Re: newbie baffled by requirePost
Right, OK, the $user_id is better off stored in the session. The authentication key still needs to be POSTed to the index() action for comparison against the version of the authorization key stored in the system. I realize now that a redirect() from the login() action to the index() action seems to bring the POST data with it. So it works :) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Use requireAuth with GET?
I have an action called index() that allows users to see their personal information To keeps this info safe from hackers I want to protect index() using requireAuth. The means that all my ways of linking to index() have to use POST. This complicates the code and leads to a clunky interface and/or javascript. POST is good for submitting forms but for general site navigation it seems inappropriate. I would rather be using GET. Yes, this would put the big, ugly authentication key in the url. But there would be no security issue because the key changes every time so no-one can use it to hijack the session. The Cake manual says requireAuth doesn't check authorization on GET requests for reasons of flexibility. With all due respect the flexibility I would like to see is the ability to have requireAuth work with GET. Am I crazy? How are other people doing this? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Use requireAuth with GET?
That would be more secure than a simple link, but still subject to having the session id hijacked, I believe But thanks for the tip anyway... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
newbie baffled by requirePost
I am trying to follow the CakePHP Manual and use requireAuth and requirePost. I have a Login page consisting of login.thtml template and a login() action located in users_controller.php. When the user submits the login form and login() determines that the submission is valid, I want to redirect to an Index page. To do this I need to call,the index() action and provide it with the data it needs by POST. It needs the authentication key of course and I also want to pass $user_id. I have NO idea how to do this. The only reasonable way to POST data is by a form. But I don't have a form. I'm in the middle of the login() php action. How am I supposed to be doing this? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
newbie question about model visibility
Sorry to ask such a simple question, but I can't find where it is explained. I have two models: User belongsTo Status Status hasMany User When I create a new user, I want to generate a select box to choose the status. users_controller.php: class UsersController extends AppController { var $name = 'Users'; function add() { $this-set('users', $this-User-findAll()); $this-set('statuschoices', $this-Status-generateList( null, name ASC, null, {n}.Status.id, {n}.Status.name) ); } } But, it can't resolve $this-Status It gives the message Notice: Undefined property: UsersController:: $Status ... (It is able to resolve $this-User. I presume this is Cake automagically instantiating the User object because I followed the correct naming convention.) How should I be doing this? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---