
parent::beforeFilter();
// Allow all actions
$this->allow(*);
// Only allow view and index
$this->allow('view', 'index');
}
If you don't run the allow() method, you're saying that none of the actions should be available to non-authenticated users. In particular, if you put allow('unauthorized') in your ErrorsController class, the unauthorized action wouldn't redirect in a loop.
There is a table called "user_group_permissions" on spark_plug, for instance if you want to access a controller nameed "posts" and the action "sortBy" (http://localhost/posts/sortby/) then you need to add that permission to the table like this:
INSERT INTO `user_group_permissions` ( `user_group_id`, `plugin`, `controller`, `action`, `allowed`) VALUES
( 3, '', 'posts', 'sortBy', 1)
For this specific case the user_group_id number 3 is "Guest", in other words everybody will be able to access that action in the controller

Resources