I thought AuthComponent handled user login and logout on its own,
validating username/password pairs and thus I saw no reason to use a
validLogin function on the model as you did.
But: AuthComponent won't log me in with an invalid password for a
given username, but what is freaking me out is that it logs me in with
any username/password combination (even both blanks) that are not in
the database... incidentally, it logs me in with a user id of '1',
which means I turn into admin without even specifying a name or
password.
So, I'm damn sure I'm missing some very crucial information on how
AuthComponent is supposed to be used. Could anyone tell what am I
doing wrong?
My users controller:
<?php
class UsuariosController extends AppController {
var $name = 'Usuarios';
function login() {
$user_id = $this->Auth->user('id');
if (!empty($user_id) && $this->Session->valid()) {
$this->Session->setFlash(__('Already logged in',
true), 'message', array('class' => 'error'));
$this->redirect('/');
exit();
}
if (!empty($this->data)) {
if (!$this->Auth->login($this->data)) {
$this->Session->setFlash(__('Login failed', true),
'message', array('class' => 'error'));
} else {
$this->flashRedirect(__('Welcome', true), '/');
}
}
}
function logout() {
$this->Auth->logout();
$this->flashRedirect(__('Logged out', true), '/');
}
}
And App Controller:
<?php
class AppController extends Controller {
var $components = array('Session', 'Acl', 'Auth');
var $helpers = array('html', 'javascript', 'form', 'head');
function beforeFilter() {
if (isset($this->Auth)) {
$this->Auth->fields = array('username' => 'email',
'password' => 'password');
$this->Auth->userModel = 'Usuario';
$this->Auth->loginAction = array('controller'=>'usuarios',
'action'=>'login');
$this->Auth->loginRedirect =
array('controller'=>'usuarios', 'action'=>'index');
}
parent::beforeFilter();
}
function flashRedirect($message, $url = array(), $class = 'info')
{
$this->Session->setFlash($message, 'message', array('class' =>
$class));
$this->redirect($url);
exit();
}
}
The user login view:
<?=$form->create('Usuario', array('action'=>'login'))?>
<?=$form->input('Usuario.email')?>
<?=$form->input('Usuario.password', array('type'=>'password',
'value'=>''))?>
<?=$form->submit('Entrar')?>
<?=$form->end()?>
On 21 jun, 10:24, danfreak <d...@freakclimbing.com> wrote:
> Dunno why but I can't post in the original thread.
> original thread=> " new auth component in cake 1.2 "http://groups.google.com/group/cake-php/browse_frm/thread/f2d0143c2e5...
> My 2 cents about the new Auth component (Cake 1.2.0.5146alpha)
> It stores encrypted passwords in the DB when you add/edit a new user.
> Let's start with the users controller:
> --------------------------------------------------------------------------- --------------------------
> users_controller.php
> --------------------------------------------------------------------------- --------------------------
> <?php
> class UsersController extends AppController {
> var $name = 'Users';
> var $helpers = array('Html', 'Form', 'Session');
> var $components = array('Auth', 'Session');
> function beforeFilter()
> {
> //actions we allow without authentication, you can also put
> them in the app_controller.php
> $this->Auth->allow('index', 'register', 'login', 'logout');
> }
> function login()
> {
> //user already logged in?
> //checking if session has been written
> $user_id = $this->Auth->user('id');
> if (!empty($user_id) && $this->Session->valid())
> {
> $this->Session->setFlash('You are already logged in');
> $this->redirect(array('action'=>''), null, true);
> }
> else
> {
> if(!empty($this->data))
> {
> //calling login validation validLogin() in model
> if($this->User->validLogin($this->data))
> {
> if($this->Auth->login($this->User->user))
> {
> $this->Session->setFlash('You have
> successfully logged in');
> $this->redirect(array('action'=>''), null,
> true);
> }
> else
> {
> $this->set('password', null);
> $this->set('auth_msg', 'Please try again');
> }
> }
> }
> else
> {
> $this->set('auth_msg', 'Please enter your username and
> password');
> }
> }
> }
> function logout()
> {
> $this->Session->destroy('user');
> $this->Session->setFlash('You\'ve successfully logged out.');
> $this->redirect(array('action'=>'login'), null, true);
> }
> --------------------------------------------------------------------------- --------------------------
> MODEL-> user.php
> the model has just a particular function (see below) that you must add
> --------------------------------------------------------------------------- --------------------------
> function validLogin($data)
> {
> $user = $this->find(array('username' => $data['User']
> ['username'], 'password' => ($data['User']['password'])), array('id',
> 'username', 'password'));
> if(!empty($user)){
> $this->user = $user['User'];
> return TRUE;
> }
> else {
> return FALSE;
> }
> }
> --------------------------------------------------------------------------- --------------------------
> DB table users
> --------------------------------------------------------------------------- --------------------------
> CREATE TABLE `users` (
> `id` int(10) NOT NULL auto_increment,
> `username` varchar(250) NOT NULL default '',
> `password` varchar(50) NOT NULL,
> `name` varchar(255) default NULL,
> `email` varchar(250) NOT NULL default '',
> `created` datetime NOT NULL default '0000-00-00 00:00:00',
> `modified` datetime NOT NULL default '0000-00-00 00:00:00',
> PRIMARY KEY (`id`)
> ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
> --------------------------------------------------------------------------- --------------------------
> VIEW->login.ctp
> --------------------------------------------------------------------------- --------------------------
> <h1>Log In:</h1>
> <?= isset($auth_msg) ? $auth_msg: ''?>
> <?php e($form->create('User', array('action'=>'login')));?>
> <?php echo $form->input('username');?>
> <?php echo $form->input('password',
> array('value'=>''));?>
> <div class="submit"><input type="submit" value="Login" /></div>
> <?php echo $form->end();?>
> --------------------------------------------------------------------------- --------------------------
> Enjoy and let me know if you have better ways for authentication.
> Dan
