i am looking for a way how i (logged in as Administrator) can log me in as a specific user (that i select from a list of users, list is already present) onclick without knowing it's password?
All users have different passwords, so equal passwords are not an option.
OK, Question closed. Here is the solution:
P.S. group with id 2 is my Admin Group.
function loginasuser($user_id = null) {
if (!$user_id) {
$this->Session->setFlash(__('Invalid User.', true));
$this->redirect(array('action'=>'index'));
}
$data = $this->Auth->user();
if($data['User']['group_id'] == 2 || $_SESSION['Auth']['Admin']['id']==$user_id) {
$user_data = $this->User->find('first', array('conditions' => array('User.id' => $user_id)));
if ($user_data['User']['group_id']==2 && $user_data['User']['id']<>$_SESSION['Auth']['Admin']['id']) {
$this->Session->setFlash(__('You can only log in as user', true));
$this->redirect($this->Auth->redirect('/users'));
}
$_SESSION['Auth']['User']['id']=$user_data['User']['id'];
$_SESSION['Auth']['User']['username']=$user_data['User']['username'];
$_SESSION['Auth']['User']['group_id']=$user_data['User']['group_id'];
$_SESSION['Auth']['User']['client_id']=$user_data['User']['client_id'];
$_SESSION['Auth']['User']['created']=$user_data['User']['created'];
$_SESSION['Auth']['User']['modified']=$user_data['User']['modified'];
$_SESSION['Auth']['Admin']['id']=$data['User']['id'];
if($_SESSION['Auth']['User']['group_id']==2) {
$this->redirect($this->Auth->redirect('/ADMINHOME'));
}
else {
$this->redirect($this->Auth->redirect('/USERSHOME'));
}
}
else {
$this->Session->setFlash(__('Only admins are alowed to do so!', true));
$this->redirect(array('action'=>'index'));
}
}
And to go back as admin, you could do:
<? if($_SESSION['Auth']['Admin']['id']>0) { ?>
Go Back as Admin<? }
You can use "username" (email Id) to create session.
On Onclick , trigger an Ajax call, pass the username and set the session using that username.
(Just trigger this call when admin change the selection box, onChange(this.value))
Then just redirect user to end user home page. Put a link to come back to admin dashboard. This helps admin can login as other user.
(Use different session namespace for admin and end user)
$_SESSION['user'] for end user and $_SESSIION['admin'] for admin user.
Related
I want to record a user's last login, so I'm doing some fairly standard things. In my UsersController:
if ($this->Auth->login()) {
$this->User->id = $this->Auth->user('id');
$this->User->saveField('last_login', date(DATE_ATOM));
$this->Session->setFlash('Yay!'));
$this->redirect( $this->Auth->redirectUrl() );
}
Also, I have set 'autoRedirect' => false in my AppController, which is required so the data will save. The problem is, the user is not taken back to the page they were on, before they went to the login page.
What happens is, the login page thinks for some reason that the referrer was the login page, which results in the user getting kicked back to the "home page" of my app.
I'm mystified. How can I ensure that on log in, the user is taken to the page they were on prior to going to the login screen, with 'autoRedirect' => false?
This seems to be the most reliable approach.
The link to the login page:
echo $this->Html->link('Login', '/login?redirect='.$this->here);
In the login form:
echo $this->Form->input('redirect', array('type' => 'hidden', 'value' => $this->request->query['redirect']));
In the login action in the controller
if (isset($this->request->data['User']['redirect'])) {
$this->redirect( $this->request->data['User']['redirect'] );
} else {
$this->redirect( $this->Auth->redirectUrl() );
}
I have two types of users and right now i dont want to use ACL. With Auth Component i want to achieve the following
login() -> allows users to login and access the general part of the site
admin_login -> allows the admin to access the admin_{actions} part of the website.
When i do a Admin Login -> i want to check if group_id = 1 in the Users Module and only allow them to login to the admin section of the website.
function admin_login(){
$this->layout = 'admin_login';
if($this->request->is('post')) {
if($this->Auth->login()) {
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Invalid username and password, try again'));
}
}
}
How to check if the group_id = 1 when the user logs in ?
I would do something like this:
function admin_login(){
$this->layout = 'admin_login';
if($this->request->is('post')) {
if($this->Auth->login()) {
// If here because user is logged in
// Check to see if group_id is 1
if($this->Auth->user('group_id') == 1){
//$this->redirect($this->Auth->redirect());
$this->redirect('/admin/dashboards'); //Example
}else{
// In case a user tries to login thru admin_login
// You should log them in anyway and send them to where they belond
$this->redirect('/users/account');
}
} else {
$this->Session->setFlash(__('Invalid username and password, try again'));
}
}
}
my UserController.php has logout function that looks like this
function logout()
{
$this->Session->destroy('User');
$this->Session->setFlash('You\'ve successfully logged out.');
var_export($this->Session->read('User'));
//$this->redirect('login');
}
my view Users/index.ctp
<?php echo $this->Html->link('Logout', array('controller' => 'users', 'action' => 'logout')); ?>
When I click "log out" the var_export still displays all the User data and if I go back to Users/index.ctp it still shows me that page even though in my my UserController.php I am checking if User is set
function beforeFilter()
{
$this->__validateLoginStatus();
}
function __validateLoginStatus()
{
if($this->action != 'login' && $this->action != 'logout')
{
if($this->Session->check('User') == false)
{
$this->redirect('login');
}
}
It does not redirect to login page and just brings me to index page.
}
$this->Session->destroy();
The destroy method will delete the session cookie and all session data stored in the temporary file system.
User to remove, use better delete.
$this->Session->delete('User');
If you use the AuthComponent to authenticate the users, you can log them out by using the logout() method.
$this->Auth->logout();
See http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#logging-users-out for Cake 2 or http://book.cakephp.org/1.3/en/view/1262/logout for Cake 1.3
And if you don't use the AuthComponent at all, you should maybe have a look at it as it contains out of the box many functionalities that you have already or will likely implement yourself.
I'm having trouble hashing out how to test whether a user is active using the new Auth component. I have 3 states a user can be in: 0 unactivated (default), 1 activated, 2 deactivated. I'm trying to implement this in the login function so I can return whether they haven't registered or have been banned.
Login:
public function login() {
if ($this->request->is('post')) {
if($this->Auth->login()) {
$results = $this->User->find('all', array(
'conditions' => array('User.email' => $this->Auth->user('email')),
'fields' => array('User.is_active')
));
if ($results['User']['is_active'] == 0) {
// User has not confirmed account
$this->Session->setFlash('Your account has not been activated. Please check your email.');
$this->Auth->logout();
$this->redirect(array('action'=>'login'));
}
// not working atm
else if ($results['User']['is_active'] == 2) {
// User has been deactivated
$this->Session->setFlash('Your account has been deactivated. Contact site admin if you believe this is in error.');
$this->Auth->logout();
$this->redirect(array('action'=>'login'));
}
else if ($results['User']['is_active'] == 1) {
// User is active
$this->redirect($this->Auth->redirect());
}
} else {
$this->Session->setFlash(__('Your email/password combination was incorrect'));
}
}
}
Can't see where I've gone wrong. Users with admin privileges and activated users are still getting the unactivated account error.
Update
Decided to drop the User.is_active field and handle it all in roles. I'm handling it in the AppController and it is almost working now. In the isAuthorized function, it now throws errors if the user is banned or unactivated, but I need it to log them out as well.
public function isAuthorized($user) {
// This isAuthorized determines what logged in users are able to see on ALL controllers. Use controller
// by controller isAuthorized to limit what they can view on each one. Basically, you do not want to allow
// actions on all controllers for users. Only admins can access every controller.
if (isset($user['role']) && $user['role'] === 'admin') {
return true; //Admin can access every action
}
elseif (isset($user['role']) && $user['role'] === 'unactivated') { // Account has not been activated
$this->Session->setFlash("You haven't activated your account yet. Please check your email.");
return false;
}
elseif (isset($user['role']) && $user['role'] === 'banned') { // Your account has been banned
$this->Session->setFlash("You're account has been banned. If you feel this was an error, please contact the site administrator.");
return false;
}
return false; // The rest don't
}
If they log in, the User model info can be accessed with $this->Auth->user(). So you should be able to do something like this:
if ($this->Auth->login()) {
if ($this->Auth->user('is_active') == 0) {
// User has not confirmed account
} else if ($this->Auth->user('is_active') == 1) {
// User is active
// and so on
You can use debug($this->Auth->user()); after the login() to see why the users keep showing as unactivated.
Now, in year 2021, for CakePHP 4.x this is the correct approach:
if ( $result->isValid() ) {
if ( $this->getRequest()->getAttribute('identity')->is_active ) {
// The user is active and can log in
} else {
// The user is not active - reject the log in
}
}
I am trying to implement facebook Connect to my cakephp Application. i am using Nick's Facebook Plugin.
I wanna implement it this way
When a user Visits the Site he should be able to login via Registration on the site or Facebook Connect
Existing users should be able to connect their account to their FB account
People who first time login to the site using FB Connect and dont have an account on the site. should be redirected to a page where they have to enter details to complete the profile.
What i have done -
I have followed the instruction of Nick to implement it and when i click Login - it connects to my app. but i dont understand how to create a username and password associated with the Fb Connect Id. and user it against the FB token.
Apparently I'm doing the same thing a little before you... ;-)
Here's a method for Facebook login I'm using (slightly redacted and annotated):
public function facebook($authorize = null) {
App::import('Lib', 'Facebook.FB');
$Fb = new FB();
$session = $Fb->getSession();
// not logged into Facebook and not a callback either,
// sending user over to Facebook to log in
if (!$session && !$authorize) {
$params = array(
'req_perms' => /* the permissions you require */,
'next' => Router::url(array('action' => 'facebook', 'authorize'), true),
'cancel_url' => Router::url(array('action' => 'login'), true)
);
$this->redirect($Fb->getLoginUrl($params));
}
// user is coming back from Facebook login,
// assume we have a valid Facebook session
$userInfo = $Fb->api('/me');
if (!$userInfo) {
// nope, login failed or something went wrong, aborting
$this->Session->setFlash('Facebook login failed');
$this->redirect(array('action' => 'login'));
}
$user = array(
'User' => array(
'firstname' => $userInfo['first_name'],
'lastname' => $userInfo['last_name'],
'username' => trim(parse_url($userInfo['link'], PHP_URL_PATH), '/'),
'email' => $userInfo['email'],
'email_validated' => $userInfo['verified']
),
'Oauth' => array(
'provider' => 'facebook',
'provider_uid' => $userInfo['id']
)
);
$this->oauthLogin($user);
}
This gives me an array with all the user details I could grab from Facebook and invokes ::oauthLogin, which either logs the user in with the given information or asks the user to fill in missing details and/or creates a new user record in the database. The most important part you get from the Facebook API is the $userInfo['id'] and/or email address, either of which you can use to identify the user in your database. If you're using the AuthComponent, you can "manually" log in the user using $this->Auth->login($user_id), where $user_id is the id of the user in your own database.
private function oauthLogin($data) {
$this->User->create();
// do we already know about these credentials?
$oauth = $this->User->Oauth->find('first', array('conditions' => $data['Oauth']));
if ($oauth) {
// yes we do, let's try to log this user in
if (empty($oauth['User']['id']) || !$this->Auth->login($oauth['User']['id'])) {
$this->Session->setFlash('Login failed');
}
$this->redirect('/');
}
// no we don't, let's see if we know this email address already
if (!empty($data['User']['email'])) {
$user = $this->User->find('first', array('conditions' => array('email' => $data['User']['email'])));
if ($user) {
// yes we do! let's store all data in the session
// and ask the user to associate his accounts
$data['User'] = array_merge($data['User'], $user['User']);
$data['Oauth']['user_id'] = $user['User']['id'];
$this->Session->write('Oauth.associate_accounts', $data);
$this->redirect(array('action' => 'oauth_associate_accounts'));
}
}
// no, this is a new user, let's ask him to register
$this->Session->write('Oauth.register', $data);
$this->redirect(array('action' => 'oauth_register'));
}
Look no further. Here is an excellent article that'll guide you all the way through (minus any readymade plugins):
Integrating Facebook Connect with CakePHP's Auth component
Simply follow the approach described in there.
Cheers,
m^e