Hi. I protect the admin section with beforeFilter in AppController, SessionComponent and a simple AuthController:
function beforeFilter() { if(!empty($this->params['admin']) && $this->params['admin'] == CAKE_ADMIN) { $this->checkSession(); } } function checkSession() { // If the session info hasn't been set... if (!$this->Session->check('User')) { // Force the user to login $this->redirect('/auth/login', null, true); exit(); } } Here's the AuthController - with hardcoded login data! not the best solution ;-) function login() { if (!empty($this->data)) { $someone = $this->data; if($someone['User']['username'] == 'my_username' && $someone['User']['password'] == 'my_secret_password') { $this->Session->write('User', $someone['User']); $this->Session->setFlash('You are logged in!'); $this->redirect('/admin/news'); exit(); } else { $this->Session->setFlash('Invalid login!'); } } } Hope that helps! Daniel 2007/3/27, [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > > > Could you advice me please, how to protect /admin/ part of website? > Is it possible to protect with an .htaccess file? > I would like to protect with .htaccess following: > example.com/admin/news/add > example.com/admin/news/edit > example.com/admin/news/delete ... > > Thank you a lot. > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---