Odd AuthComponent behavior

Nick Fri, 26 Dec 2008 10:43:32 -0800

Has anyone else seen this, it appears to only happen when using the
auth component with cookies.  If I have an e-mail that begins with a
number, the auth component authenticates the wrong user.  It takes
whatever the leading number is and logs in the user with the ID of
that number, instead of the user with the correct e-mail address. Any
other e-mail account login works fine, as long as it doesn't begin
with a number.


Here's what my code looks like:

In my User Model I use this to check the login and find the correct
user:

        function checkLogin($email)
         {
            $user = $this->findByEmail($email);

            if ($user)
             {
                return $user;
            }
            return null;
         }


In my AppController:

                $this->Auth->loginAction    = array('controller' => 'users',
'action' => 'login');
                $this->Auth->logoutRedirect = '/';
                $this->Auth->loginError     = 'Either your Email or Password are
incorrect. Please try again';
                $this->Auth->authError      = 'Please Log In before attempting 
to
access this page.';
                $this->Auth->autoRedirect   = false;

                $cookie = $this->Cookie->read('User');

                if (is_array($cookie) && !$this->Auth->user())
                {
                        $loginUser = $this->User->checkLogin($cookie['email']);
                        if (isset($loginUser)){
                                $loginSuccess = $this->Auth->login($loginUser);
                                if (!$loginSuccess){
                                        $this->Cookie->del('User');
                                }
                        }
                }


And in my UsersController:

        function login() {
                if ($this->Auth->User()){

                        if (!empty($this->data)){
                                if (!($this->data['User']['remember'])){
                                        $this->Cookie->del('User');
                                } else {
                                        $cookie = array();
                                        $cookie['email'] = 
$this->data['User']['email'];
                                        
$this->Cookie->write('User',$cookie,true,'+2 weeks');

                                }
                                unset($this->data['User']['remember']);
                        }
                        $this->redirect($this->Auth->redirect());
                }
        }



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to 
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Odd AuthComponent behavior

Reply via email to