Hi McFadly, hats interesting thanks. I normally use othAuth but I jsut wanted a very simple HTTP-Auth, and it seems to me that should be easily achievable with this Security component, although I have not been able to get it to work!
All I would like to do is turn off the separate checking of POSTed data -- can anyone help? Or even someone who uses a HTTP-auth (with or without the digest) to post an example of their code to achieve it? I am not sure if a problem is arsing becasue my code is in the app_controller, maybe it would be better in each controller that needs the HTTP-auth; this seems to be the way of the OC presentation on Cake's example. thanks Luke On Nov 1, 4:58 pm, McFadly <[EMAIL PROTECTED]> wrote: > Hi Luke - > I think you're making this process more difficult than it needs to > be. I haven't used HTTP auth in theSecuritycomponent, so I can't > offer much insight in that realm. But you may just want to look into > using the Auth component, its pretty straightforward. Check out > Chris's article > here:http://www.littlehart.net/atthekeyboard/2007/09/11/a-hopefully-useful... > > On Nov 1, 7:03 am, luke BAKING barker <[EMAIL PROTECTED]> wrote: > > > looking at the HTML of the form I am submitting, I see there is this > > token: > > <form id="MemberAddForm" method="post" action="/admin/members/add"><p > > style="display: none;"><input type="hidden" name="data[__Token][key]" > > value="451ed6fb6ba0df462ad05faad6f0bdaab07b667c" id="Token1063112810" / > > > I suppose that is causing a mismatch upon a POST? > > > regards > > > luke > > > On Nov 1, 12:55 pm, luke BAKING barker <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > I am using Cake 1.2 - 14th October nightly build. I have set up my > > > app_controller with admin routing, so that an admin function will ask > > > the user to authenticate with HTTP auth. (I had wanted to do a > > > simple .htaccess, with .htpasswd - so I thought I would try the Cake > > > way). > > > > I have this working, BUT, when I submit an add form (e.g. submit > > > admin_Add or admin_edit) I get asked to authenticate again, which also > > > doesnt seem to work if correct details are put in. (The latter is to > > > do with my custom blackhole callback I think). > > > > How can I tell theSecuritycomponent not to ask for Auth again upon > > > a POST? > > > > here is my app_controller code: > > > class AppController extends Controller { > > > > var $helpers = array('Html','Form','Javascript'); > > > > var $components = array("Security"); > > > > function beforeFilter() { > > > if (isset($this->params["admin"])) { > > > > $this->Security->blackHoleCallback = 'incorrect'; > > > > > > > $this->Security->requireLogin('*',array('type'=>'basic','realm' => > > > Configure::read('Settings.title'))); > > > > $this->Security->loginUsers = array("admin" => > > > 'password'); > > > > } > > > } > > > > // added this callback because without, if a user enters wrong > > > details, auth prompt will not re-display > > > function incorrect () { > > > > header('WWW-Authenticate: Basic' .' > > > realm="' . > > > Configure::read('Settings.title') . '"'); > > > > header('HTTP/1.1 401 Unauthorized'); > > > > $this->autoRender = false; > > > $this->layout = ''; > > > > die('<h1>HTTP/1.1 401 Unauthorized.</h1> > > > Details incorrect. > > > Please refresh.'); > > > > } > > > > if I change my callback to this, it will work, but this is insecure, > > > obviously as it simply authenticates any POSTs! > > > > function incorrect () { > > > if(!$this->RequestHandler->isPost()) { > > > > header('WWW-Authenticate: Basic' .' > > > realm="' . > > > Configure::read('Settings.title') . '"'); > > > > header('HTTP/1.1 401 Unauthorized'); > > > > $this->autoRender = false; > > > $this->layout = ''; > > > > die('<h1>HTTP/1.1 401 Unauthorized.</h1> > > > Details incorrect. > > > Please refresh.'); > > > } > > > else { > > > return true; > > > } > > > > } > > > > thank you in advance for any help you can offer. > > > > Luke aka boobyW --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
