Re: Auth Component encrypting password before validation.
Thanks to both of you, I thought of this, but I thought it would be easier to disable the AuthComponent::hashPasswords and then do what Baz did above. Anyways thanks again for the help. -Andrew On Jan 17, 10:45 pm, Baz <[EMAIL PROTECTED]> wrote: > Yep, > > Use a different field, eg. new_password or something. (I'm assuming > you're validating when creating a password. No need for login) > > Here's assuming you have a model called User: > > // needed for validation for some reason > $this->User->set($this->data); > if ($this->validates($this->data)) > { > $this->data['User']['passwd'] = > $this->Auth->password($this->data['User']['new_passwd'] ) > > // all we did was hash passwords, no need to revalidate. > if ($this->save($this->data, false)) > { > // do stuff > } else > { > // invalid > } > > } > > Would be nice to stick this is beforeSave in the model, but you can't > [easily] access the Auth component from the model. > > Hope this helps. > > On Jan 17, 2008 9:31 AM, dizz <[EMAIL PROTECTED]> wrote: > > > > > Hello, > > > I am using the auth component and before my model can validate the > > password the auth component already encrypts the password so making it > > impossible to use the between built in valid method. > > > Is there any work around for this? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component encrypting password before validation.
Yep, Use a different field, eg. new_password or something. (I'm assuming you're validating when creating a password. No need for login) Here's assuming you have a model called User: // needed for validation for some reason $this->User->set($this->data); if ($this->validates($this->data)) { $this->data['User']['passwd'] = $this->Auth->password($this->data['User']['new_passwd'] ) // all we did was hash passwords, no need to revalidate. if ($this->save($this->data, false)) { //do stuff } else { // invalid } } Would be nice to stick this is beforeSave in the model, but you can't [easily] access the Auth component from the model. Hope this helps. On Jan 17, 2008 9:31 AM, dizz <[EMAIL PROTECTED]> wrote: > > Hello, > > I am using the auth component and before my model can validate the > password the auth component already encrypts the password so making it > impossible to use the between built in valid method. > > Is there any work around for this? > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component encrypting password before validation.
On Jan 17, 2008 10:31 AM, dizz <[EMAIL PROTECTED]> wrote: > > Hello, > > I am using the auth component and before my model can validate the > password the auth component already encrypts the password so making it > impossible to use the between built in valid method. > > Is there any work around for this? Well, you can always create another field called 'password_confirm' or something, and then validate against that. Then you can compare the encrypted password to the encrypted version of the password_confirm field to make sure that they are equal. I've even posted an example of how to do it on my blog (link is below) before. Hope that helps. -- Chris Hartjes Internet Loudmouth Motto for 2008: "Moving from herding elephants to handling snakes..." @TheKeyBoard: http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth Component encrypting password before validation.
Hello, I am using the auth component and before my model can validate the password the auth component already encrypts the password so making it impossible to use the between built in valid method. Is there any work around for this? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component with a validated user
Put the function in beforeFilter of app_controller. On Jan 16, 11:49 pm, cmbg <[EMAIL PROTECTED]> wrote: > Hi all! > > I have the Auth component on every controller in my app, so it makes > sure that the user is logged in before performing any actions. What I > want is if the validated user also has flag that requires them to > change their password, they can't go to any other controller or > perform any actions until they successfully change their password. > > The only thing I can think of is adding the following lines of code to > every controller's "beforeFilter". > > function beforeFilter() > { > ... > $user = $this->Auth->user(); > if ($user['User']['force_password_change'] == 'Y') > { > $this->redirect(array('controller'=>'users', > 'action'=>'edit')); > } > ... > > } > > BUT what if I have tons of controllers? I don't want to copy and > paste this code in every one of them... heh. I don't think that's > very good coding... > > Thanks for any advice! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth Component with a validated user
Hi all! I have the Auth component on every controller in my app, so it makes sure that the user is logged in before performing any actions. What I want is if the validated user also has flag that requires them to change their password, they can't go to any other controller or perform any actions until they successfully change their password. The only thing I can think of is adding the following lines of code to every controller's "beforeFilter". function beforeFilter() { ... $user = $this->Auth->user(); if ($user['User']['force_password_change'] == 'Y') { $this->redirect(array('controller'=>'users', 'action'=>'edit')); } ... } BUT what if I have tons of controllers? I don't want to copy and paste this code in every one of them... heh. I don't think that's very good coding... Thanks for any advice! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component - Edit User blank password
True, But I need it like that anyways, because I do some validation (length, sames as confirm field). On Jan 14, 2008 9:35 AM, djiize <[EMAIL PROTECTED]> wrote: > > Interesting too, didn't think about this way. > Maybe one workaround, you may have to hash the password yourself, > instead of Auth auto hash it > > On 14 jan, 15:42, Baz <[EMAIL PROTECTED]> wrote: > > Oooohh, gotcha. > > > > Interesting. What I usually do is have another field like > chng_pass...and if > > that is set, I'd set password = chgn_pass. > > -- > > Kevin Lloyd > > 3HN Designshttp://www.3HNDesigns.com/ > > (214) 473-4207 > > > > On 1/14/08, djiize <[EMAIL PROTECTED]> wrote: > > > > > > > > > I use 2 ways, it depends of project, design, ... : > > > 1- 2 forms : 1 for passowrd change, and 1 for other fields. So the > > > $fieldList save are fixed > > > 2- 1 form to rule them all. I test if password is set, and set > > > $fieldList accordingly > > > > > On 14 jan, 15:07, Baz <[EMAIL PROTECTED]> wrote: > > > > I'm confused... > > > > > > So what if they do want to edit the password? Do you check > $this->data > > > > before save and populate the fileds array in save() conditionally? > > > > > > I guess my real question is why not just don't put the password > field on > > > the > > > > form. > > > > > > On Jan 14, 2008 7:04 AM, djiize <[EMAIL PROTECTED]> wrote: > > > > > > > and better, use the security component, it will secure your forms > very > > > > > well > > > > > but it's another topic > > > > > > > On 14 jan, 14:03, djiize <[EMAIL PROTECTED]> wrote: > > > > > > you're welcome > > > > > > in addition, it's always a good practice to specify which fileds > to > > > > > > update in each Model->save() call > > > > > > it will prevent POST forgery > > > > > > > > On 14 jan, 12:37, Mike Digital Egg <[EMAIL PROTECTED]> > wrote: > > > > > > > > > Hey djiize , that worked great, thanks :) > > > > > > > > > Mike > > > > > > > > > On Jan 14, 11:39 am, djiize <[EMAIL PROTECTED]> wrote: > > > > > > > > > > you can speciify which fields to update with the 3rd > parameter > > > of > > > > > > > > Model->save(): > > > > > > http://api.cakephp.org/1.2/class_model.html#ebe42ae387be89985b5a35dd4. > > > .. > > > > > > > > > > On 14 jan, 11:03, Mike Digital Egg <[EMAIL PROTECTED] > > > > > wrote: > > > > > > > > > > > Hi, > > > > > > > > > > > I am using the Auth component for 1.2 and it is all > working > > > fine > > > > > > > > > except when I go to edit a user I want to have the option > to > > > leave > > > > > the > > > > > > > > > password field blank and have itleave the password > unchanged. > > > > > Whenever > > > > > > > > > I do this it rehashes the password using '' as the > password. I > > > > > have > > > > > > > > > tried using unset( $this->data['User']['password'] ); so > that > > > the > > > > > > > > > password field is not added to the query but it does not > work. > > > Any > > > > > > > > > ideas how I would do this? > > > > > > > > > > > Thanks > > > > > > > > > > > Mike > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component - Edit User blank password
Interesting too, didn't think about this way. Maybe one workaround, you may have to hash the password yourself, instead of Auth auto hash it On 14 jan, 15:42, Baz <[EMAIL PROTECTED]> wrote: > Oooohh, gotcha. > > Interesting. What I usually do is have another field like chng_pass...and if > that is set, I'd set password = chgn_pass. > -- > Kevin Lloyd > 3HN Designshttp://www.3HNDesigns.com/ > (214) 473-4207 > > On 1/14/08, djiize <[EMAIL PROTECTED]> wrote: > > > > > I use 2 ways, it depends of project, design, ... : > > 1- 2 forms : 1 for passowrd change, and 1 for other fields. So the > > $fieldList save are fixed > > 2- 1 form to rule them all. I test if password is set, and set > > $fieldList accordingly > > > On 14 jan, 15:07, Baz <[EMAIL PROTECTED]> wrote: > > > I'm confused... > > > > So what if they do want to edit the password? Do you check $this->data > > > before save and populate the fileds array in save() conditionally? > > > > I guess my real question is why not just don't put the password field on > > the > > > form. > > > > On Jan 14, 2008 7:04 AM, djiize <[EMAIL PROTECTED]> wrote: > > > > > and better, use the security component, it will secure your forms very > > > > well > > > > but it's another topic > > > > > On 14 jan, 14:03, djiize <[EMAIL PROTECTED]> wrote: > > > > > you're welcome > > > > > in addition, it's always a good practice to specify which fileds to > > > > > update in each Model->save() call > > > > > it will prevent POST forgery > > > > > > On 14 jan, 12:37, Mike Digital Egg <[EMAIL PROTECTED]> wrote: > > > > > > > Hey djiize , that worked great, thanks :) > > > > > > > Mike > > > > > > > On Jan 14, 11:39 am, djiize <[EMAIL PROTECTED]> wrote: > > > > > > > > you can speciify which fields to update with the 3rd parameter > > of > > > > > > > Model->save(): > > > >http://api.cakephp.org/1.2/class_model.html#ebe42ae387be89985b5a35dd4. > > .. > > > > > > > > On 14 jan, 11:03, Mike Digital Egg <[EMAIL PROTECTED]> > > wrote: > > > > > > > > > Hi, > > > > > > > > > I am using the Auth component for 1.2 and it is all working > > fine > > > > > > > > except when I go to edit a user I want to have the option to > > leave > > > > the > > > > > > > > password field blank and have itleave the password unchanged. > > > > Whenever > > > > > > > > I do this it rehashes the password using '' as the password. I > > > > have > > > > > > > > tried using unset( $this->data['User']['password'] ); so that > > the > > > > > > > > password field is not added to the query but it does not work. > > Any > > > > > > > > ideas how I would do this? > > > > > > > > > Thanks > > > > > > > > > Mike --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component - Edit User blank password
Oooohh, gotcha. Interesting. What I usually do is have another field like chng_pass...and if that is set, I'd set password = chgn_pass. -- Kevin Lloyd 3HN Designs http://www.3HNDesigns.com/ (214) 473-4207 On 1/14/08, djiize <[EMAIL PROTECTED]> wrote: > > > I use 2 ways, it depends of project, design, ... : > 1- 2 forms : 1 for passowrd change, and 1 for other fields. So the > $fieldList save are fixed > 2- 1 form to rule them all. I test if password is set, and set > $fieldList accordingly > > On 14 jan, 15:07, Baz <[EMAIL PROTECTED]> wrote: > > I'm confused... > > > > So what if they do want to edit the password? Do you check $this->data > > before save and populate the fileds array in save() conditionally? > > > > I guess my real question is why not just don't put the password field on > the > > form. > > > > On Jan 14, 2008 7:04 AM, djiize <[EMAIL PROTECTED]> wrote: > > > > > > > > > and better, use the security component, it will secure your forms very > > > well > > > but it's another topic > > > > > On 14 jan, 14:03, djiize <[EMAIL PROTECTED]> wrote: > > > > you're welcome > > > > in addition, it's always a good practice to specify which fileds to > > > > update in each Model->save() call > > > > it will prevent POST forgery > > > > > > On 14 jan, 12:37, Mike Digital Egg <[EMAIL PROTECTED]> wrote: > > > > > > > Hey djiize , that worked great, thanks :) > > > > > > > Mike > > > > > > > On Jan 14, 11:39 am, djiize <[EMAIL PROTECTED]> wrote: > > > > > > > > you can speciify which fields to update with the 3rd parameter > of > > > > > > Model->save(): > > >http://api.cakephp.org/1.2/class_model.html#ebe42ae387be89985b5a35dd4. > .. > > > > > > > > On 14 jan, 11:03, Mike Digital Egg <[EMAIL PROTECTED]> > wrote: > > > > > > > > > Hi, > > > > > > > > > I am using the Auth component for 1.2 and it is all working > fine > > > > > > > except when I go to edit a user I want to have the option to > leave > > > the > > > > > > > password field blank and have itleave the password unchanged. > > > Whenever > > > > > > > I do this it rehashes the password using '' as the password. I > > > have > > > > > > > tried using unset( $this->data['User']['password'] ); so that > the > > > > > > > password field is not added to the query but it does not work. > Any > > > > > > > ideas how I would do this? > > > > > > > > > Thanks > > > > > > > > > Mike > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component - Edit User blank password
I use 2 ways, it depends of project, design, ... : 1- 2 forms : 1 for passowrd change, and 1 for other fields. So the $fieldList save are fixed 2- 1 form to rule them all. I test if password is set, and set $fieldList accordingly On 14 jan, 15:07, Baz <[EMAIL PROTECTED]> wrote: > I'm confused... > > So what if they do want to edit the password? Do you check $this->data > before save and populate the fileds array in save() conditionally? > > I guess my real question is why not just don't put the password field on the > form. > > On Jan 14, 2008 7:04 AM, djiize <[EMAIL PROTECTED]> wrote: > > > > > and better, use the security component, it will secure your forms very > > well > > but it's another topic > > > On 14 jan, 14:03, djiize <[EMAIL PROTECTED]> wrote: > > > you're welcome > > > in addition, it's always a good practice to specify which fileds to > > > update in each Model->save() call > > > it will prevent POST forgery > > > > On 14 jan, 12:37, Mike Digital Egg <[EMAIL PROTECTED]> wrote: > > > > > Hey djiize , that worked great, thanks :) > > > > > Mike > > > > > On Jan 14, 11:39 am, djiize <[EMAIL PROTECTED]> wrote: > > > > > > you can speciify which fields to update with the 3rd parameter of > > > > > Model->save(): > >http://api.cakephp.org/1.2/class_model.html#ebe42ae387be89985b5a35dd4... > > > > > > On 14 jan, 11:03, Mike Digital Egg <[EMAIL PROTECTED]> wrote: > > > > > > > Hi, > > > > > > > I am using the Auth component for 1.2 and it is all working fine > > > > > > except when I go to edit a user I want to have the option to leave > > the > > > > > > password field blank and have itleave the password unchanged. > > Whenever > > > > > > I do this it rehashes the password using '' as the password. I > > have > > > > > > tried using unset( $this->data['User']['password'] ); so that the > > > > > > password field is not added to the query but it does not work. Any > > > > > > ideas how I would do this? > > > > > > > Thanks > > > > > > > Mike --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component - Edit User blank password
I'm confused... So what if they do want to edit the password? Do you check $this->data before save and populate the fileds array in save() conditionally? I guess my real question is why not just don't put the password field on the form. On Jan 14, 2008 7:04 AM, djiize <[EMAIL PROTECTED]> wrote: > > and better, use the security component, it will secure your forms very > well > but it's another topic > > On 14 jan, 14:03, djiize <[EMAIL PROTECTED]> wrote: > > you're welcome > > in addition, it's always a good practice to specify which fileds to > > update in each Model->save() call > > it will prevent POST forgery > > > > On 14 jan, 12:37, Mike Digital Egg <[EMAIL PROTECTED]> wrote: > > > > > Hey djiize , that worked great, thanks :) > > > > > Mike > > > > > On Jan 14, 11:39 am, djiize <[EMAIL PROTECTED]> wrote: > > > > > > you can speciify which fields to update with the 3rd parameter of > > > > Model->save(): > http://api.cakephp.org/1.2/class_model.html#ebe42ae387be89985b5a35dd4... > > > > > > On 14 jan, 11:03, Mike Digital Egg <[EMAIL PROTECTED]> wrote: > > > > > > > Hi, > > > > > > > I am using the Auth component for 1.2 and it is all working fine > > > > > except when I go to edit a user I want to have the option to leave > the > > > > > password field blank and have itleave the password unchanged. > Whenever > > > > > I do this it rehashes the password using '' as the password. I > have > > > > > tried using unset( $this->data['User']['password'] ); so that the > > > > > password field is not added to the query but it does not work. Any > > > > > ideas how I would do this? > > > > > > > Thanks > > > > > > > Mike > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component - Edit User blank password
and better, use the security component, it will secure your forms very well but it's another topic On 14 jan, 14:03, djiize <[EMAIL PROTECTED]> wrote: > you're welcome > in addition, it's always a good practice to specify which fileds to > update in each Model->save() call > it will prevent POST forgery > > On 14 jan, 12:37, Mike Digital Egg <[EMAIL PROTECTED]> wrote: > > > Hey djiize , that worked great, thanks :) > > > Mike > > > On Jan 14, 11:39 am, djiize <[EMAIL PROTECTED]> wrote: > > > > you can speciify which fields to update with the 3rd parameter of > > > Model->save():http://api.cakephp.org/1.2/class_model.html#ebe42ae387be89985b5a35dd4... > > > > On 14 jan, 11:03, Mike Digital Egg <[EMAIL PROTECTED]> wrote: > > > > > Hi, > > > > > I am using the Auth component for 1.2 and it is all working fine > > > > except when I go to edit a user I want to have the option to leave the > > > > password field blank and have itleave the password unchanged. Whenever > > > > I do this it rehashes the password using '' as the password. I have > > > > tried using unset( $this->data['User']['password'] ); so that the > > > > password field is not added to the query but it does not work. Any > > > > ideas how I would do this? > > > > > Thanks > > > > > Mike --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component - Edit User blank password
you're welcome in addition, it's always a good practice to specify which fileds to update in each Model->save() call it will prevent POST forgery On 14 jan, 12:37, Mike Digital Egg <[EMAIL PROTECTED]> wrote: > Hey djiize , that worked great, thanks :) > > Mike > > On Jan 14, 11:39 am, djiize <[EMAIL PROTECTED]> wrote: > > > you can speciify which fields to update with the 3rd parameter of > > Model->save():http://api.cakephp.org/1.2/class_model.html#ebe42ae387be89985b5a35dd4... > > > On 14 jan, 11:03, Mike Digital Egg <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > I am using the Auth component for 1.2 and it is all working fine > > > except when I go to edit a user I want to have the option to leave the > > > password field blank and have itleave the password unchanged. Whenever > > > I do this it rehashes the password using '' as the password. I have > > > tried using unset( $this->data['User']['password'] ); so that the > > > password field is not added to the query but it does not work. Any > > > ideas how I would do this? > > > > Thanks > > > > Mike --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component - Edit User blank password
Hey djiize , that worked great, thanks :) Mike On Jan 14, 11:39 am, djiize <[EMAIL PROTECTED]> wrote: > you can speciify which fields to update with the 3rd parameter of > Model->save():http://api.cakephp.org/1.2/class_model.html#ebe42ae387be89985b5a35dd4... > > On 14 jan, 11:03, Mike Digital Egg <[EMAIL PROTECTED]> wrote: > > > Hi, > > > I am using the Auth component for 1.2 and it is all working fine > > except when I go to edit a user I want to have the option to leave the > > password field blank and have itleave the password unchanged. Whenever > > I do this it rehashes the password using '' as the password. I have > > tried using unset( $this->data['User']['password'] ); so that the > > password field is not added to the query but it does not work. Any > > ideas how I would do this? > > > Thanks > > > Mike --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component - Edit User blank password
you can speciify which fields to update with the 3rd parameter of Model->save(): http://api.cakephp.org/1.2/class_model.html#ebe42ae387be89985b5a35dd428f5c81 On 14 jan, 11:03, Mike Digital Egg <[EMAIL PROTECTED]> wrote: > Hi, > > I am using the Auth component for 1.2 and it is all working fine > except when I go to edit a user I want to have the option to leave the > password field blank and have itleave the password unchanged. Whenever > I do this it rehashes the password using '' as the password. I have > tried using unset( $this->data['User']['password'] ); so that the > password field is not added to the query but it does not work. Any > ideas how I would do this? > > Thanks > > Mike --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth Component - Edit User blank password
Hi, I am using the Auth component for 1.2 and it is all working fine except when I go to edit a user I want to have the option to leave the password field blank and have itleave the password unchanged. Whenever I do this it rehashes the password using '' as the password. I have tried using unset( $this->data['User']['password'] ); so that the password field is not added to the query but it does not work. Any ideas how I would do this? Thanks Mike --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth component and testAction()
Gwoo be da man. He pointed me in a much better direction on this. I defined a CAKE_UNIT_TEST setting in test.php (and bootstrap.php), used Configure for some test options to decide if the test (when using testAction()) should bypassSSL, bypassAuth and spoof an Auth User (so all those functions can also be tested). Nothing modifies core code, in fact, apart from the settings in the test.php and bootstrap.php, its all handled in the app_controller. Here is what I did to make sure this all worked: http://bin.cakephp.org/view/1197582177 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth component and testAction()
Hmm. Well, I looked to override the startController() method and write a user record to the Session based on the Auth->sessionKey, but that didn't work. Following the chain of events, it looks like this happens: dispatcher created does a bunch of magic creates the components creates the classes starts the controller inits components -> Auth is now activated and looking for a user calls _invoke() _invoke() calls startController() custom code would go here So adding something into startController to spoof a login doesn't work, since it won't get called until after Auth has done its business. Anyone else worked with testAction() and the Auth component? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth component and testAction()
Interesting find tonight while playing with the test suite. If you use testAction() and have the Auth component loading (in the controller or in your App Controller), and don't explicitly Auth->allow() the action set in testAction(), then testAction() will fail silenty as it redirects to the Auth->loginAction. (I had a similar issue with requireSecure() and testing through a non-SSL URL.) For now (so I can play with the testAction() function), I put this in the top of my App Controller's beforeFilter(): function beforeFilter () { // Let tests skip Auth and requireSecure if ( basename(env('SCRIPT_NAME')) == 'test.php' ) { $this->Auth->allow(); return true; } } I'm sure there is a better way to determine if we're running a test or not, and I figure there has to be a better way to let testing through. Is there a way to tell testAction() to simulate a user login? Is the best way to override the CakeTestCase::startController method and login a fixtured user? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component W/ Remember Me Cookie (1.2 beta)
Hey Baz I dont like useing user/pass - i rather use id, if something will be compromised then i would have to change my hash/login system only and no user data would be lost ( we have an cookie encryption functionality ya know) I did it this way - when the user is loggged i check if hewants to rememeber him and set a session variable. Then in before filter (in this order): check the usual auth stuff, check if the user isnt logged and if there is a cookie with the user id/hash ( $this->Auth->login($id) can get the userId as a param) ( depends on the level of security you want - i have a hash field in the user table that i hash and save in the cookie) check if there is the session var set in login() -> if true set the coookie and it works :) HTH On Jan 4, 11:08 pm, Baz <[EMAIL PROTECTED]> wrote: > I'm proud to say that after some startling revalations from gwoo, I finally > understand how to use the Auth component. I'm not doing anything fancy with > ACL, but just some basic Controller authorization. > > First off, here's my > resource:http://www.littlehart.net/atthekeyboard/2007/11/20/follow-up-to-a-hop...http://www.littlehart.net/atthekeyboard/2007/09/11/a-hopefully-useful... > > This is how I'm trying to implement this: > - User logs in and hit's remember me. > - A cookie is written with user and pass (from $this->data, hash by Auth). > - Session ends and cookie is still active. > - User tries to access restricted model > - Check for cookie, if none proceed as normal (redirect to login). > - If cookie make Auth comp. use username and password in cookie for login > attempt. > > - Unlike Chris, I don't want to delete the cookie at every login attempt. I > would like to cookie to remain and eventually expire. >I prefer to delete the cookie when the user physically logs out. > > Here's some code: > > //users_controller > function login() > { > if ($this->Auth->user()) { > if (!empty($this->data)) { > $cookie = array(); > $cookie['username'] = $this->data['User']['username']; > $cookie['password'] = $this->data['User']['password']; > $this->Cookie->write('Auth.User', $cookie, true, '+1 > minute'); > unset($this->data['User']['remember_me']); > } > $this->redirect($this->Auth->redirect()); > } > } > > function logout(){ > $this->Session->setFlash('Good-Bye'); > $this->redirect($this->Auth->logout()); > } > > function beforeFilter() { > $this->Auth->autoRedirect = false; > parent::beforeFilter(); > $this->Auth->allow('add', 'view', 'admin_add'); > } > > // app_controller: > > function beforeFilter(){ > $this->Auth->authorize = 'controller'; > $this->Auth->loginAction = '/login/'; > $this->Auth->allow('admin_add', 'view', 'add'); > > $cookie = $this->Cookie->read('Auth.User'); > > if (!is_null($cookie)) > { > $this->data['User']['username'] = $cookie['username']; > $this->data['User']['password'] = $cookie['password']; > > // Clear auth message, just in case we use it. > $this->Session->destroy('Message.auth'); > } > } > > function isAuthorized() { > return true; > } > > Problems: > bottom line it doesn't work. > > But this is my main problem. When it does work (in it's unstable way - > sometimes not allowing a login, sometimes restricting access when it should > arleady be logged in) if I use anything in the User model it prepopulates my > $this->data, like it should. > > But this causes problems, eg. when adding a user. Since this is populated > in the beforeFilter() it just submits right away. > > Anyone had any success implementing something simliar? > > I would greatly appreciate any help. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth Component W/ Remember Me Cookie (1.2 beta)
I'm proud to say that after some startling revalations from gwoo, I finally understand how to use the Auth component. I'm not doing anything fancy with ACL, but just some basic Controller authorization. First off, here's my resource: http://www.littlehart.net/atthekeyboard/2007/11/20/follow-up-to-a-hopefully-usefull-tutorial-for-using-cakephps-auth-component/ http://www.littlehart.net/atthekeyboard/2007/09/11/a-hopefully-useful-tutorial-for-using-cakephps-auth-component/ This is how I'm trying to implement this: - User logs in and hit's remember me. - A cookie is written with user and pass (from $this->data, hash by Auth). - Session ends and cookie is still active. - User tries to access restricted model - Check for cookie, if none proceed as normal (redirect to login). - If cookie make Auth comp. use username and password in cookie for login attempt. - Unlike Chris, I don't want to delete the cookie at every login attempt. I would like to cookie to remain and eventually expire. I prefer to delete the cookie when the user physically logs out. Here's some code: //users_controller function login() { if ($this->Auth->user()) { if (!empty($this->data)) { $cookie = array(); $cookie['username'] = $this->data['User']['username']; $cookie['password'] = $this->data['User']['password']; $this->Cookie->write('Auth.User', $cookie, true, '+1 minute'); unset($this->data['User']['remember_me']); } $this->redirect($this->Auth->redirect()); } } function logout(){ $this->Session->setFlash('Good-Bye'); $this->redirect($this->Auth->logout()); } function beforeFilter() { $this->Auth->autoRedirect = false; parent::beforeFilter(); $this->Auth->allow('add', 'view', 'admin_add'); } // app_controller: function beforeFilter(){ $this->Auth->authorize = 'controller'; $this->Auth->loginAction = '/login/'; $this->Auth->allow('admin_add', 'view', 'add'); $cookie = $this->Cookie->read('Auth.User'); if (!is_null($cookie)) { $this->data['User']['username'] = $cookie['username']; $this->data['User']['password'] = $cookie['password']; // Clear auth message, just in case we use it. $this->Session->destroy('Message.auth'); } } function isAuthorized() { return true; } Problems: bottom line it doesn't work. But this is my main problem. When it does work (in it's unstable way - sometimes not allowing a login, sometimes restricting access when it should arleady be logged in) if I use anything in the User model it prepopulates my $this->data, like it should. But this causes problems, eg. when adding a user. Since this is populated in the beforeFilter() it just submits right away. Anyone had any success implementing something simliar? I would greatly appreciate any help. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth component -- can use empty login function?
Perhaps not a bug, but on error I'd like to go to the site index (/), as my login form is on all pages. Currently, the user is redirected to the loginAction, it seems, or maybe it's the HTTP referrer (would have to check the code). D. Dodger wrote: > > I have this working now, I believe. However, on error, I am still being > redirected to /users/login. > > Seems to be mentioned here (along with other bugs): > http://groups.google.com/group/cake-php/browse_thread/thread/9026125f87c173f2/6b28fe4632b5a24c?hl=en&lnk=gst&q=auth#6b28fe4632b5a24c > > Still not fixed? I would class this as 'critical'. > > D. > -- View this message in context: http://www.nabble.com/Auth-componentcan-use-empty-login-function--tf4827793.html#a13813559 Sent from the CakePHP mailing list archive at Nabble.com. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth component -- can use empty login function?
Hi francky06l, I do need authentication, that line is just temporary to allow access to test the login process. I've had to change it since because of another bug mentioned in my second message. Code is now (temporarily): Security::setHash('md5'); $this->Auth->loginRedirect = '/'; if ($this->params['controller'] == 'pages') { $this->Auth->allow(); } D. francky06l wrote: > > > I wounder why to use Auth if you do not need any authentication. Now > allowing everything and be redirected to login ..is strange. You > can set the login function for Auth to be null (never tried this), or > any function of your choice .. > What is the "rest" if no authentication ? > cheers > > On Nov 17, 8:16 pm, Dodger <[EMAIL PROTECTED]> wrote: >> Hi, >> >> It was, at one stage, possible to use an empty login function and for the >> Auth component to do the rest -- is this still so? >> >> I have this in my app_controller beforeFilter(): >> >> $this->Auth->allow('*'); >> $this->Auth->loginRedirect = '/'; >> >> And an empty login() function in my users_controller. >> >> When I submit data to that action, I am redirected to /users/login, and >> I'm >> not sure why. >> >> Any ideas? >> >> D. >> -- >> View this message in >> context:http://www.nabble.com/Auth-componentcan-use-empty-login-function-... >> Sent from the CakePHP mailing list archive at Nabble.com. > > > > -- View this message in context: http://www.nabble.com/Auth-componentcan-use-empty-login-function--tf4827793.html#a13812954 Sent from the CakePHP mailing list archive at Nabble.com. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth component -- can use empty login function?
I have this working now, I believe. However, on error, I am still being redirected to /users/login. Seems to be mentioned here (along with other bugs): http://groups.google.com/group/cake-php/browse_thread/thread/9026125f87c173f2/6b28fe4632b5a24c?hl=en&lnk=gst&q=auth#6b28fe4632b5a24c Still not fixed? I would class this as 'critical'. D. Dodger wrote: > > Hi, > > It was, at one stage, possible to use an empty login function and for the > Auth component to do the rest -- is this still so? > > I have this in my app_controller beforeFilter(): > > $this->Auth->allow('*'); > $this->Auth->loginRedirect = '/'; > > And an empty login() function in my users_controller. > > When I submit data to that action, I am redirected to /users/login, and > I'm not sure why. > > Any ideas? > > D. > -- View this message in context: http://www.nabble.com/Auth-componentcan-use-empty-login-function--tf4827793.html#a13812947 Sent from the CakePHP mailing list archive at Nabble.com. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth component -- can use empty login function?
I wounder why to use Auth if you do not need any authentication. Now allowing everything and be redirected to login ..is strange. You can set the login function for Auth to be null (never tried this), or any function of your choice .. What is the "rest" if no authentication ? cheers On Nov 17, 8:16 pm, Dodger <[EMAIL PROTECTED]> wrote: > Hi, > > It was, at one stage, possible to use an empty login function and for the > Auth component to do the rest -- is this still so? > > I have this in my app_controller beforeFilter(): > > $this->Auth->allow('*'); > $this->Auth->loginRedirect = '/'; > > And an empty login() function in my users_controller. > > When I submit data to that action, I am redirected to /users/login, and I'm > not sure why. > > Any ideas? > > D. > -- > View this message in > context:http://www.nabble.com/Auth-componentcan-use-empty-login-function-... > Sent from the CakePHP mailing list archive at Nabble.com. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth component -- can use empty login function?
Hi, It was, at one stage, possible to use an empty login function and for the Auth component to do the rest -- is this still so? I have this in my app_controller beforeFilter(): $this->Auth->allow('*'); $this->Auth->loginRedirect = '/'; And an empty login() function in my users_controller. When I submit data to that action, I am redirected to /users/login, and I'm not sure why. Any ideas? D. -- View this message in context: http://www.nabble.com/Auth-componentcan-use-empty-login-function--tf4827793.html#a13812529 Sent from the CakePHP mailing list archive at Nabble.com. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Simplest usage of the new Auth component?
Hi Sean, I got it working now. The only thing that avoided the whole site from working is the buggy allow() function. You must not put login and logout into allow() to get auth working. But thanks anyway, any help is getting one further in learning things, right? :-) Arne On 10 Nov., 17:32, SeanW <[EMAIL PROTECTED]> wrote: > Arne, > > You don't have to use the Acl component, I was just playing around > with various things and forgot to take it out :) (I'm just picking up > CakePHP myself) > > If you don't have $this->Auth available, make sure you're using Auth > in app_controller.php > > Sean > > On Nov 9, 8:12 pm, Arne-Kolja Bachstein <[EMAIL PROTECTED]> wrote: > > > Hi Sean, > > > thanks for pasting it, but there's only one single issue that doesn't > > match your config at all: You're using the Acl component... do I > > _have_ to use Acl too? I though I could use it without Acl only using > > the table data and such, so I did not work with Acl at all. > > > I did a bit debugging though and found that my users_controller->login > > function doesnt have $this->Auth->user() available. > > > if ($this->Auth->user()) { ... } else { debug("no auth->user :-(") } > > > gives me the debug message, so for some reason I don't have access to > > this what seems to be the point. Did I forget something? > > > Best regards > > > Arne > > > On Nov 9, 4:25 pm, SeanW <[EMAIL PROTECTED]> wrote: > > > > On Nov 8, 6:33 pm, Arne-Kolja Bachstein <[EMAIL PROTECTED]> wrote: > > > > > But when submitting the form, it redirects me back to the login, pre- > > > > filling the password field with 32 chars (assume it's the md5 hash, > > > > but why?). > > > > That's probably because the authentication is failing, or not being > > > checked. > > > > Remember I don't use username and password, I use email and password. > > > So make sure that in app_controller.php where I have > > > > $this->Auth->fields = array('username' => 'email', 'password' => > > > 'password'); > > > > you have > > > > $this->Auth->fields = array('username' => 'username', 'password' => > > > 'password'); > > > > Did you also null out your salt in config.php? > > > > I posted my code (login.ctp and users_controller.php) > > > tohttp://pastebin.ca/767192 > > > > Sean --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Simplest usage of the new Auth component?
Arne, You don't have to use the Acl component, I was just playing around with various things and forgot to take it out :) (I'm just picking up CakePHP myself) If you don't have $this->Auth available, make sure you're using Auth in app_controller.php Sean On Nov 9, 8:12 pm, Arne-Kolja Bachstein <[EMAIL PROTECTED]> wrote: > Hi Sean, > > thanks for pasting it, but there's only one single issue that doesn't > match your config at all: You're using the Acl component... do I > _have_ to use Acl too? I though I could use it without Acl only using > the table data and such, so I did not work with Acl at all. > > I did a bit debugging though and found that my users_controller->login > function doesnt have $this->Auth->user() available. > > if ($this->Auth->user()) { ... } else { debug("no auth->user :-(") } > > gives me the debug message, so for some reason I don't have access to > this what seems to be the point. Did I forget something? > > Best regards > > Arne > > On Nov 9, 4:25 pm, SeanW <[EMAIL PROTECTED]> wrote: > > > On Nov 8, 6:33 pm, Arne-Kolja Bachstein <[EMAIL PROTECTED]> wrote: > > > > But when submitting the form, it redirects me back to the login, pre- > > > filling the password field with 32 chars (assume it's the md5 hash, > > > but why?). > > > That's probably because the authentication is failing, or not being > > checked. > > > Remember I don't use username and password, I use email and password. > > So make sure that in app_controller.php where I have > > > $this->Auth->fields = array('username' => 'email', 'password' => > > 'password'); > > > you have > > > $this->Auth->fields = array('username' => 'username', 'password' => > > 'password'); > > > Did you also null out your salt in config.php? > > > I posted my code (login.ctp and users_controller.php) > > tohttp://pastebin.ca/767192 > > > Sean --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Simplest usage of the new Auth component?
Hi again, and sorry, I didnt answer your questions at all. Yes, I made sure I had configured the right fields and salt is nulled ('') too. Best regards Arne On Nov 9, 4:25 pm, SeanW <[EMAIL PROTECTED]> wrote: > On Nov 8, 6:33 pm, Arne-Kolja Bachstein <[EMAIL PROTECTED]> wrote: > > > But when submitting the form, it redirects me back to the login, pre- > > filling the password field with 32 chars (assume it's the md5 hash, > > but why?). > > That's probably because the authentication is failing, or not being > checked. > > Remember I don't use username and password, I use email and password. > So make sure that in app_controller.php where I have > > $this->Auth->fields = array('username' => 'email', 'password' => > 'password'); > > you have > > $this->Auth->fields = array('username' => 'username', 'password' => > 'password'); > > Did you also null out your salt in config.php? > > I posted my code (login.ctp and users_controller.php) > tohttp://pastebin.ca/767192 > > Sean --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Simplest usage of the new Auth component?
Hi Sean, thanks for pasting it, but there's only one single issue that doesn't match your config at all: You're using the Acl component... do I _have_ to use Acl too? I though I could use it without Acl only using the table data and such, so I did not work with Acl at all. I did a bit debugging though and found that my users_controller->login function doesnt have $this->Auth->user() available. if ($this->Auth->user()) { ... } else { debug("no auth->user :-(") } gives me the debug message, so for some reason I don't have access to this what seems to be the point. Did I forget something? Best regards Arne On Nov 9, 4:25 pm, SeanW <[EMAIL PROTECTED]> wrote: > On Nov 8, 6:33 pm, Arne-Kolja Bachstein <[EMAIL PROTECTED]> wrote: > > > But when submitting the form, it redirects me back to the login, pre- > > filling the password field with 32 chars (assume it's the md5 hash, > > but why?). > > That's probably because the authentication is failing, or not being > checked. > > Remember I don't use username and password, I use email and password. > So make sure that in app_controller.php where I have > > $this->Auth->fields = array('username' => 'email', 'password' => > 'password'); > > you have > > $this->Auth->fields = array('username' => 'username', 'password' => > 'password'); > > Did you also null out your salt in config.php? > > I posted my code (login.ctp and users_controller.php) > tohttp://pastebin.ca/767192 > > Sean --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Simplest usage of the new Auth component?
On Nov 8, 6:33 pm, Arne-Kolja Bachstein <[EMAIL PROTECTED]> wrote: > But when submitting the form, it redirects me back to the login, pre- > filling the password field with 32 chars (assume it's the md5 hash, > but why?). That's probably because the authentication is failing, or not being checked. Remember I don't use username and password, I use email and password. So make sure that in app_controller.php where I have $this->Auth->fields = array('username' => 'email', 'password' => 'password'); you have $this->Auth->fields = array('username' => 'username', 'password' => 'password'); Did you also null out your salt in config.php? I posted my code (login.ctp and users_controller.php) to http://pastebin.ca/767192 Sean --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Simplest usage of the new Auth component?
Hi Sean, it doesn't work the way you posted it, except for me. But I assume it could also be something with my login view, so could you please post an example of a working view for this? Atm I'm doing the following: // /app/views/users/login.ctp create('User', array('action' => 'login')); echo $form->input('username'); echo $form->input('password'); echo $form->submit(__('do_login', true)); echo $form->end(); ?> // end But when submitting the form, it redirects me back to the login, pre- filling the password field with 32 chars (assume it's the md5 hash, but why?). Thanks in advance, Arne On Nov 8, 9:04 pm, SeanW <[EMAIL PROTECTED]> wrote: > On Nov 7, 9:07 pm, Arne-Kolja Bachstein <[EMAIL PROTECTED]> wrote: > > > > > My goal is to implement the authentication basics directly into /app/ > > app_controller.php rather than the users controller, as I think it > > I posted something about this recently, where authentication is done > in the main app_controller with default behaviours, and controllers > can fine tune it. > > http://ertw.com/blog/2007/11/04/a-simple-authentication-system-with-c... > > It uses controller based authorization (which again can have a global > policy at the app_controller level, and be overridden at the > controller level) > > Sean --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Simplest usage of the new Auth component?
On Nov 7, 9:07 pm, Arne-Kolja Bachstein <[EMAIL PROTECTED]> wrote: > > My goal is to implement the authentication basics directly into /app/ > app_controller.php rather than the users controller, as I think it I posted something about this recently, where authentication is done in the main app_controller with default behaviours, and controllers can fine tune it. http://ertw.com/blog/2007/11/04/a-simple-authentication-system-with-cakephp-12-and-auth-component/ It uses controller based authorization (which again can have a global policy at the app_controller level, and be overridden at the controller level) Sean --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Simplest usage of the new Auth component?
I've been having similar problems myself but just haven't taken the time to look into what's going on. In my scenario I'm able to login and the Auth component authenticates me but does not redirect me to the redirectLogin value. After submitting my information I end up on the login page still, and if I manually type in an application URL I am able to access the application no problem. Like I said I haven't looked into this because I know this is Alpha.. Beta.. whatever and it's not stopping me from moving forward with other development, but I have a feeling there might be a problem in the redirect logic?? Also another scenario I will have autoRedirect = true and on the first submission of the login page I will just end up at the login page again. If I re-enter my credentials and submit a second time I will be forwarded to the URL I was requesting previously. On Nov 8, 1:04 am, francky06l <[EMAIL PROTECTED]> wrote: > The Auth is using the sha1 (by default) for hashing. It combines you > Security.salt value and your password and hash using sha1. You can > change the hashing I think (not sure, I haven't check in the code for > a while). > > On Nov 8, 5:30 am, "Paolo Stancato" <[EMAIL PROTECTED]> wrote: > > > I am having troubles with Auth component too (but after the login > > step). My code is very similar, except that I'm using in > > AppController: > > > function isAuthorized() { > >// This should authorize any controller/action, even if I'm not > > logged in, right? > >return true; > > > } > > > But when I try to access to any controller/action I'm being redirected > > to users/login. > > > Thanks in advance! > > > 2007/11/8, Arne-Kolja Bachstein <[EMAIL PROTECTED]>: > > > > Hi there, > > > > I tried to implement a simple authentication using the new Auth > > > component from CakePHP 1.2, but did not succeed. Maybe there's someone > > > who can give me quick and dirty assistance with this? > > > > My goal is to implement the authentication basics directly into /app/ > > > app_controller.php rather than the users controller, as I think it > > > could be easier then to make it "global", but any other ideas are also > > > welcome, of course. > > > > Basically I tried this snippet that derelm pasted for me to build my > > > authentication system: > > >http://bin.cakephp.org/view/1369491463 > > > ... but as I already mentioned I failed. > > > > The main problem is, of course, that I cannot log in. When trying to > > > login it sends me directly back to the login page as given in $this- > > > >Auth->loginAction, but as I don't know how to output the error > > > message, I can't tell what's the problem. Maybe it's the combination > > > of my old md5'd varchar[50] field for the password, as I don't know > > > how the password is hashed by the component, but I don't really know. > > > Doing a print_r on $this->Auth doesn't give me any hints too, except > > > for the login data being posted, but nothing about the verification of > > > it. > > > > Second problem would be, just to anticipate, that I'd had to check the > > > user's login details in my default layout. So if you know how to talk > > > to the auth component from there, let me know :-) > > > > Well, maybe I just need too basic details on this, but I'd really > > > appreciate if there's someone who can help me with this :-) > > > > Thanks in advance, > > > > Arne --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Simplest usage of the new Auth component?
The Auth is using the sha1 (by default) for hashing. It combines you Security.salt value and your password and hash using sha1. You can change the hashing I think (not sure, I haven't check in the code for a while). On Nov 8, 5:30 am, "Paolo Stancato" <[EMAIL PROTECTED]> wrote: > I am having troubles with Auth component too (but after the login > step). My code is very similar, except that I'm using in > AppController: > > function isAuthorized() { >// This should authorize any controller/action, even if I'm not > logged in, right? >return true; > > } > > But when I try to access to any controller/action I'm being redirected > to users/login. > > Thanks in advance! > > 2007/11/8, Arne-Kolja Bachstein <[EMAIL PROTECTED]>: > > > > > Hi there, > > > I tried to implement a simple authentication using the new Auth > > component from CakePHP 1.2, but did not succeed. Maybe there's someone > > who can give me quick and dirty assistance with this? > > > My goal is to implement the authentication basics directly into /app/ > > app_controller.php rather than the users controller, as I think it > > could be easier then to make it "global", but any other ideas are also > > welcome, of course. > > > Basically I tried this snippet that derelm pasted for me to build my > > authentication system: > >http://bin.cakephp.org/view/1369491463 > > ... but as I already mentioned I failed. > > > The main problem is, of course, that I cannot log in. When trying to > > login it sends me directly back to the login page as given in $this- > > >Auth->loginAction, but as I don't know how to output the error > > message, I can't tell what's the problem. Maybe it's the combination > > of my old md5'd varchar[50] field for the password, as I don't know > > how the password is hashed by the component, but I don't really know. > > Doing a print_r on $this->Auth doesn't give me any hints too, except > > for the login data being posted, but nothing about the verification of > > it. > > > Second problem would be, just to anticipate, that I'd had to check the > > user's login details in my default layout. So if you know how to talk > > to the auth component from there, let me know :-) > > > Well, maybe I just need too basic details on this, but I'd really > > appreciate if there's someone who can help me with this :-) > > > Thanks in advance, > > > Arne --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Simplest usage of the new Auth component?
I am having troubles with Auth component too (but after the login step). My code is very similar, except that I'm using in AppController: function isAuthorized() { // This should authorize any controller/action, even if I'm not logged in, right? return true; } But when I try to access to any controller/action I'm being redirected to users/login. Thanks in advance! 2007/11/8, Arne-Kolja Bachstein <[EMAIL PROTECTED]>: > > Hi there, > > I tried to implement a simple authentication using the new Auth > component from CakePHP 1.2, but did not succeed. Maybe there's someone > who can give me quick and dirty assistance with this? > > My goal is to implement the authentication basics directly into /app/ > app_controller.php rather than the users controller, as I think it > could be easier then to make it "global", but any other ideas are also > welcome, of course. > > Basically I tried this snippet that derelm pasted for me to build my > authentication system: > http://bin.cakephp.org/view/1369491463 > ... but as I already mentioned I failed. > > The main problem is, of course, that I cannot log in. When trying to > login it sends me directly back to the login page as given in $this- > >Auth->loginAction, but as I don't know how to output the error > message, I can't tell what's the problem. Maybe it's the combination > of my old md5'd varchar[50] field for the password, as I don't know > how the password is hashed by the component, but I don't really know. > Doing a print_r on $this->Auth doesn't give me any hints too, except > for the login data being posted, but nothing about the verification of > it. > > Second problem would be, just to anticipate, that I'd had to check the > user's login details in my default layout. So if you know how to talk > to the auth component from there, let me know :-) > > Well, maybe I just need too basic details on this, but I'd really > appreciate if there's someone who can help me with this :-) > > Thanks in advance, > > Arne > > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Simplest usage of the new Auth component?
Hi there, I tried to implement a simple authentication using the new Auth component from CakePHP 1.2, but did not succeed. Maybe there's someone who can give me quick and dirty assistance with this? My goal is to implement the authentication basics directly into /app/ app_controller.php rather than the users controller, as I think it could be easier then to make it "global", but any other ideas are also welcome, of course. Basically I tried this snippet that derelm pasted for me to build my authentication system: http://bin.cakephp.org/view/1369491463 ... but as I already mentioned I failed. The main problem is, of course, that I cannot log in. When trying to login it sends me directly back to the login page as given in $this- >Auth->loginAction, but as I don't know how to output the error message, I can't tell what's the problem. Maybe it's the combination of my old md5'd varchar[50] field for the password, as I don't know how the password is hashed by the component, but I don't really know. Doing a print_r on $this->Auth doesn't give me any hints too, except for the login data being posted, but nothing about the verification of it. Second problem would be, just to anticipate, that I'd had to check the user's login details in my default layout. So if you know how to talk to the auth component from there, let me know :-) Well, maybe I just need too basic details on this, but I'd really appreciate if there's someone who can help me with this :-) Thanks in advance, Arne --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: CakePHP 1.2, Auth-component and reverse proxies
2007/9/27, Martin Schapendonk <[EMAIL PROTECTED]>: > It is related to the CAKE_SECURITY setting. Changing this setting from > high to medium 'solved' the problem. In the group archive I read "CAKE_SECURITY set to high also checks the referer", which would explain why it doesn't work with a reverse proxy (since cake doesn't know of any reverse proxy in front of it). Can anybody confirm this? The message was rather old (1+ years). Martin -- Martin Schapendonk, [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: CakePHP 1.2, Auth-component and reverse proxies
2007/9/26, Martin Schapendonk <[EMAIL PROTECTED]>: > Anyone knows what could be happening here? Let's answer my own email (at least partially). It is related to the CAKE_SECURITY setting. Changing this setting from high to medium 'solved' the problem. The documentation states: "CakePHP session IDs are also regenerated between requests if CAKE_SECURITY is set to 'high'.". So... regenerating session IDs in combination with a reverse proxy doesn't seem to work. Does lowering the CAKE_SECURITY setting have any other consequences for security? Martin -- Martin Schapendonk, [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
CakePHP 1.2, Auth-component and reverse proxies
Hi, Not sure if this is offtopic for the list, but I suspect it is (it seems related to the Auth component). Using Cake 1.2.0.5427alpha. I have a Cake setup with a reverse proxy as frontend. This reverse proxy passes all requests to the cakephp app on the backend webserver and forwards all responses back to the browser. Both webservers are Apache 2.2.x. The app is working fine without authentication. If I enable the Auth component, I never get past the login page! This is what happens: - Login page is rendered - I fill in a valid username/password combination - Submit login page - I get a redirect to the "login succesful" page (value of $this->Auth->loginRedirect) - ... and immediately another redirect to the login page again - Login page is rendered Anyone knows what could be happening here? Martin -- Martin Schapendonk, [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Several problems with the Cake 1.2 Auth Component
There are a few helpful tutorials I would recommend looking at. 1) http://realm3.com/articles/setting_up_users_groups_withacl_and_auth_in_cake_1.2.php 2) http://groups.google.com/group/cake-php/browse_thread/thread/871ff4c536bc1e00 3) http://lemoncake.wordpress.com/2007/07/19/using-authcomponent-and-acl-in-cakephp-12/ But I can answer some of your questions. First off T is right, you don't need login to be an allowed action, it automatically checks to see if the url is the login action. What you should have in the appController's beforeFilter is $this->Auth- >authorize = 'actions'; if you are using the ACL component to manage access control. You can also set the fields in your database here if they aren't the default 'username' and 'password'. The problem you are having in your usersController is that you are overriding all the code in you appController's beforeFilter, you need to explicitly call it, like this. function beforeFilter() { parent::beforeFilter(); $this->Auth->allow('register', 'recover'); } That will work and only allow register and recover actions in the Users Controller instead of across the site. Second you don't need to call isAuthorized() every time you handle a request, in fact since the Auth component will check to see if it is Authorized each time it handles a request you are really doubling its work. If you want to check if a user is logged in you can check the session variable to see if an authenticated user session is present, if it is you know the user is logged in. If you want it in available to all your pages, put it in the appController's beforeFilter. The session key defaults to 'Auth.' . $this->userModel, so if your user model is User, Auth.User. It can easily be changed: $this->Auth->sessionKey = 'my_user'; Then you add the check into the AppControler's beforeFilter $this->set('auth_status', $this->Session->check('my_user')); Now all your layouts will have the $auth_status variable. Maybe there should just be a get function in the Auth Component that return the _loggedIn variable, but performance-wise I don't think there is too much of a difference. Finally problem three. The allow function of the Auth component, only allows actions for a particular controller, not controllers themselves. Over in the lemoncake post, Geoff explains how to allow controller access, which I've summarized below. Instead of the $allowed you currently have, replace it with a array of allowed controllers, for example pages. $publicControllers = array('pages'); Since you can't allow controllers get rid of the $this->Auth- >allow($allowed) line, and replace it with this logic from Geoff. if (in_array(low($this->params['controller']), $this- >publicControllers)) { $this->Auth->allow(); } What this does is check to see if the current controller is listed in your publicControllers variable. If it is then it allows *, or any action to be run from that controller, making it completely public. Hope this helps. :) -thebrillopuff P.S. You may also want to add a logout function to your user controller, it's easy. function logout() { $this->redirect($this->Auth->logout()); } You could even add a flash to let the person know they've logged out :) I think in the current cake 1.2 I had to change a line in the auth component to get the redirect working. In the _setDefaults function it was looking for logoutAction instead of logoutRedirect. logoutRedirect is the one you want. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Several problems with the Cake 1.2 Auth Component
On 8/15/07, Samuel DeVore <[EMAIL PROTECTED]> wrote: > > it's the action you go to when you are denied (at least is how my mind > remembers it) > Which itself should be denied - else the login code in the auth component does not execute T -- = Cheesecake-Photoblog: http://cheesecake-photoblog.org PHP for E-Biz: http://sanisoft.com = --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Several problems with the Cake 1.2 Auth Component
it's the action you go to when you are denied (at least is how my mind remembers it) On 8/14/07, Dr. Tarique Sani <[EMAIL PROTECTED]> wrote: > > On 8/14/07, rnpg1014 <[EMAIL PROTECTED]> wrote: > > > > function beforeFilter() { > > $this->Auth->allow('login', 'register', 'recover'); > > login should be a denied action - there is some twisted reasoning for > it but it ultimately makes sense > > T > > > > -- > = > Cheesecake-Photoblog: http://cheesecake-photoblog.org > PHP for E-Biz: http://sanisoft.com > = > > > > -- (the old fart) the advice is free, the lack of crankiness will cost you - its a fine line between a real question and an idiot http://blog.samdevore.com/archives/2007/03/05/when-open-source-bugs-me/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Several problems with the Cake 1.2 Auth Component
On 8/14/07, rnpg1014 <[EMAIL PROTECTED]> wrote: > > function beforeFilter() { > $this->Auth->allow('login', 'register', 'recover'); login should be a denied action - there is some twisted reasoning for it but it ultimately makes sense T -- = Cheesecake-Photoblog: http://cheesecake-photoblog.org PHP for E-Biz: http://sanisoft.com = --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Several problems with the Cake 1.2 Auth Component
I searched around trying to find similar problems but I didn't run into any. If I missed a relevant discussion, pointing me in their direction would be much obliged. The first two problems are both with AuthComponent::Allow(). Here's a snippet from my Users Controller: function beforeFilter() { $this->Auth->allow('login', 'register', 'recover'); $this->set('auth_status', $this->Auth->isAuthorized()); } The first line is to allow access to certain actions of the users controller that any user (logged in or not) can access. The second line sets a variable in my view that is used to determine the contents of the horizontal menu bar of the default layout (so that I can show the links "Control Panel" and "Logout" instead of "Login" and "Register"). The first problem is with the first line. As long as that line is in the beforeFilter() method, logging in will always be unsucessful, irrespective of what the user inputs. The solution was to move it to the beforeFilter() method of the AppController class, which worked. However, I would prefer to have it set in the UsersController class to ease maintenance. If anybody has a solution, please share. Here's my AppController class: '*', ''); function beforeFilter() { if(isset($this->Auth)) { $this->Auth->loginAction = '/users/login'; $this->Auth->loginRedirect = '/users/manage'; $this->Auth->logoutRedirect = '/'; $this->Auth->allow($this->allowed); } $this->Auth->allow('login', 'register', 'recover'); } } ?> The second problem comes from the second line of the UsersController's beforeFilter() method. I wanted to have that line in the AppController's beforeFilter() method, so it would work for any controller and any action, but it only works for the root page and nothing more. Thus, I have to include the same line in all my controllers. This probably only has to do with my understanding of how Cake PHP implements the MVC pattern, but an explanation would be appreciated. My third and final problem is allowing the home page to those who are not logged in. I've figured how to grant access to any controller or any individual action EXCEPT the home page. Again, help appreciated. Thanks, -Nick --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth component + Cake 1.2
On 8/2/07, luke BAKING barker <[EMAIL PROTECTED]> wrote: > > > Hey Tarique, thanks for this reply - perhaps I will try a new nightly > and see if the patch has made it in. If the patch has made it in - the trac is usually updated In fact there are 4 tickets on auth component which we are awaiting reply for But am in no hurry :) Tarique -- = Cheesecake-Photoblog: http://cheesecake-photoblog.org PHP for E-Biz: http://sanisoft.com = --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth component + Cake 1.2
Hey Tarique, thanks for this reply - perhaps I will try a new nightly and see if the patch has made it in. thanks Luke On Aug 2, 12:17 pm, "Dr. Tarique Sani" <[EMAIL PROTECTED]> wrote: > On 7/27/07, Gorka <[EMAIL PROTECTED]> wrote: > > > > > I thought AuthComponent handled user login and logout on its own, > > validating username/password pairs and thus I saw no reason to use a > > validLogin function on the model as you did. > > Yes it is supposed to but there is a bug - see this ticket by one o my > programmershttps://trac.cakephp.org/ticket/2993 > > HTH > > Tarique > > -- > = > Cheesecake-Photoblog:http://cheesecake-photoblog.org > PHP for E-Biz:http://sanisoft.com > = --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth component + Cake 1.2
On 7/27/07, Gorka <[EMAIL PROTECTED]> wrote: > > > I thought AuthComponent handled user login and logout on its own, > validating username/password pairs and thus I saw no reason to use a > validLogin function on the model as you did. Yes it is supposed to but there is a bug - see this ticket by one o my programmers https://trac.cakephp.org/ticket/2993 HTH Tarique -- = Cheesecake-Photoblog: http://cheesecake-photoblog.org PHP for E-Biz: http://sanisoft.com = --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth component + Cake 1.2
Brians tutorial on Acl and Auth http://realm3.com/articles/setting_up_users_groups_withacl_and_auth_in_cake_1.2.php On Aug 2, 11:56 am, luke BAKING barker <[EMAIL PROTECTED]> wrote: > Hi Gorka - I too am having problem with this issue. I am using the > excellent tutorial by Brian as a starting point, and cake 1.2.0.5146 > alpha > > but the second call seems to be failing a submitted & valid login for > me: > I get-- Undefined index: password [CORE/cake/libs/controller/ > components/auth.php, line 653] > > and the debug SQL output is here: > SELECT `User`.`id`, `User`.`group_id`, `User`.`username`, > `User`.`password`, `User`.`email`, `User`.`firstname`, > `User`.`surname`, `User`.`created`, `User`.`modified` FROM `users` AS > `User` WHERE `email` = '[EMAIL PROTECTED]' AND `password` = > 'c54a39d2599bab5dd77e0ed90cec078e64ecf10c' LIMIT 1 0 0 > 1 call 1 > > 6 SELECT `User`.`id`, `User`.`group_id`, `User`.`username`, > `User`.`password`, `User`.`email`, `User`.`firstname`, > `User`.`surname`, `User`.`created`, `User`.`modified` FROM `users` AS > `User` WHERE `email` = '[EMAIL PROTECTED]' AND `password` IS NULL LIMIT > 1 > > and then the password is NULL in the 2nd call as you can see. It then > flashes me that no valid user was ffound. > > anyone can advise on this? > > regards > > Luke > > On Jul 27, 12:57 pm, Gorka <[EMAIL PROTECTED]> wrote: > > > After digging quite a bit in the AuthComponent source, I think I've > > found the problem. There are still some things I don't understand, so > > please feel free to correct me where I might be wrong. For example, > > identify() gets called twice in a login, but I can't figure where does > > the second call come from and why the passed data is different in each > > call: first the POST data, then username/password fields as part of a > > User array. This second call is the one logging the user even if no > > username/password information was given on the login form, see code > > bellow. On a side note for my previous code, it is not necessary to > > call $this->Auth->login() passing it $this->data. It will use $_POST > > data if nothing is specified. > > > The identify() function of AuthComponent (auth.php 5437 2007-07-10 > > 16:25:23Z gwoo) will use an empty array as a condition for a model->find() > > call if any of the login fields are empty, thus finding the > > > first result in the database: in my case, user with id=1: the > > administrator. The problematic code commented: > > > /* Initialize the array we are going to use as a find condition as > > empty */ > > $find = array(); > > /* If *both* username and password are provided as a user object */ > > if (isset($user[$this->fields['username']]) && !empty($user[$this- > > > >fields['username']]) && !empty($user[$this->fields['password']])) { > > > if (trim($user[$this->fields['username']]) == '=' || > > trim($user[$this->fields['password']]) == '=') { > > > return false; > > } > > /* Set find conditions */ > > $find = array( > > $this->fields['username'] => > > $user[$this->fields['username']], > > $this->fields['password'] => > > $user[$this->fields['password']] > > ); > > /* Else, if username is provided in POST */} elseif > > (isset($user[$this->userModel . '.' . $this- > > >fields['username']]) && !empty($user[$this->userModel . '.' . $this- > > >fields['username']])) { > > > /* If both are empty (why '='?) this should return a > > login failure, but the misterious (for me!) second call will ruin the > > login failure */ > > if (trim($user[$this->userModel . '.' . $this->fields['username']]) > > == '=' || trim($user[$this->userModel . '.' . $this->fields['password']]) > > == '=') { > > > return false; > > } > > /* Set find conditions */ > > $find = array( > > $this->fields['username'] => $user[$this->userModel . '.' . > > $this->fields['username']], > > > $this->fields['password'] => $user[$this->userModel . '.' . > > $this->fields['password']] > > ); > > } > > > /* At this point, if we were working with the user array and *any* but > > not both of the fields were empty, find = array( ) */ > > $model =& $this->getModel(); > > /* > > $model->find(am(array(), $this->userScope), null, null, -1) will > > seek: > > If $this->userScope == array() the first user record, > > unconditionally. > > Else, the first user record that matches filtering conditions, but > > ommiting the identifying information: username/password > > */ > > $data = $model->find(am($find, $this->userScope), null, null, -1); > > > /* > > If there are any users on the DB, $data won't be empty, thus login > > is authorized > > and user is acknowledged to be the first matching the prior > > conditions. In my case, user with id=1: administrator. > > */ > > if (empty($data) ||
Re: Auth component + Cake 1.2
Hi Gorka - I too am having problem with this issue. I am using the excellent tutorial by Brian as a starting point, and cake 1.2.0.5146 alpha but the second call seems to be failing a submitted & valid login for me: I get-- Undefined index: password [CORE/cake/libs/controller/ components/auth.php, line 653] and the debug SQL output is here: SELECT `User`.`id`, `User`.`group_id`, `User`.`username`, `User`.`password`, `User`.`email`, `User`.`firstname`, `User`.`surname`, `User`.`created`, `User`.`modified` FROM `users` AS `User` WHERE `email` = '[EMAIL PROTECTED]' AND `password` = 'c54a39d2599bab5dd77e0ed90cec078e64ecf10c' LIMIT 1 0 0 1 call 1 6 SELECT `User`.`id`, `User`.`group_id`, `User`.`username`, `User`.`password`, `User`.`email`, `User`.`firstname`, `User`.`surname`, `User`.`created`, `User`.`modified` FROM `users` AS `User` WHERE `email` = '[EMAIL PROTECTED]' AND `password` IS NULL LIMIT 1 and then the password is NULL in the 2nd call as you can see. It then flashes me that no valid user was ffound. anyone can advise on this? regards Luke On Jul 27, 12:57 pm, Gorka <[EMAIL PROTECTED]> wrote: > After digging quite a bit in the AuthComponent source, I think I've > found the problem. There are still some things I don't understand, so > please feel free to correct me where I might be wrong. For example, > identify() gets called twice in a login, but I can't figure where does > the second call come from and why the passed data is different in each > call: first the POST data, then username/password fields as part of a > User array. This second call is the one logging the user even if no > username/password information was given on the login form, see code > bellow. On a side note for my previous code, it is not necessary to > call $this->Auth->login() passing it $this->data. It will use $_POST > data if nothing is specified. > > The identify() function of AuthComponent (auth.php 5437 2007-07-10 > 16:25:23Z gwoo) will use an empty array as a condition for a model->find() > call if any of the login fields are empty, thus finding the > > first result in the database: in my case, user with id=1: the > administrator. The problematic code commented: > > /* Initialize the array we are going to use as a find condition as > empty */ > $find = array(); > /* If *both* username and password are provided as a user object */ > if (isset($user[$this->fields['username']]) && !empty($user[$this- > > >fields['username']]) && !empty($user[$this->fields['password']])) { > > if (trim($user[$this->fields['username']]) == '=' || > trim($user[$this->fields['password']]) == '=') { > > return false; > } > /* Set find conditions */ > $find = array( > $this->fields['username'] => $user[$this->fields['username']], > $this->fields['password'] => $user[$this->fields['password']] > ); > /* Else, if username is provided in POST */} elseif > (isset($user[$this->userModel . '.' . $this- > >fields['username']]) && !empty($user[$this->userModel . '.' . $this- > >fields['username']])) { > > /* If both are empty (why '='?) this should return a > login failure, but the misterious (for me!) second call will ruin the > login failure */ > if (trim($user[$this->userModel . '.' . $this->fields['username']]) > == '=' || trim($user[$this->userModel . '.' . $this->fields['password']]) == > '=') { > > return false; > } > /* Set find conditions */ > $find = array( > $this->fields['username'] => $user[$this->userModel . '.' . > $this->fields['username']], > > $this->fields['password'] => $user[$this->userModel . '.' . > $this->fields['password']] > ); > } > > /* At this point, if we were working with the user array and *any* but > not both of the fields were empty, find = array( ) */ > $model =& $this->getModel(); > /* > $model->find(am(array(), $this->userScope), null, null, -1) will > seek: > If $this->userScope == array() the first user record, > unconditionally. > Else, the first user record that matches filtering conditions, but > ommiting the identifying information: username/password > */ > $data = $model->find(am($find, $this->userScope), null, null, -1); > > /* > If there are any users on the DB, $data won't be empty, thus login > is authorized > and user is acknowledged to be the first matching the prior > conditions. In my case, user with id=1: administrator. > */ > if (empty($data) || empty($data[$this->userModel])) { > return null; > > } > > Now the questions are: > > Q1. What is this second call to identify and where does it come > from? > Q2. Is this a bug and should be reported to trac or am I doing > something deadly wrong? > > On 27 jul, 12:10, Gorka <[EMAIL PROTECTED]> wrote: > > > I thought AuthComponent handled user login and logout on its own,
Re: Auth component + Cake 1.2
gt; > $user_id = $this->Auth->user('id'); > if (!empty($user_id) && $this->Session->valid()) { > $this->Session->setFlash(__('Already logged in', > true), 'message', array('class' => 'error')); > $this->redirect('/'); > exit(); > } > > if (!empty($this->data)) { > if (!$this->Auth->login($this->data)) { > $this->Session->setFlash(__('Login failed', true), > 'message', array('class' => 'error')); > } else { > $this->flashRedirect(__('Welcome', true), '/'); > } > } > } > > function logout() { > $this->Auth->logout(); > $this->flashRedirect(__('Logged out', true), '/'); > } > > } > > And App Controller: > > > class AppController extends Controller { > > var $components = array('Session', 'Acl', 'Auth'); > var $helpers = array('html', 'javascript', 'form', 'head'); > > function beforeFilter() { > if (isset($this->Auth)) { > $this->Auth->fields = array('username' => 'email', > 'password' => 'password'); > $this->Auth->userModel = 'Usuario'; > $this->Auth->loginAction = array('controller'=>'usuarios', > 'action'=>'login'); > $this->Auth->loginRedirect = > array('controller'=>'usuarios', 'action'=>'index'); > } > parent::beforeFilter(); > } > > function flashRedirect($message, $url = array(), $class = 'info') > { > $this->Session->setFlash($message, 'message', array('class' => > $class)); > $this->redirect($url); > exit(); > } > > } > > The user login view: > > create('Usuario', array('action'=>'login'))?> > input('Usuario.email')?> > input('Usuario.password', array('type'=>'password', > 'value'=>''))?> > submit('Entrar')?> > end()?> > > On 21 jun, 10:24, danfreak <[EMAIL PROTECTED]> wrote: > > > > > Dunno why but I can't post in the original thread. > > > original thread=> " new auth component in cake 1.2 > > "http://groups.google.com/group/cake-php/browse_frm/thread/f2d0143c2e5... > > > My 2 cents about the new Auth component (Cake 1.2.0.5146alpha) > > > It stores encrypted passwords in the DB when you add/edit a new user. > > > Let's start with the users controller: > > > --- > > users_controller.php > > --- > > > class UsersController extends AppController { > > > var $name = 'Users'; > > var $helpers = array('Html', 'Form', 'Session'); > > var $components = array('Auth', 'Session'); > > > function beforeFilter() > > { > > //actions we allow without authentication, you can also put > > them in the app_controller.php > >$this->Auth->allow('index', 'register', 'login', 'logout'); > > } > > > function login() > > { > > //user already logged in? > > //checking if session has been written > > $user_id = $this->Auth->user('id'); > > if (!empty($user_id) && $this->Session->valid()) > > { > > $this->Session->setFlash('You are already logged in'); > > $this->redirect(array('action'=>''), null, true); > > } > > else > > { > > if(!empty($this->data)) > > { > > //calling login validation validLogin() in model > > if($this->User->validLogin($this-&g
Re: Auth component + Cake 1.2
I thought AuthComponent handled user login and logout on its own, validating username/password pairs and thus I saw no reason to use a validLogin function on the model as you did. But: AuthComponent won't log me in with an invalid password for a given username, but what is freaking me out is that it logs me in with any username/password combination (even both blanks) that are not in the database... incidentally, it logs me in with a user id of '1', which means I turn into admin without even specifying a name or password. So, I'm damn sure I'm missing some very crucial information on how AuthComponent is supposed to be used. Could anyone tell what am I doing wrong? My users controller: Auth->user('id'); if (!empty($user_id) && $this->Session->valid()) { $this->Session->setFlash(__('Already logged in', true), 'message', array('class' => 'error')); $this->redirect('/'); exit(); } if (!empty($this->data)) { if (!$this->Auth->login($this->data)) { $this->Session->setFlash(__('Login failed', true), 'message', array('class' => 'error')); } else { $this->flashRedirect(__('Welcome', true), '/'); } } } function logout() { $this->Auth->logout(); $this->flashRedirect(__('Logged out', true), '/'); } } And App Controller: Auth)) { $this->Auth->fields = array('username' => 'email', 'password' => 'password'); $this->Auth->userModel = 'Usuario'; $this->Auth->loginAction = array('controller'=>'usuarios', 'action'=>'login'); $this->Auth->loginRedirect = array('controller'=>'usuarios', 'action'=>'index'); } parent::beforeFilter(); } function flashRedirect($message, $url = array(), $class = 'info') { $this->Session->setFlash($message, 'message', array('class' => $class)); $this->redirect($url); exit(); } } The user login view: create('Usuario', array('action'=>'login'))?> input('Usuario.email')?> input('Usuario.password', array('type'=>'password', 'value'=>''))?> submit('Entrar')?> end()?> On 21 jun, 10:24, danfreak <[EMAIL PROTECTED]> wrote: > Dunno why but I can't post in the original thread. > > original thread=> " new auth component in cake 1.2 > "http://groups.google.com/group/cake-php/browse_frm/thread/f2d0143c2e5... > > My 2 cents about the new Auth component (Cake 1.2.0.5146alpha) > > It stores encrypted passwords in the DB when you add/edit a new user. > > Let's start with the users controller: > > -- > users_controller.php > -- > class UsersController extends AppController { > > var $name = 'Users'; > var $helpers = array('Html', 'Form', 'Session'); > var $components = array('Auth', 'Session'); > > function beforeFilter() > { > //actions we allow without authentication, you can also put > them in the app_controller.php >$this->Auth->allow('index', 'register', 'login', 'logout'); > } > > function login() > { > //user already logged in? > //checking if session has been written > $user_id = $this->Auth->user('id'); > if (!empty($user_id) && $this->Session->valid()) > { > $this->Session->setFlash('You are already logged in'); > $this->redirect(array('action'=>''), null, true); > } > else > { > if(!empty($this->data)) > { > //calling login validation validLogin() in model > if($this->User->validLogin($this->data)) > { > if($this->Auth->login($this->User->user)) > { >
Re: CakePHP 1.2 + Auth component (Auth::validate)
On 5 Lip, 19:38, danfreak <[EMAIL PROTECTED]> wrote: > Try this then in your app_controller: > > -- > $this->Auth->allow('*'); > -- > > It should work as wildcard for every action. I said in my first post I can do it. But I would rather to do that "in right way" :) Hmm, or maybe it's right and the only way? Anyway, thanks for interest :) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: CakePHP 1.2 + Auth component (Auth::validate)
Try this then in your app_controller: -- $this->Auth->allow('*'); -- It should work as wildcard for every action. Dan On 5 Lug, 18:24, Pillow <[EMAIL PROTECTED]> wrote: > On 5 Lip, 15:33, danfreak <[EMAIL PROTECTED]> wrote: > > > Dunno if this can help, but I managed as explained in the following > > post: > > > =>http://groups.google.com/group/cake-php/t/871ff4c536bc1e00 > > Thanks for this post, it helped mi very much to get familiar with Auth > component :) > > However, I don't want to use $this -> Auth -> allow('action'); --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: CakePHP 1.2 + Auth component (Auth::validate)
On 5 Lip, 15:33, danfreak <[EMAIL PROTECTED]> wrote: > Dunno if this can help, but I managed as explained in the following > post: > > =>http://groups.google.com/group/cake-php/t/871ff4c536bc1e00 Thanks for this post, it helped mi very much to get familiar with Auth component :) However, I don't want to use $this -> Auth -> allow('action'); --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: CakePHP 1.2 + Auth component (Auth::validate)
Dunno if this can help, but I managed as explained in the following post: => http://groups.google.com/group/cake-php/t/871ff4c536bc1e00 Dan --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: CakePHP 1.2 + Auth component (Auth::validate)
I've tried already, anything changes... On 5 Lip, 14:59, "Chris Hartjes" <[EMAIL PROTECTED]> wrote: > On 7/5/07, Pillow <[EMAIL PROTECTED]> wrote: > Try $this->Auth->validate = false --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: CakePHP 1.2 + Auth component (Auth::validate)
On 7/5/07, Pillow <[EMAIL PROTECTED]> wrote: > > Hi, > > I'm trying to use new Auth component. I've got problem with > Auth::validate. I want to use my own validation, not 'actions' or > 'objects'. So, as it stands in the comment, in beforeFilter() of my > appController I do: > > $this -> Auth -> validate = null; > > However, it doesn't work (maybe I'm wrong?) - the validation occurs > and Auth component redirects me to /users/login. When I do $this -> > Auth -> allow('*'); everything is ok. > Try $this->Auth->validate = false -- Chris Hartjes Senior Developer Cake Development Corporation My motto for 2007: "Just build it, damnit!" @TheBallpark - http://www.littlehart.net/attheballpark @TheKeyboard - http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
CakePHP 1.2 + Auth component (Auth::validate)
Hi, I'm trying to use new Auth component. I've got problem with Auth::validate. I want to use my own validation, not 'actions' or 'objects'. So, as it stands in the comment, in beforeFilter() of my appController I do: $this -> Auth -> validate = null; However, it doesn't work (maybe I'm wrong?) - the validation occurs and Auth component redirects me to /users/login. When I do $this -> Auth -> allow('*'); everything is ok. I want to build users system with several groups, that's why I'm not using 'action' type validation (is this good way of doing it?). Thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth component + Cake 1.2
Dunno why but I can't post in the original thread. original thread=> " new auth component in cake 1.2 " http://groups.google.com/group/cake-php/browse_frm/thread/f2d0143c2e59ce2b/30126ff7024d152c?lnk=gst&q=auth&rnum=2#30126ff7024d152c My 2 cents about the new Auth component (Cake 1.2.0.5146alpha) It stores encrypted passwords in the DB when you add/edit a new user. Let's start with the users controller: - users_controller.php - Auth->allow('index', 'register', 'login', 'logout'); } function login() { //user already logged in? //checking if session has been written $user_id = $this->Auth->user('id'); if (!empty($user_id) && $this->Session->valid()) { $this->Session->setFlash('You are already logged in'); $this->redirect(array('action'=>''), null, true); } else { if(!empty($this->data)) { //calling login validation validLogin() in model if($this->User->validLogin($this->data)) { if($this->Auth->login($this->User->user)) { $this->Session->setFlash('You have successfully logged in'); $this->redirect(array('action'=>''), null, true); } else { $this->set('password', null); $this->set('auth_msg', 'Please try again'); } } } else { $this->set('auth_msg', 'Please enter your username and password'); } } } function logout() { $this->Session->destroy('user'); $this->Session->setFlash('You\'ve successfully logged out.'); $this->redirect(array('action'=>'login'), null, true); } - MODEL-> user.php the model has just a particular function (see below) that you must add - function validLogin($data) { $user = $this->find(array('username' => $data['User'] ['username'], 'password' => ($data['User']['password'])), array('id', 'username', 'password')); if(!empty($user)){ $this->user = $user['User']; return TRUE; } else { return FALSE; } } - DB table users - CREATE TABLE `users` ( `id` int(10) NOT NULL auto_increment, `username` varchar(250) NOT NULL default '', `password` varchar(50) NOT NULL, `name` varchar(255) default NULL, `email` varchar(250) NOT NULL default '', `created` datetime NOT NULL default '-00-00 00:00:00', `modified` datetime NOT NULL default '-00-00 00:00:00', PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; - VIEW->login.ctp - Log In: create('User', array('action'=>'login')));?> input('username');?> input('password', array('value'=>''));?> end();?> - Enjoy and let me know if you have better ways for authentication. Dan --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
which auth component, system
Hi, I was reading the description of the various authentication components/ code that the bakery offers and honestly I am a bit confused. I don't need groups, I just need that a user can edit his own page but not other pages. (simple one) which one should I use? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Can I overload an Auth component method?
To use the new Cake 1.2 Auth component I'd like to overload the isAuthorizied method. This is because I don't or need or want the Auth component to use ACL. How do I go about doing this? Thanks, Aaron --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: new auth component in cake 1.2
First attempt at providing some insight into the new AuthComponent: http://dieter.plaetinck.be/figuring_out_cakephp_new_authcomponent On Apr 6, 8:21 pm, "gar" <[EMAIL PROTECTED]> wrote: > Would it be possible for me to take a stab at making a doc on how to > use this functionality? If someone provides me with some source code > on the usage I will try to figure it out and write up a pseudo startup > doc on it. > > The reason why I want to dive into this auth method instead of OthAuth > is that I feel going forward, this authentication method will be > integrated tightly into the whole cake framework. So with each cake > update if auth needs to be updated they will do so. If the auth is > part of the cake framework I would rather spend the extra time to > figure out how to use it now rather than to convert the auth system to > this one later. I could be wrong about this tight integration and if > i am please let me know. > > My question is. Does anyone have any scripts that is utilizing the > AuthComponent now? Any starting point beside from scratch will be > fine. If so can I get a copy of it and how the db looks like also? > If not I will try to figure it out from the auth.php class file. Dont > know how far I will get with that way =(. > > gar > > On Apr 5, 10:53 pm, "R. Rajesh Jeba Anbiah" > > <[EMAIL PROTECTED]> wrote: > > On Apr 6, 1:38 am, "Samuel DeVore" <[EMAIL PROTECTED]> wrote: > > > > On 4/5/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > how can i find manual, trytourial about new auth coponent+acl in cake > > > > 1.2 ? > > > > I guess you could write it ;) I am not sure there is anything out there > > > yet. > > > There is indeed an Auth component <https://svn.cakephp.org/repo/ > > trunk/cake/1.2.x.x/cake/libs/controller/components/auth.php> in 1.2. > > > I too was interested in this component and when asked in IRC, > > PhpNut informed me that, we have to write many stuffs and can use the > > methods found in the Auth component. So, I'd thought of settling in > > othAuth for now. > > >HTH. > > > -- > > > > Email: rrjanbiah-at-Y!comBlog:http://rajeshanbiah.blogspot.com/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: new auth component in cake 1.2
Would it be possible for me to take a stab at making a doc on how to use this functionality? If someone provides me with some source code on the usage I will try to figure it out and write up a pseudo startup doc on it. The reason why I want to dive into this auth method instead of OthAuth is that I feel going forward, this authentication method will be integrated tightly into the whole cake framework. So with each cake update if auth needs to be updated they will do so. If the auth is part of the cake framework I would rather spend the extra time to figure out how to use it now rather than to convert the auth system to this one later. I could be wrong about this tight integration and if i am please let me know. My question is. Does anyone have any scripts that is utilizing the AuthComponent now? Any starting point beside from scratch will be fine. If so can I get a copy of it and how the db looks like also? If not I will try to figure it out from the auth.php class file. Dont know how far I will get with that way =(. gar On Apr 5, 10:53 pm, "R. Rajesh Jeba Anbiah" <[EMAIL PROTECTED]> wrote: > On Apr 6, 1:38 am, "Samuel DeVore" <[EMAIL PROTECTED]> wrote: > > > On 4/5/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > how can i find manual, trytourial about new auth coponent+acl in cake > > > 1.2 ? > > > I guess you could write it ;) I am not sure there is anything out there > > yet. > > There is indeed an Auth component <https://svn.cakephp.org/repo/ > trunk/cake/1.2.x.x/cake/libs/controller/components/auth.php> in 1.2. > > I too was interested in this component and when asked in IRC, > PhpNut informed me that, we have to write many stuffs and can use the > methods found in the Auth component. So, I'd thought of settling in > othAuth for now. > >HTH. > > -- > > Email: rrjanbiah-at-Y!comBlog:http://rajeshanbiah.blogspot.com/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: new auth component in cake 1.2
On Apr 6, 1:38 am, "Samuel DeVore" <[EMAIL PROTECTED]> wrote: > On 4/5/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > how can i find manual, trytourial about new auth coponent+acl in cake > > 1.2 ? > > I guess you could write it ;) I am not sure there is anything out there yet. There is indeed an Auth component <https://svn.cakephp.org/repo/ trunk/cake/1.2.x.x/cake/libs/controller/components/auth.php> in 1.2. I too was interested in this component and when asked in IRC, PhpNut informed me that, we have to write many stuffs and can use the methods found in the Auth component. So, I'd thought of settling in othAuth for now. HTH. -- Email: rrjanbiah-at-Y!comBlog: http://rajeshanbiah.blogspot.com/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: new auth component in cake 1.2
If your looking for a Auth component, consider othAuth (http:// bakery.cakephp.org/articles/view/99). The documentation is good (http://bakery.cakephp.org/articles/view/148) and very easy to drop into your project. The notes indicate that it will later support CakePHP's own ACL component, but in the meantime it serves as a very good component to handle login/logout and user permissions. Tane On Apr 5, 9:37 pm, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > how can i find manual, trytourial about new auth coponent+acl in cake > 1.2 ? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: new auth component in cake 1.2
On Apr 5, 2007, at 2:38 PM, Samuel DeVore wrote: > > On 4/5/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> > wrote: >> >> how can i find manual, trytourial about new auth coponent+acl in >> cake >> 1.2 ? >> > > I guess you could write it ;) I am not sure there is anything out > there yet. And there probably won't be until 1.2 is no longer an alpha or developer release. Please realize that 1.2 is a developer release, and has *no* official docs. Once everything stabilizes, docs will be released (soon) after. -- John --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: new auth component in cake 1.2
On 4/5/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > how can i find manual, trytourial about new auth coponent+acl in cake > 1.2 ? > I guess you could write it ;) I am not sure there is anything out there yet. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
new auth component in cake 1.2
how can i find manual, trytourial about new auth coponent+acl in cake 1.2 ? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: New Auth component asking for login on every page :(
Hi Nate, Ok - I discovered what I was doing. I was setting $this->Auth->fields['password'] = 'passwd'; in my app_controller. I needed to define it in my users_controller. Now that's working I'm still getting the MD5 problem - Auth seems to be using plain text passwords, as it doesn't recognise the password. Tane On 3/14/07, nate <[EMAIL PROTECTED]> wrote: > > It's cool y'all, just chill for a bit. Help is on the way... yeah > baby, help is on the way. > > digital spaghetti: > If you $this->Auth->fields = array('password' => 'passwd'), that > leaves it without a user name. You need to either do: > > $this->Auth->fields['password'] = 'passwd'; > - or - > $this->Auth->fields = array('username' => 'username', 'password' => > 'passwd'); > > On Mar 14, 3:06 pm, "digital spaghetti" > <[EMAIL PROTECTED]> wrote: > > Yea, unfortunatly I got that today as well (a piss off) > > > > I managed to get it implemented, but still hit a few snags: > > > > Defining $this->Auth->fields = array('password' = 'passwd'); doesn't > > seem to work. > > > > Just for testing, I changed the var directly in the component and it > > worked, but it seems at the moment $this->Auth->login() only supports > > plain text password. I'm going to assume that support for which has > > to use (I.e md5, sha1,etc) will come later. > > > > Also, another problem for me seems to be all the auth components out > > there seem to be the username/password route - but I'm implementing > > cakebakers OpenID component in my site, and authorisation takes place > > off-site through the OpenID provider, who then passes back a message > > to say "this user is valid". Although I create a user record for > > this, the user has no need for a password on my site. > > > > If anyone has any ideas on how to implement this, that would be great! > > > > Tane > > > > On 3/14/07, BlenderStyle <[EMAIL PROTECTED]> wrote: > > > > > > > > > I got the new AuthComponent going by doing this in UsersController: > > > > > function beforeFilter() { > > > $this->Auth->allow('index', 'register', 'login', 'logout'); > > > } > > > > > I'm reading cake/libs/controller/components/auth.php as I go along. My > > > next step is to figure out how to use $this->Auth->login(). I'm sure I > > > can figure it out, but I'm always concerned about best practices. Any > > > ideas? I understand that Cake 1.2 is still an alpha release, but the > > > new features are just awesome sounding. If I get a, "piss off and > > > wait" response from one of the developers, I'll understand and still > > > be happy with Cake 1.2. > > > > > On Feb 28, 2:54 pm, "joradom" <[EMAIL PROTECTED]> wrote: > > > > you have to set up the Auth object with the allowed actions in your > > > > controller: > > > > > > i.e. in my users_controller > > > > > > function beforeFilter() { > > > > $this->Auth->userModel = 'User'; > > > > $this->Auth->sessionKey = 'My'; > > > > $this->Auth->loginRedirect = '/users/index'; > > > > $this->Auth->allowedActions = array('index', 'register', > > > > 'logout','login'); > > > > } > > > > > > there is a set function wich takes an array as argument, surely a > > > > better way to setup your object. > > > > > > I'm not sure if it is better to have a call to Auth in each controller > > > > or put it in the app_controller, may depend on your application i > > > > guess. > > > > > > Hope this helps, because I'm struggling too with this component and > > > > these are just experiments, not good code :) > > > > > > On 27 feb, 17:08, "Digital Spaghetti" > > > > > > <[EMAIL PROTECTED]> wrote: > > > > > Hey guys, > > > > > > > I'm reasonably new to CakePHP, really only had a play about with it so > > > > > far but I am ready to take it to the next level. > > > > > > > The first thing I am building into my app is the user system, so users > > > > > can log in and get access to specific areas. I've decided to go with > > > > > 1.2.x.x branch since it has the newAuth componentbut I've come > > > > > across problems already. > > > > > > > In my AppController class, I have added theAuth component, but now > > > > > every page I look at, it's asking me to log in as a user (via /users/ > > > > > login as the default in Auth), but of course I don't want this on > > > > > every page, only pages that are under admin. > > > > > > > Can anyone direct me the proper usage of this component, as it's not > > > > > well documented yet (at least to a level I can read) and how to only > > > > > have it ask for login on certain controller functions (like /admin/ > > > > > posts/add for example). > > > > > > > Tane > > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.
Re: New Auth component asking for login on every page :(
It's cool y'all, just chill for a bit. Help is on the way... yeah baby, help is on the way. digital spaghetti: If you $this->Auth->fields = array('password' => 'passwd'), that leaves it without a user name. You need to either do: $this->Auth->fields['password'] = 'passwd'; - or - $this->Auth->fields = array('username' => 'username', 'password' => 'passwd'); On Mar 14, 3:06 pm, "digital spaghetti" <[EMAIL PROTECTED]> wrote: > Yea, unfortunatly I got that today as well (a piss off) > > I managed to get it implemented, but still hit a few snags: > > Defining $this->Auth->fields = array('password' = 'passwd'); doesn't > seem to work. > > Just for testing, I changed the var directly in the component and it > worked, but it seems at the moment $this->Auth->login() only supports > plain text password. I'm going to assume that support for which has > to use (I.e md5, sha1,etc) will come later. > > Also, another problem for me seems to be all the auth components out > there seem to be the username/password route - but I'm implementing > cakebakers OpenID component in my site, and authorisation takes place > off-site through the OpenID provider, who then passes back a message > to say "this user is valid". Although I create a user record for > this, the user has no need for a password on my site. > > If anyone has any ideas on how to implement this, that would be great! > > Tane > > On 3/14/07, BlenderStyle <[EMAIL PROTECTED]> wrote: > > > > > I got the new AuthComponent going by doing this in UsersController: > > > function beforeFilter() { > > $this->Auth->allow('index', 'register', 'login', 'logout'); > > } > > > I'm reading cake/libs/controller/components/auth.php as I go along. My > > next step is to figure out how to use $this->Auth->login(). I'm sure I > > can figure it out, but I'm always concerned about best practices. Any > > ideas? I understand that Cake 1.2 is still an alpha release, but the > > new features are just awesome sounding. If I get a, "piss off and > > wait" response from one of the developers, I'll understand and still > > be happy with Cake 1.2. > > > On Feb 28, 2:54 pm, "joradom" <[EMAIL PROTECTED]> wrote: > > > you have to set up the Auth object with the allowed actions in your > > > controller: > > > > i.e. in my users_controller > > > > function beforeFilter() { > > > $this->Auth->userModel = 'User'; > > > $this->Auth->sessionKey = 'My'; > > > $this->Auth->loginRedirect = '/users/index'; > > > $this->Auth->allowedActions = array('index', 'register', > > > 'logout','login'); > > > } > > > > there is a set function wich takes an array as argument, surely a > > > better way to setup your object. > > > > I'm not sure if it is better to have a call to Auth in each controller > > > or put it in the app_controller, may depend on your application i > > > guess. > > > > Hope this helps, because I'm struggling too with this component and > > > these are just experiments, not good code :) > > > > On 27 feb, 17:08, "Digital Spaghetti" > > > > <[EMAIL PROTECTED]> wrote: > > > > Hey guys, > > > > > I'm reasonably new to CakePHP, really only had a play about with it so > > > > far but I am ready to take it to the next level. > > > > > The first thing I am building into my app is the user system, so users > > > > can log in and get access to specific areas. I've decided to go with > > > > 1.2.x.x branch since it has the newAuth componentbut I've come > > > > across problems already. > > > > > In my AppController class, I have added theAuth component, but now > > > > every page I look at, it's asking me to log in as a user (via /users/ > > > > login as the default in Auth), but of course I don't want this on > > > > every page, only pages that are under admin. > > > > > Can anyone direct me the proper usage of this component, as it's not > > > > well documented yet (at least to a level I can read) and how to only > > > > have it ask for login on certain controller functions (like /admin/ > > > > posts/add for example). > > > > > Tane --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: New Auth component asking for login on every page :(
Yea, unfortunatly I got that today as well (a piss off) I managed to get it implemented, but still hit a few snags: Defining $this->Auth->fields = array('password' = 'passwd'); doesn't seem to work. Just for testing, I changed the var directly in the component and it worked, but it seems at the moment $this->Auth->login() only supports plain text password. I'm going to assume that support for which has to use (I.e md5, sha1,etc) will come later. Also, another problem for me seems to be all the auth components out there seem to be the username/password route - but I'm implementing cakebakers OpenID component in my site, and authorisation takes place off-site through the OpenID provider, who then passes back a message to say "this user is valid". Although I create a user record for this, the user has no need for a password on my site. If anyone has any ideas on how to implement this, that would be great! Tane On 3/14/07, BlenderStyle <[EMAIL PROTECTED]> wrote: > > I got the new AuthComponent going by doing this in UsersController: > > function beforeFilter() { > $this->Auth->allow('index', 'register', 'login', 'logout'); > } > > I'm reading cake/libs/controller/components/auth.php as I go along. My > next step is to figure out how to use $this->Auth->login(). I'm sure I > can figure it out, but I'm always concerned about best practices. Any > ideas? I understand that Cake 1.2 is still an alpha release, but the > new features are just awesome sounding. If I get a, "piss off and > wait" response from one of the developers, I'll understand and still > be happy with Cake 1.2. > > On Feb 28, 2:54 pm, "joradom" <[EMAIL PROTECTED]> wrote: > > you have to set up the Auth object with the allowed actions in your > > controller: > > > > i.e. in my users_controller > > > > function beforeFilter() { > > $this->Auth->userModel = 'User'; > > $this->Auth->sessionKey = 'My'; > > $this->Auth->loginRedirect = '/users/index'; > > $this->Auth->allowedActions = array('index', 'register', > > 'logout','login'); > > } > > > > there is a set function wich takes an array as argument, surely a > > better way to setup your object. > > > > I'm not sure if it is better to have a call to Auth in each controller > > or put it in the app_controller, may depend on your application i > > guess. > > > > Hope this helps, because I'm struggling too with this component and > > these are just experiments, not good code :) > > > > On 27 feb, 17:08, "Digital Spaghetti" > > > > <[EMAIL PROTECTED]> wrote: > > > Hey guys, > > > > > I'm reasonably new to CakePHP, really only had a play about with it so > > > far but I am ready to take it to the next level. > > > > > The first thing I am building into my app is the user system, so users > > > can log in and get access to specific areas. I've decided to go with > > > 1.2.x.x branch since it has the newAuth componentbut I've come > > > across problems already. > > > > > In my AppController class, I have added theAuth component, but now > > > every page I look at, it's asking me to log in as a user (via /users/ > > > login as the default in Auth), but of course I don't want this on > > > every page, only pages that are under admin. > > > > > Can anyone direct me the proper usage of this component, as it's not > > > well documented yet (at least to a level I can read) and how to only > > > have it ask for login on certain controller functions (like /admin/ > > > posts/add for example). > > > > > Tane > > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: New Auth component asking for login on every page :(
I got the new AuthComponent going by doing this in UsersController: function beforeFilter() { $this->Auth->allow('index', 'register', 'login', 'logout'); } I'm reading cake/libs/controller/components/auth.php as I go along. My next step is to figure out how to use $this->Auth->login(). I'm sure I can figure it out, but I'm always concerned about best practices. Any ideas? I understand that Cake 1.2 is still an alpha release, but the new features are just awesome sounding. If I get a, "piss off and wait" response from one of the developers, I'll understand and still be happy with Cake 1.2. On Feb 28, 2:54 pm, "joradom" <[EMAIL PROTECTED]> wrote: > you have to set up the Auth object with the allowed actions in your > controller: > > i.e. in my users_controller > > function beforeFilter() { > $this->Auth->userModel = 'User'; > $this->Auth->sessionKey = 'My'; > $this->Auth->loginRedirect = '/users/index'; > $this->Auth->allowedActions = array('index', 'register', > 'logout','login'); > } > > there is a set function wich takes an array as argument, surely a > better way to setup your object. > > I'm not sure if it is better to have a call to Auth in each controller > or put it in the app_controller, may depend on your application i > guess. > > Hope this helps, because I'm struggling too with this component and > these are just experiments, not good code :) > > On 27 feb, 17:08, "Digital Spaghetti" > > <[EMAIL PROTECTED]> wrote: > > Hey guys, > > > I'm reasonably new to CakePHP, really only had a play about with it so > > far but I am ready to take it to the next level. > > > The first thing I am building into my app is the user system, so users > > can log in and get access to specific areas. I've decided to go with > > 1.2.x.x branch since it has the newAuth componentbut I've come > > across problems already. > > > In my AppController class, I have added theAuth component, but now > > every page I look at, it's asking me to log in as a user (via /users/ > > login as the default in Auth), but of course I don't want this on > > every page, only pages that are under admin. > > > Can anyone direct me the proper usage of this component, as it's not > > well documented yet (at least to a level I can read) and how to only > > have it ask for login on certain controller functions (like /admin/ > > posts/add for example). > > > Tane --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: New Auth component asking for login on every page :(
you have to set up the Auth object with the allowed actions in your controller: i.e. in my users_controller function beforeFilter() { $this->Auth->userModel = 'User'; $this->Auth->sessionKey = 'My'; $this->Auth->loginRedirect = '/users/index'; $this->Auth->allowedActions = array('index', 'register', 'logout','login'); } there is a set function wich takes an array as argument, surely a better way to setup your object. I'm not sure if it is better to have a call to Auth in each controller or put it in the app_controller, may depend on your application i guess. Hope this helps, because I'm struggling too with this component and these are just experiments, not good code :) On 27 feb, 17:08, "Digital Spaghetti" <[EMAIL PROTECTED]> wrote: > Hey guys, > > I'm reasonably new to CakePHP, really only had a play about with it so > far but I am ready to take it to the next level. > > The first thing I am building into my app is the user system, so users > can log in and get access to specific areas. I've decided to go with > 1.2.x.x branch since it has the new Auth component but I've come > across problems already. > > In my AppController class, I have added the Auth component, but now > every page I look at, it's asking me to log in as a user (via /users/ > login as the default in Auth), but of course I don't want this on > every page, only pages that are under admin. > > Can anyone direct me the proper usage of this component, as it's not > well documented yet (at least to a level I can read) and how to only > have it ask for login on certain controller functions (like /admin/ > posts/add for example). > > Tane --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
New Auth component asking for login on every page :(
Hey guys, I'm reasonably new to CakePHP, really only had a play about with it so far but I am ready to take it to the next level. The first thing I am building into my app is the user system, so users can log in and get access to specific areas. I've decided to go with 1.2.x.x branch since it has the new Auth component but I've come across problems already. In my AppController class, I have added the Auth component, but now every page I look at, it's asking me to log in as a user (via /users/ login as the default in Auth), but of course I don't want this on every page, only pages that are under admin. Can anyone direct me the proper usage of this component, as it's not well documented yet (at least to a level I can read) and how to only have it ask for login on certain controller functions (like /admin/ posts/add for example). Tane --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---