Like I said: You are passing data into the login function. In 2.0 this
"will log the user in with whatever data is posted". Thats why only the
two fields posted are displayed and the PW isn't hashed. Since you
haven't specified what version of cake you are using, I still assume
this is the reason. If you say you don't use cake 2.x I'll stop
bothering you. ;)
On 06/20/2012 09:27 PM, Joey Hauschildt wrote:
I just followed the tutorial in the book. The only custimization I
made was was using the email field instead of the username field.
Here is my AppController:
class AppController extends Controller {
public $uses = array('User');
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'posts', 'action'
=> 'index'),
'logoutRedirect' => array('controller' => 'pages',
'action' => 'display', 'home')
)
);
public function beforeFilter() {
$this->Auth->allow('index', 'view');
$this->set('logged_in', $this->Auth->LoggedIn());
$this->set('current_user', $this->Auth->user());
//debug($this->Session->read('Auth.User'));
}
public function isAuthorized($user) {
return TRUE;
}
}
And here is my Users/login action:
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login($this->request->data)) {
return $this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Username or password is
incorrect'), 'default', array(), 'auth');
}
}
}
The beforeFilter in my Users controller:
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->fields = array('username' => 'email', 'password'
=> 'password');
$this->Auth->allow('add', 'logout');
}
On Wednesday, June 20, 2012 12:31:35 AM UTC-6, Борислав Събев wrote:
This could be the case - a wrongly implemented Authentication
system. @Joey Hauschildt $this->Auth->user() and the "Auth.User"
Session key should both return/contain the full user information -
i.e. all fields from the users DB table. This behaviour is
strange. Can you provide more info on your exact implementation.
Cheers,
Borislav.
On Wednesday, 20 June 2012 00:36:24 UTC+3, Max Dörfler wrote:
http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#identifying-users-and-logging-them-in
<http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#identifying-users-and-logging-them-in>
"In 2.0 $this->Auth->login($this->request->data) will log the
user in with whatever data is posted, whereas in 1.3
$this->Auth->login($this->data) would try to identify the user
first and only log in when successful."
I assume you are yousing 2.x. I guess this is what you are
looking for. Call login() without params.
On 06/19/2012 11:18 PM, Joey Hauschildt wrote:
I am. All passwords in the db are hashed. The problem seems
to be that instead of getting info from the users table, it
is only filling debug($this->Session->read('Auth.User'));
and debug($this->Auth->User()) with data from the form.
Otherwise the password would be hashed. It has nowhere else
to get an unhashed password from. This seems like a pretty
poor choice for default behavior. I would prefer that my app
didn't store passwords from the form anywhere.
On Tuesday, June 19, 2012 2:50:45 PM UTC-6, Jeremy Burns wrote:
You should be hashing the password before saving it.
Jeremy Burns
Class Outfit
http://www.classoutfit.com
On 19 Jun 2012, at 19:41:30, Joey Hauschildt wrote:
debug($this->Session->read('Auth.User'));
and debug($this->Auth->User()); both return:
array(
'User' => array(
'password' => '*****',
'email' => 't...@example.com <mailto:t...@example.com>'
)
)
These are the fields that the user uses to log in. The
password isn't even hashed. When I print_r, it displays
the actual password. I would like to have access to
other user info like an ID or role. Do I need to use my
own query to get this info or should the Auth Component
be grabbing that stuff for me?.
--
Our newest site for the community: CakePHP Video
Tutorials http://tv.cakephp.org <http://tv.cakephp.org/>
Check out the new CakePHP Questions site
http://ask.cakephp.org <http://ask.cakephp.org/> and
help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
<mailto:cake-php+unsubscr...@googlegroups.com> For more
options, visit this group at
http://groups.google.com/group/cake-php
<http://groups.google.com/group/cake-php>
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site
http://ask.cakephp.org and help others with their CakePHP
related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
<mailto:cake-php+unsubscr...@googlegroups.com> For more
options, visit this group at
http://groups.google.com/group/cake-php
<http://groups.google.com/group/cake-php>
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and
help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this
group at http://groups.google.com/group/cake-php
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php