This is the second installment of my Auth Component Tutorial. I included a link to download a file for during the first installment:
CakePHP Auth 1 (4.3 KiB, 7,704 hits)
I just think that some of the stuff in there warrants some explanation.
isAuthorized()
This function is needed when $this-Auth->authorize = ‘controller’. Theory has it, you can do something similar in app_model if $this-Auth->authorize = ‘model’, but I haven’t looked into this.
The thing that confused me about this is that I thought you were required to perform your own validation. But oh no, this is additional authorization. Sort of like what beforeSave() does, where you can cancel the save after the validation. isAuthorized() is performed after the user has been logged in. If after that, you need some additional stuff, then you can put it in there. I’m not sure why it doesn’t default to return true like beforeSave() (if everything goes well), but if it’s not present, it errors out.
$this->Auth->user(’group_id’)
In my User Model I have a field called group_id. So you guessed it, this just returns the group_id of the user that’s logged in. Things couldn’t be simpler.
$this->Auth->userScope = array(’User.active’ => 1)
userScope is simply used as an added set of conditions and it behaves exactly the same way that $conditions works with the Model::find() function. So what I got about says that the user must be active to login.
So there you go. Happy Baking!
If you're new here, you may want to subscribe to my Full RSS feed. Thanks for visiting!
Lynn (2)
Alan Whitney (1)
Benjamin Sterling (1)
choncon (1)
Chris (1)
denis (1)
dental (1)
incremen (1)
Jacklee (1)
Hi,
First of all I want to thank you for great tutorials on Auth component! but i have a problem, which i quite don’t know how to solve :> how do you redirect to login page if theres a missing controller and user is not loged in?? what i get is that error message is being displayed, but i want that if user is not loged in he should be redirected to login page.
This looks brilliant, I just wish I could test it for some reason I am getting Too many redirects I spoke to teknoid in the irc room and he seemed to think it was something to do with my .htaccess have you had any troubles like this?
I’ve had this problem and begged for help in the forums, but then I just realized that I was doing something retarded:
loginRedirect and logoutRedirect, both need to be set some somewhere that does NOT require special authorization.
What I mean is that, it can require the user to login (for loginRedirect), but the default login page shouldn’t require special authorization or permissions.
This is what happens:
Say, loginRedirect is set to “/special” (needs authorization). Before login in the user tries to access “/users/index” (needs authorization). Auth tries to go to /users/index and it says that it’s not authorized. So, it defaults to loginRedirect. Therefore, it tries to go to /special. Well, /special has no Authorization either, so it tries to go back to the controller that it was referred from. And this is where the vicious cycle starts.
Good luck guys.
Nice stuff . thanks man
Hello!
First of all, I just want to thank you for putting this tutorial together and providing the source files!
I’m writing because I’m running into some issues with getting this working (even though I copied your files exactly from the zip).
I can’t seem to get Auth->allow(’*') to work. No matter what I do, it always redirects me to the users/login screen.
This is extremely frustrating, as I can’t even figure out how to create the first initial user, which would let me log in, in the first place.
Also, what if I want to allow the public to access certain sections without logging in? No matter what I put in the Auth->allow() method, it always redirects me to the login screen.
Have you tried using your code on the new CakePHP RC4 release? That’s the codebase I’m working with, and I wonder if that might somehow be the problem?
Thank you very much for your time!
Tom Chapin’s last blog post..Flash 10 Demo
Um, RC4 just came out a few days ago, so the answer is no, I haven’t had a chance to test yet.
There may be slight issues with the zip file. But, since this article, the book.cakephp.org has actually come a long way.
You should check it out.
For some strange reason the hashes weren’t matching in the end I just cut and pasted the hash I was getting from the login prompt.
I’m new to cakephp and enjoy a good challenge,
but not everything is workable from the get-go
good tutorial you helped a huge amount