 |
From: Gorka <glopezdeto...@gmail.com>
Date: Fri, 27 Jul 2007 04:57:51 -0700
Local: Fri, Jul 27 2007 7:57 am
Subject: Re: Auth component + Cake 1.2
After digging quite a bit in the AuthComponent source, I think I've
found the problem. There are still some things I don't understand, so please feel free to correct me where I might be wrong. For example, identify() gets called twice in a login, but I can't figure where does the second call come from and why the passed data is different in each call: first the POST data, then username/password fields as part of a User array. This second call is the one logging the user even if no username/password information was given on the login form, see code bellow. On a side note for my previous code, it is not necessary to call $this->Auth->login() passing it $this->data. It will use $_POST data if nothing is specified. The identify() function of AuthComponent (auth.php 5437 2007-07-10 >find() call if any of the login fields are empty, thus finding the first result in the database: in my case, user with id=1: the administrator. The problematic code commented: /* Initialize the array we are going to use as a find condition as >fields['username']]) && !empty($user[$this->fields['password']])) { if (trim($user[$this->fields['username']]) == '=' || trim($user[$this- >fields['password']]) == '=') { return false; } /* Set find conditions */ $find = array( $this->fields['username'] => $user[$this->fields['username']], $this->fields['password'] => $user[$this->fields['password']] ); /* Else, if username is provided in POST */ } elseif (isset($user[$this->userModel . '.' . $this- /* If both are empty (why '='?) this should return a >fields['username']]) && !empty($user[$this->userModel . '.' . $this- >fields['username']])) { login failure, but the misterious (for me!) second call will ruin the login failure */ if (trim($user[$this->userModel . '.' . $this->fields['username']]) == '=' || trim($user[$this->userModel . '.' . $this- >fields['password']]) == '=') { return false; } /* Set find conditions */ $find = array( $this->fields['username'] => $user[$this->userModel . '.' . $this- >fields['username']], $this->fields['password'] => $user[$this->userModel . '.' . $this- >fields['password']] /* At this point, if we were working with the user array and *any* but ); } not both of the fields were empty, find = array( ) */ $model =& $this->getModel(); /* $model->find(am(array(), $this->userScope), null, null, -1) will seek: If $this->userScope == array() the first user record, unconditionally. Else, the first user record that matches filtering conditions, but ommiting the identifying information: username/password */ $data = $model->find(am($find, $this->userScope), null, null, -1); /* } Now the questions are: Q1. What is this second call to identify and where does it come On 27 jul, 12:10, Gorka <glopezdeto...@gmail.com> wrote: > I thought AuthComponent handled user login and logout on its own,
> validating username/password pairs and thus I saw no reason to use a > validLogin function on the model as you did. > But: AuthComponent won't log me in with an invalid password for a > So, I'm damn sure I'm missing some very crucial information on how > My users controller: > <?php > class UsuariosController extends AppController { > var $name = 'Usuarios'; > function login() { > $user_id = $this->Auth->user('id'); > if (!empty($this->data)) { > function logout() { > } > And App Controller: > <?php > class AppController extends Controller { > var $components = array('Session', 'Acl', 'Auth'); > function beforeFilter() { > function flashRedirect($message, $url = array(), $class = 'info') > } > The user login view: > <?=$form->create('Usuario', array('action'=>'login'))?> > On 21 jun, 10:24, danfreak <d...@freakclimbing.com> wrote: > > Dunno why but I can't post in the original thread. > > original thread=> " new auth component in cake 1.2 "http://groups.google.com/group/cake-php/browse_frm/thread/f2d0143c2e5... > > My 2 cents about the new Auth component (Cake 1.2.0.5146alpha) > > It stores encrypted passwords in the DB when you add/edit a new user. > > Let's start with the users controller: > > --------------------------------------------------------------------------- ญญ-------------------------- > > var $name = 'Users'; > > function beforeFilter() > > function login() > > } > > } > > function logout() > > --------------------------------------------------------------------------- ญญ-------------------------- > > $user = $this->find(array('username' => $data['User'] > > } > > --------------------------------------------------------------------------- ญญ-------------------------- > > --------------------------------------------------------------------------- ญญ-------------------------- > > <div class="submit"><input type="submit" value="Login" /></div> > > --------------------------------------------------------------------------- ญญ-------------------------- > > Enjoy and let me know if you have better ways for authentication. > > Dan- Ocultar texto de la cita - > - Mostrar texto de la cita - You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||