HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty

[luke BAKING barker]

Hi,

I am using Cake 1.2 - 14th October nightly build. I have set up my
app_controller with admin routing, so that an admin function will ask
the user to authenticate with HTTP auth. (I had wanted to do a
simple .htaccess, with .htpasswd - so I thought I would try the Cake
way).

I have this working, BUT, when I submit an add form (e.g. submit
admin_Add or admin_edit) I get asked to authenticate again, which also
doesnt seem to work if correct details are put in. (The latter is to
do with my custom blackhole callback I think).

 How can I tell the Security component not to ask for Auth again upon
a POST?


here is my app_controller code:
class AppController extends Controller {

        var $helpers = array('Html','Form','Javascript');

        var $components = array("Security");

    function beforeFilter() {
        if (isset($this->params["admin"])) {

                        $this->Security->blackHoleCallback = 'incorrect';


                        
$this->Security->requireLogin('*',array('type'=>'basic','realm' =>
Configure::read('Settings.title')));

                        $this->Security->loginUsers = array("admin" => 
'password');


        }
    }


        // added this callback because without, if a user enters wrong
details, auth prompt will not re-display
function incorrect () {

                                header('WWW-Authenticate: Basic' .' realm="' .
Configure::read('Settings.title') . '"');

                                header('HTTP/1.1 401 Unauthorized');


                            $this->autoRender = false;
                            $this->layout = '';

                            die('<h1>HTTP/1.1 401 Unauthorized.</h1> Details 
incorrect.
Please refresh.');

        }


if I change my callback to this, it will work, but this is insecure,
obviously as it simply authenticates any POSTs!

function incorrect () {
                if(!$this->RequestHandler->isPost()) {

                                header('WWW-Authenticate: Basic' .' realm="' .
Configure::read('Settings.title') . '"');

                                header('HTTP/1.1 401 Unauthorized');


                            $this->autoRender = false;
                            $this->layout = '';

                            die('<h1>HTTP/1.1 401 Unauthorized.</h1> Details 
incorrect.
Please refresh.');
                }
                else {
                        return true;
                }

        }

thank you in advance for any help you can offer.

Luke aka boobyW


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---