Hi.
I protect the admin section with beforeFilter in AppController,
SessionComponent and a simple AuthController:
function beforeFilter() {
if(!empty($this->params['admin']) && $this->params['admin'] ==
CAKE_ADMIN) {
$this->checkSession();
}
}
function checkSession()
{
// If the session info hasn't been set...
if (!$this->Session->check('User'))
{
// Force the user to login
$this->redirect('/auth/login', null, true);
exit();
}
}
Here's the AuthController - with hardcoded login data! not the best solution
;-)
function login()
{
if (!empty($this->data))
{
$someone = $this->data;
if($someone['User']['username'] == 'my_username' &&
$someone['User']['password'] == 'my_secret_password')
{
$this->Session->write('User', $someone['User']);
$this->Session->setFlash('You are logged in!');
$this->redirect('/admin/news');
exit();
}
else
{
$this->Session->setFlash('Invalid login!');
}
}
}
Hope that helps!
Daniel
2007/3/27, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
>
>
> Could you advice me please, how to protect /admin/ part of website?
> Is it possible to protect with an .htaccess file?
> I would like to protect with .htaccess following:
> example.com/admin/news/add
> example.com/admin/news/edit
> example.com/admin/news/delete ...
>
> Thank you a lot.
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
