Re: Auth Problem Again..
On Apr 15, 4:55 pm, Mariano Iglesias wrote: > > > Anyway if you get the flash messages, it should be consumed by the login > > > action. Meaning that if you enter wrong credentials, and thus the login > > > message shows again, then the $this->Session->flash('auth') line should > > > consume the message. > > > I would guess (that recipe isn't in my RAW pdf, which I haven't > > updated) the issue is that if you rely on auth to log you in by > > username - and rely on the users' login action to log you in by email > > that means if you login by email the following happens: > > > auth startup > > (auto) auth->login > > fail > > add flash message > > run login ation > > try to login > > success > > redirect user > > That's exactly right > > > There's nothing in the auth component to clear out the auth error > > message upon login, therefore the "sorry, couldn't log you in" message > > is (obviously) still in the session - and you'll see it on the next > > page to render. > > You are right, and I didn't understand what the problem was originally. > > > > What you can do is remove the $this->Session->flash('auth') from your > > > layout, and instead place it in your app/views/users/login.ctp view, > > since > > > that's where the user will be redirected if there's an auth error anyway. > > > Forgive me for saying that's a horrible idea. Why not just session- > > >delete the flash message in the controller action after successfully > > logging in a user? > > I don't think showing the *AUTH* flash messages in the login screen is a > *horrible* idea. The login view is by default where you are taken after an > auth issue, and since the auth flash messages are how the Auth component > tells you about the auth issue, then showing those messages where the user > is redirected makes sense. Saying that's a horrible idea is wrong, to say > the list. Maybe it's horribly wrong? Let me clarify: changing things such that they impact the site design and the user to get around something which is a development problem ("all flash messages show up in the layout. always." -> "all flash messages show up in the layout. Except these ones which we'll put because of ") is a step in the wrong direction - it's fixing symptoms not causes, not a habit to promote. > > In any way, I do like the idea of deleting the flash message > upon successful login. > > John: all you'd need to do, is add the following line right below the "if > (!empty($user) && $this->Auth->login($user)) {" condition: > > $this->Session->delete('Message.auth'); > > PS: Andy, how is it that you did not get an updated RAW version? Dunno - Maybe I missed a mail - will check and bug you if there's something wrong (probably not) :) AD -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Auth Problem Again..
> > Anyway if you get the flash messages, it should be consumed by the login > > action. Meaning that if you enter wrong credentials, and thus the login > > message shows again, then the $this->Session->flash('auth') line should > > consume the message. > > I would guess (that recipe isn't in my RAW pdf, which I haven't > updated) the issue is that if you rely on auth to log you in by > username - and rely on the users' login action to log you in by email > that means if you login by email the following happens: > > auth startup > (auto) auth->login > fail > add flash message > run login ation > try to login > success > redirect user > That's exactly right > There's nothing in the auth component to clear out the auth error > message upon login, therefore the "sorry, couldn't log you in" message > is (obviously) still in the session - and you'll see it on the next > page to render. > You are right, and I didn't understand what the problem was originally. > > What you can do is remove the $this->Session->flash('auth') from your > > layout, and instead place it in your app/views/users/login.ctp view, > since > > that's where the user will be redirected if there's an auth error anyway. > > Forgive me for saying that's a horrible idea. Why not just session- > >delete the flash message in the controller action after successfully > logging in a user? > I don't think showing the *AUTH* flash messages in the login screen is a *horrible* idea. The login view is by default where you are taken after an auth issue, and since the auth flash messages are how the Auth component tells you about the auth issue, then showing those messages where the user is redirected makes sense. Saying that's a horrible idea is wrong, to say the list. Maybe it's horribly wrong? In any way, I do like the idea of deleting the flash message upon successful login. John: all you'd need to do, is add the following line right below the "if (!empty($user) && $this->Auth->login($user)) {" condition: $this->Session->delete('Message.auth'); PS: Andy, how is it that you did not get an updated RAW version? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Auth Problem Again..
On Apr 14, 3:21 pm, Mariano Iglesias wrote: > That is correct, the $this->Session->flash('auth'); message is not part of > the layout > because I relayed on people following: > > http://book.cakephp.org/view/1252/Displaying-Auth-Error-Messages "In order to show all normal flash messages and auth flash messages for all views add the following two lines to the views/layouts/ default.ctp file in the body section preferable before the content_for_layout line." Are you pointing at the right section? > > I should've added an Information Box to clear it out :( > > Anyway if you get the flash messages, it should be consumed by the login > action. Meaning that if you enter wrong credentials, and thus the login > message shows again, then the $this->Session->flash('auth') line should > consume the message. I would guess (that recipe isn't in my RAW pdf, which I haven't updated) the issue is that if you rely on auth to log you in by username - and rely on the users' login action to log you in by email that means if you login by email the following happens: auth startup (auto) auth->login fail add flash message run login ation try to login success redirect user There's nothing in the auth component to clear out the auth error message upon login, therefore the "sorry, couldn't log you in" message is (obviously) still in the session - and you'll see it on the next page to render. > What you can do is remove the $this->Session->flash('auth') from your > layout, and instead place it in your app/views/users/login.ctp view, since > that's where the user will be redirected if there's an auth error anyway. Forgive me for saying that's a horrible idea. Why not just session- >delete the flash message in the controller action after successfully logging in a user? Or 1. disable the auth component in the before filter 2. in your login action do $this->data = $this->hashPasswords($this- >data); 3. Find user id matching password & (email | username) 4. call $this->Auth->login(id); if there is an id 5. $this->redirect($this->Auth->redirect(), null, true); if they succeeded to login 6. $this->Session->setFlash($this->Auth->loginError, $this->Auth- >flashElement, array(), 'auth'); if they failed while more lines of code that's actually a lot simpler IMO - one attempt to login and not 2. no magic = clearer. hth, AD -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Auth Problem Again..
That is correct, the $this->Session->flash('auth'); message is not part of the layout because I relayed on people following: http://book.cakephp.org/view/1252/Displaying-Auth-Error-Messages I should've added an Information Box to clear it out :( Anyway if you get the flash messages, it should be consumed by the login action. Meaning that if you enter wrong credentials, and thus the login message shows again, then the $this->Session->flash('auth') line should consume the message. What you can do is remove the $this->Session->flash('auth') from your layout, and instead place it in your app/views/users/login.ctp view, since that's where the user will be redirected if there's an auth error anyway. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Auth Problem Again..
What are you talking about here? "By default you would not go through the login action before Auth will do, so your code is useless" Did you read the recipe? If so, you'll learn that the intention is to handle the login *AFTER* the Auth component processed and found no valid credentials, thus DEFAULTING to your controller action. Try this yourself: class UsersController extends AppController { public $components = array('Auth'); public function login() { if ( !empty($this->data) && !empty($this->Auth->data['User']['username']) && !empty($this->Auth->data['User']['password']) ) { echo 'I should test this stuff before posting ;)'; $this->_stop(); } } } And then try logging in specifying user and password, but using a wrong username and/or wrong password. On Wednesday, April 13, 2011 10:17:15 PM UTC-3, francky06l wrote: > > It mainly depend of the Auth setting. By default you would not go > trough the login action before Auth will do, so your code is useless > since Auth will handle the login before your login code (when $this- > >data is not empty). > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Auth Problem Again..
I am able to log in with a username and an email. The problem is after I sign in I get an error message. I took your code, and noticed this line is not in your default.ctp : Session- >flash('auth'); ?> and when I add this line, I get the following error after signing in: "Login failed. Invalid username or password." If I try to sign in with wrong credentials I get the same error message, but the application doesn't redirect to the last page I was at before the login. So basically the error message is always on. On Apr 12, 9:27 pm, "mariano.iglesias" wrote: > I just followed the recipe from scratch and found no issues. I am able > to log in with either a user account, or an email. Can you set DEBUG > to 2 (in your app/config/core.php file) and paste the queries that are > shown? > > On Apr 11, 5:42 pm, john lyles wrote: > > > > > > > > > Hi Everyone, > > I am following a recipe from 'Cakephp 1.3 Application Development > > Cookbook' ByMarianoIglesiasand I am stuck with the recipe 'Allowing > > logins with username or email' on page 16 of the book. > > > The recipe works except one problem which I cannot figure out. If I > > login with the email instead of the username the loginError message > > flashes on the screen. This doesn't happen if I login using the > > username. > > > I should note also that you have to do the basic auth setup before you > > can do this recipe, and the basic setup works with no issues that I > > have noticed so far. > > > This is what the login action of the Users Controller looks like: > > > public function login() { > > if ( > > !empty($this->data) && > > !empty($this->Auth->data['User']['username']) && > > !empty($this->Auth->data['User']['password']) > > ) { > > $user = $this->User->find( > > 'first', array( > > 'conditions' => array( > > 'User.email' => $this->Auth->data['User']['username'], > > 'User.password' => $this->Auth->data['User']['password'] > > ), > > 'recursive' => -1 > > )); > > if (!empty($user) && $this->Auth->login($user)) { > > if ($this->Auth->autoRedirect) { > > $this->redirect($this->Auth->redirect()); > > } > > } else { > > $this->Session->setFlash($this->Auth->loginError, $this->Auth- > > > >flashElement, array(), 'auth'); > > } > > } > > } -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Auth Problem Again..
It mainly depend of the Auth setting. By default you would not go trough the login action before Auth will do, so your code is useless since Auth will handle the login before your login code (when $this- >data is not empty). My best guess is to handle this in beforeFilter of the user controller, a bit like this: // switch username to email when @ found in login name if($this->action == 'login' && strpos($this->data['User']['username'], '@') !== false)) { $this->data['User']['email'] = $this->data['User']p'username']; unset($this->data['User']['username']); $this->Auth->fields['username']='email'; } PS: Hi Mariano, so long time !! On Apr 13, 3:27 am, "mariano.iglesias" wrote: > I just followed the recipe from scratch and found no issues. I am able > to log in with either a user account, or an email. Can you set DEBUG > to 2 (in your app/config/core.php file) and paste the queries that are > shown? > > On Apr 11, 5:42 pm, john lyles wrote: > > > Hi Everyone, > > I am following a recipe from 'Cakephp 1.3 Application Development > > Cookbook' ByMarianoIglesiasand I am stuck with the recipe 'Allowing > > logins with username or email' on page 16 of the book. > > > The recipe works except one problem which I cannot figure out. If I > > login with the email instead of the username the loginError message > > flashes on the screen. This doesn't happen if I login using the > > username. > > > I should note also that you have to do the basic auth setup before you > > can do this recipe, and the basic setup works with no issues that I > > have noticed so far. > > > This is what the login action of the Users Controller looks like: > > > public function login() { > > if ( > > !empty($this->data) && > > !empty($this->Auth->data['User']['username']) && > > !empty($this->Auth->data['User']['password']) > > ) { > > $user = $this->User->find( > > 'first', array( > > 'conditions' => array( > > 'User.email' => $this->Auth->data['User']['username'], > > 'User.password' => $this->Auth->data['User']['password'] > > ), > > 'recursive' => -1 > > )); > > if (!empty($user) && $this->Auth->login($user)) { > > if ($this->Auth->autoRedirect) { > > $this->redirect($this->Auth->redirect()); > > } > > } else { > > $this->Session->setFlash($this->Auth->loginError, $this->Auth- > > > >flashElement, array(), 'auth'); > > } > > } > > } -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Auth Problem Again..
I just followed the recipe from scratch and found no issues. I am able to log in with either a user account, or an email. Can you set DEBUG to 2 (in your app/config/core.php file) and paste the queries that are shown? On Apr 11, 5:42 pm, john lyles wrote: > Hi Everyone, > I am following a recipe from 'Cakephp 1.3 Application Development > Cookbook' ByMarianoIglesiasand I am stuck with the recipe 'Allowing > logins with username or email' on page 16 of the book. > > The recipe works except one problem which I cannot figure out. If I > login with the email instead of the username the loginError message > flashes on the screen. This doesn't happen if I login using the > username. > > I should note also that you have to do the basic auth setup before you > can do this recipe, and the basic setup works with no issues that I > have noticed so far. > > This is what the login action of the Users Controller looks like: > > public function login() { > if ( > !empty($this->data) && > !empty($this->Auth->data['User']['username']) && > !empty($this->Auth->data['User']['password']) > ) { > $user = $this->User->find( > 'first', array( > 'conditions' => array( > 'User.email' => $this->Auth->data['User']['username'], > 'User.password' => $this->Auth->data['User']['password'] > ), > 'recursive' => -1 > )); > if (!empty($user) && $this->Auth->login($user)) { > if ($this->Auth->autoRedirect) { > $this->redirect($this->Auth->redirect()); > } > } else { > $this->Session->setFlash($this->Auth->loginError, $this->Auth- > > > > > > > > >flashElement, array(), 'auth'); > } > } > } -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Auth Problem Again..
Hi Everyone, I am following a recipe from 'Cakephp 1.3 Application Development Cookbook' By Mariano Iglesias and I am stuck with the recipe 'Allowing logins with username or email' on page 16 of the book. The recipe works except one problem which I cannot figure out. If I login with the email instead of the username the loginError message flashes on the screen. This doesn't happen if I login using the username. I should note also that you have to do the basic auth setup before you can do this recipe, and the basic setup works with no issues that I have noticed so far. This is what the login action of the Users Controller looks like: public function login() { if ( !empty($this->data) && !empty($this->Auth->data['User']['username']) && !empty($this->Auth->data['User']['password']) ) { $user = $this->User->find( 'first', array( 'conditions' => array( 'User.email' => $this->Auth->data['User']['username'], 'User.password' => $this->Auth->data['User']['password'] ), 'recursive' => -1 )); if (!empty($user) && $this->Auth->login($user)) { if ($this->Auth->autoRedirect) { $this->redirect($this->Auth->redirect()); } } else { $this->Session->setFlash($this->Auth->loginError, $this->Auth- >flashElement, array(), 'auth'); } } } -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: some acl and auth problem
thank you,i am try this Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: some acl and auth problem
here is the link: http://book.cakephp.org/view/1543/Simple-Acl-controlled-Application please check your cakephp version tutorial.Link shows tute for cakephp 1.3.x On Nov 22, 4:48 pm, hoss7 wrote: > i am new in cakephp ,and i want use ,user and group and permation > system,but i cant find out how can i install cakephp acl and auth for > use in my project,i am search internet and all cakephp website but i > cant find how can i use it,i dont want use plugin for solve this > problem, please help me and show me best way Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: some acl and auth problem
Read about cakephp ACL here: http://book.cakephp.org/view/1242/Access-Control-Lists and then following example application to know how this can be implemented: http://book.cakephp.org/view/1543/Simple-Acl-controlled-Application The links are for cakephp 1.3 On Nov 22, 4:48 pm, hoss7 wrote: > i am new in cakephp ,and i want use ,user and group and permation > system,but i cant find out how can i install cakephp acl and auth for > use in my project,i am search internet and all cakephp website but i > cant find how can i use it,i dont want use plugin for solve this > problem, please help me and show me best way Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
some acl and auth problem
i am new in cakephp ,and i want use ,user and group and permation system,but i cant find out how can i install cakephp acl and auth for use in my project,i am search internet and all cakephp website but i cant find how can i use it,i dont want use plugin for solve this problem, please help me and show me best way Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Auth problem
Hi It looks like the sessions are not saving. Check the file permissions on the app/tmp/sessions/ directory. Make sure the web server has write permissions. On Aug 17, 8:35 pm, Oscar wrote: > Hello, I'm having problems with the Auth component it seems that the > session get lost because, I get out every time I use the aplication, > does someone have an idead about this problem? Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
RE: Auth problem
YEAH, I LOG CORRECTLY, BUT IT DOES NOT HAPPEN ALWAYS JUST SOMETIMES, FIRST I THOUGHT ABOUT THE SESSION TIME, I CHANGED IT AT THE CORE TO 1000, BUT IT STILL DOING IT > Date: Wed, 18 Aug 2010 11:16:57 -0300 > Subject: Re: Auth problem > From: ham1...@gmail.com > To: cake-php@googlegroups.com > > I don't know :S, seems very strange. You can log in right? (If you try > to enter a view that is not allowed by the Auth component and you are > not logged in you will be redirected). > > 2010/8/17 Oscar : > > Hello, I'm having problems with the Auth component it seems that the > > session get lost because, I get out every time I use the aplication, > > does someone have an idead about this problem? > > > > Check out the new CakePHP Questions site http://cakeqs.org and help others > > with their CakePHP related questions. > > > > You received this message because you are subscribed to the Google Groups > > "CakePHP" group. > > To post to this group, send email to cake-php@googlegroups.com > > To unsubscribe from this group, send email to > > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > > http://groups.google.com/group/cake-php?hl=en > > > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Auth problem
I don't know :S, seems very strange. You can log in right? (If you try to enter a view that is not allowed by the Auth component and you are not logged in you will be redirected). 2010/8/17 Oscar : > Hello, I'm having problems with the Auth component it seems that the > session get lost because, I get out every time I use the aplication, > does someone have an idead about this problem? > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > http://groups.google.com/group/cake-php?hl=en > Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Auth problem
Hello, I'm having problems with the Auth component it seems that the session get lost because, I get out every time I use the aplication, does someone have an idead about this problem? Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Subdomain Auth Problem
1. Open file cake/libs/session.php 2. Find method __initSession() 3. Comment two lines with ini_set('session.referer_check', $this- >host); 4. Add ini_set('session.cookie_domain', '.yourdomain.com'); before switch (Configure::read('Session.save')) { 5. Clear all cookies in browser for your domain and subdomains and test it On Mar 9, 1:25 pm, Kyle Decot wrote: > Since I've done all of your suggestions an I'm still having no success > perhaps it's the way that I'm doing my subdomains. Here's how I'm > doing it. Let me know what you think. In my routes.php I have: > > $subdomain= substr(env("HTTP_HOST"), 0, strpos(env("HTTP_HOST"), > ".")); > > if ($subdomain== 'api') { > > } > > else if( > > Then in my hosting cpanel, I go to the subdomains tab and add a newsubdomain, > and set my cake app directory as the path for thesubdomain. Is this an > acceptable way of doing this or could this be > the cause of myproblems. > > On Mar 8, 5:28 pm, Kyle Decot wrote: > > > I inserted that but still when I go to blog.mysite.com and do > > $this->Session->read(); in my app_controller.php's beforeRender() It doesn't > > > contain my user information. Any other ideas or suggestions? > > > On Mar 8, 3:05 pm, Bernardo Vieira wrote: > > > > I have it in my beforeFilter callback in app_controller: > > > $this->Cookie->domain = '.mydomain.tld'; > > > > Note that the '.' before your domain name is what tells the browser that > > > the > > > cookie is valid for *.mydomain.tld. > > > > On Mon, Mar 8, 2010 at 4:50 PM, Kyle Decot wrote: > > > > Where do I set the realm for the session cookie? The security level in > > > > my core.php file is set to low. > > > > > On Mar 8, 6:47 am, Bernardo Vieira wrote: > > > > > You also need to set the realm of the session cookie to your domain > > > > > (it defaults to the hostname) and set the security level of the > > > > > security component below 2 > > > > > > On 3/8/10, Kyle Decot wrote: > > > > > > > Well my sessions.save is set to database in my core.php file. Also, > > > > > > I > > > > > > did $session->read() on my www page and I get all of myauthinfo, > > > > > > however if I do the same thing on, blog.mysite.com thenauthis now > > > > > > empty. Any ideas on next steps to take towards solving this? Thanks > > > > > > guy. > > > > > > > On Mar 7, 8:36 pm, Nabil Alsharif wrote: > > > > > >> My first guess would be that you lost session data when you went to > > > > the > > > > > >>subdomain. Maybe because the session cookies weren't sent with the > > > > > >> requests going to thesubdomainor maybe something else, I'm can't > > > > > >> see > > > > > >> whats happening on your servers The point is it's easy to > > > > > >> check if > > > > > >> the session was lost, that wold be the first thing I'd look at. > > > > > >> Good > > > > > >> luck. > > > > > > >> On Sun, 2010-03-07 at 15:25 -0800, Kyle Decot wrote: > > > > > >> > Yep. It's all one Cake App. Any ideas? > > > > > > >> > On Mar 7, 11:43 am, cricket wrote: > > > > > >> > > Asubdomainis usually a completely separate site. Do you already > > > > > >> > > have > > > > > >> > > the same Cake app serving all of your subdomains? > > > > > > >> > > On Mar 6, 5:34 pm, Kyle Decot wrote: > > > > > > >> > > > I have a couple different subdomains on my site but I am > > > > > >> > > > having > > > > > >> > > > some > > > > > >> > > >problemsw/ theAuthComponent. I login fine under the standard > > > > www > > > > > >> > > >subdomainbut then if I go to a differentsubdomain, then I am > > > > no > > > > > >> > > > longer logged in. How do I make sure that myAuthlogin > > > > > >> > > > persists > > > > > >> > > > across all of my subdomains? > > > > > > >> > Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp > > > > others > > > > > >> > with their CakePHP related questions. > > > > > > >> > You received this message because you are subscribed to the > > > > > >> > Google > > > > > >> > Groups "CakePHP" group. > > > > > >> > To post to this group, send email to cake-php@googlegroups.com > > > > > >> > To unsubscribe from this group, send email to > > > > > >> > cake-php+unsubscr...@googlegroups.com > > > > >> > om>For more options, visit this group > > > > > >> > athttp://groups.google.com/group/cake-php?hl=en > > > > > > > Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp > > > > others > > > > > > with their CakePHP related questions. > > > > > > > You received this message because you are subscribed to the Google > > > > Groups > > > > > > "CakePHP" group. > > > > > > To post to this group, send email to cake-php@googlegroups.com > > > > > > To unsubscribe from this group, send email to > > > > > > cake-php+unsubscr...@googlegroups.com > > > > > om>For more options, visit this group at > > > > > >http://groups.google.com/group/cake-php?hl=en > > > > > > -- > > > > > Sent from my mobile device > > > > > Check out the new CakePHP Questions sitehttp://cakeqs.organdhelpothers > > > > wi
Re: Subdomain Auth Problem
Since I've done all of your suggestions an I'm still having no success perhaps it's the way that I'm doing my subdomains. Here's how I'm doing it. Let me know what you think. In my routes.php I have: $subdomain = substr(env("HTTP_HOST"), 0, strpos(env("HTTP_HOST"), ".")); if ($subdomain == 'api') { } else if( Then in my hosting cpanel, I go to the subdomains tab and add a new subdomain, and set my cake app directory as the path for the subdomain. Is this an acceptable way of doing this or could this be the cause of my problems. On Mar 8, 5:28 pm, Kyle Decot wrote: > I inserted that but still when I go to blog.mysite.com and do > $this->Session->read(); in my app_controller.php's beforeRender() It doesn't > > contain my user information. Any other ideas or suggestions? > > On Mar 8, 3:05 pm, Bernardo Vieira wrote: > > > > > I have it in my beforeFilter callback in app_controller: > > $this->Cookie->domain = '.mydomain.tld'; > > > Note that the '.' before your domain name is what tells the browser that the > > cookie is valid for *.mydomain.tld. > > > On Mon, Mar 8, 2010 at 4:50 PM, Kyle Decot wrote: > > > Where do I set the realm for the session cookie? The security level in > > > my core.php file is set to low. > > > > On Mar 8, 6:47 am, Bernardo Vieira wrote: > > > > You also need to set the realm of the session cookie to your domain > > > > (it defaults to the hostname) and set the security level of the > > > > security component below 2 > > > > > On 3/8/10, Kyle Decot wrote: > > > > > > Well my sessions.save is set to database in my core.php file. Also, I > > > > > did $session->read() on my www page and I get all of my auth info, > > > > > however if I do the same thing on, blog.mysite.com then auth is now > > > > > empty. Any ideas on next steps to take towards solving this? Thanks > > > > > guy. > > > > > > On Mar 7, 8:36 pm, Nabil Alsharif wrote: > > > > >> My first guess would be that you lost session data when you went to > > > the > > > > >> subdomain. Maybe because the session cookies weren't sent with the > > > > >> requests going to the subdomain or maybe something else, I'm can't > > > > >> see > > > > >> whats happening on your servers The point is it's easy to check > > > > >> if > > > > >> the session was lost, that wold be the first thing I'd look at. Good > > > > >> luck. > > > > > >> On Sun, 2010-03-07 at 15:25 -0800, Kyle Decot wrote: > > > > >> > Yep. It's all one Cake App. Any ideas? > > > > > >> > On Mar 7, 11:43 am, cricket wrote: > > > > >> > > A subdomain is usually a completely separate site. Do you already > > > > >> > > have > > > > >> > > the same Cake app serving all of your subdomains? > > > > > >> > > On Mar 6, 5:34 pm, Kyle Decot wrote: > > > > > >> > > > I have a couple different subdomains on my site but I am having > > > > >> > > > some > > > > >> > > > problems w/ the Auth Component. I login fine under the standard > > > www > > > > >> > > > subdomain but then if I go to a different subdomain, then I am > > > no > > > > >> > > > longer logged in. How do I make sure that my Auth login > > > > >> > > > persists > > > > >> > > > across all of my subdomains? > > > > > >> > Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp > > > others > > > > >> > with their CakePHP related questions. > > > > > >> > You received this message because you are subscribed to the Google > > > > >> > Groups "CakePHP" group. > > > > >> > To post to this group, send email to cake-php@googlegroups.com > > > > >> > To unsubscribe from this group, send email to > > > > >> > cake-php+unsubscr...@googlegroups.com > > > >> > om>For more options, visit this group > > > > >> > athttp://groups.google.com/group/cake-php?hl=en > > > > > > Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp > > > others > > > > > with their CakePHP related questions. > > > > > > You received this message because you are subscribed to the Google > > > Groups > > > > > "CakePHP" group. > > > > > To post to this group, send email to cake-php@googlegroups.com > > > > > To unsubscribe from this group, send email to > > > > > cake-php+unsubscr...@googlegroups.com > > > > om>For more options, visit this group at > > > > >http://groups.google.com/group/cake-php?hl=en > > > > > -- > > > > Sent from my mobile device > > > > Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp others > > > with their CakePHP related questions. > > > > You received this message because you are subscribed to the Google Groups > > > "CakePHP" group. > > > To post to this group, send email to cake-php@googlegroups.com > > > To unsubscribe from this group, send email to > > > cake-php+unsubscr...@googlegroups.com > > om>For more options, visit this group at > > >http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Gr
Re: Subdomain Auth Problem
I inserted that but still when I go to blog.mysite.com and do $this- >Session->read(); in my app_controller.php's beforeRender() It doesn't contain my user information. Any other ideas or suggestions? On Mar 8, 3:05 pm, Bernardo Vieira wrote: > I have it in my beforeFilter callback in app_controller: > $this->Cookie->domain = '.mydomain.tld'; > > Note that the '.' before your domain name is what tells the browser that the > cookie is valid for *.mydomain.tld. > > > > On Mon, Mar 8, 2010 at 4:50 PM, Kyle Decot wrote: > > Where do I set the realm for the session cookie? The security level in > > my core.php file is set to low. > > > On Mar 8, 6:47 am, Bernardo Vieira wrote: > > > You also need to set the realm of the session cookie to your domain > > > (it defaults to the hostname) and set the security level of the > > > security component below 2 > > > > On 3/8/10, Kyle Decot wrote: > > > > > Well my sessions.save is set to database in my core.php file. Also, I > > > > did $session->read() on my www page and I get all of my auth info, > > > > however if I do the same thing on, blog.mysite.com then auth is now > > > > empty. Any ideas on next steps to take towards solving this? Thanks > > > > guy. > > > > > On Mar 7, 8:36 pm, Nabil Alsharif wrote: > > > >> My first guess would be that you lost session data when you went to > > the > > > >> subdomain. Maybe because the session cookies weren't sent with the > > > >> requests going to the subdomain or maybe something else, I'm can't see > > > >> whats happening on your servers The point is it's easy to check if > > > >> the session was lost, that wold be the first thing I'd look at. Good > > > >> luck. > > > > >> On Sun, 2010-03-07 at 15:25 -0800, Kyle Decot wrote: > > > >> > Yep. It's all one Cake App. Any ideas? > > > > >> > On Mar 7, 11:43 am, cricket wrote: > > > >> > > A subdomain is usually a completely separate site. Do you already > > > >> > > have > > > >> > > the same Cake app serving all of your subdomains? > > > > >> > > On Mar 6, 5:34 pm, Kyle Decot wrote: > > > > >> > > > I have a couple different subdomains on my site but I am having > > > >> > > > some > > > >> > > > problems w/ the Auth Component. I login fine under the standard > > www > > > >> > > > subdomain but then if I go to a different subdomain, then I am > > no > > > >> > > > longer logged in. How do I make sure that my Auth login persists > > > >> > > > across all of my subdomains? > > > > >> > Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp > > others > > > >> > with their CakePHP related questions. > > > > >> > You received this message because you are subscribed to the Google > > > >> > Groups "CakePHP" group. > > > >> > To post to this group, send email to cake-php@googlegroups.com > > > >> > To unsubscribe from this group, send email to > > > >> > cake-php+unsubscr...@googlegroups.com > > >> > om>For more options, visit this group > > > >> > athttp://groups.google.com/group/cake-php?hl=en > > > > > Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp > > others > > > > with their CakePHP related questions. > > > > > You received this message because you are subscribed to the Google > > Groups > > > > "CakePHP" group. > > > > To post to this group, send email to cake-php@googlegroups.com > > > > To unsubscribe from this group, send email to > > > > cake-php+unsubscr...@googlegroups.com > > > om>For more options, visit this group at > > > >http://groups.google.com/group/cake-php?hl=en > > > > -- > > > Sent from my mobile device > > > Check out the new CakePHP Questions sitehttp://cakeqs.organd help others > > with their CakePHP related questions. > > > You received this message because you are subscribed to the Google Groups > > "CakePHP" group. > > To post to this group, send email to cake-php@googlegroups.com > > To unsubscribe from this group, send email to > > cake-php+unsubscr...@googlegroups.com > om>For more options, visit this group at > >http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Subdomain Auth Problem
I have it in my beforeFilter callback in app_controller: $this->Cookie->domain = '.mydomain.tld'; Note that the '.' before your domain name is what tells the browser that the cookie is valid for *.mydomain.tld. On Mon, Mar 8, 2010 at 4:50 PM, Kyle Decot wrote: > Where do I set the realm for the session cookie? The security level in > my core.php file is set to low. > > On Mar 8, 6:47 am, Bernardo Vieira wrote: > > You also need to set the realm of the session cookie to your domain > > (it defaults to the hostname) and set the security level of the > > security component below 2 > > > > On 3/8/10, Kyle Decot wrote: > > > > > > > > > > > > > Well my sessions.save is set to database in my core.php file. Also, I > > > did $session->read() on my www page and I get all of my auth info, > > > however if I do the same thing on, blog.mysite.com then auth is now > > > empty. Any ideas on next steps to take towards solving this? Thanks > > > guy. > > > > > On Mar 7, 8:36 pm, Nabil Alsharif wrote: > > >> My first guess would be that you lost session data when you went to > the > > >> subdomain. Maybe because the session cookies weren't sent with the > > >> requests going to the subdomain or maybe something else, I'm can't see > > >> whats happening on your servers The point is it's easy to check if > > >> the session was lost, that wold be the first thing I'd look at. Good > > >> luck. > > > > >> On Sun, 2010-03-07 at 15:25 -0800, Kyle Decot wrote: > > >> > Yep. It's all one Cake App. Any ideas? > > > > >> > On Mar 7, 11:43 am, cricket wrote: > > >> > > A subdomain is usually a completely separate site. Do you already > > >> > > have > > >> > > the same Cake app serving all of your subdomains? > > > > >> > > On Mar 6, 5:34 pm, Kyle Decot wrote: > > > > >> > > > I have a couple different subdomains on my site but I am having > > >> > > > some > > >> > > > problems w/ the Auth Component. I login fine under the standard > www > > >> > > > subdomain but then if I go to a different subdomain, then I am > no > > >> > > > longer logged in. How do I make sure that my Auth login persists > > >> > > > across all of my subdomains? > > > > >> > Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp > others > > >> > with their CakePHP related questions. > > > > >> > You received this message because you are subscribed to the Google > > >> > Groups "CakePHP" group. > > >> > To post to this group, send email to cake-php@googlegroups.com > > >> > To unsubscribe from this group, send email to > > >> > cake-php+unsubscr...@googlegroups.comFor > > >> > more options, visit this group > > >> > athttp://groups.google.com/group/cake-php?hl=en > > > > > Check out the new CakePHP Questions sitehttp://cakeqs.organd help > others > > > with their CakePHP related questions. > > > > > You received this message because you are subscribed to the Google > Groups > > > "CakePHP" group. > > > To post to this group, send email to cake-php@googlegroups.com > > > To unsubscribe from this group, send email to > > > cake-php+unsubscr...@googlegroups.comFor > > > more options, visit this group at > > >http://groups.google.com/group/cake-php?hl=en > > > > -- > > Sent from my mobile device > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.comFor > more options, visit this group at > http://groups.google.com/group/cake-php?hl=en > Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Subdomain Auth Problem
Where do I set the realm for the session cookie? The security level in my core.php file is set to low. On Mar 8, 6:47 am, Bernardo Vieira wrote: > You also need to set the realm of the session cookie to your domain > (it defaults to the hostname) and set the security level of the > security component below 2 > > On 3/8/10, Kyle Decot wrote: > > > > > > > Well my sessions.save is set to database in my core.php file. Also, I > > did $session->read() on my www page and I get all of my auth info, > > however if I do the same thing on, blog.mysite.com then auth is now > > empty. Any ideas on next steps to take towards solving this? Thanks > > guy. > > > On Mar 7, 8:36 pm, Nabil Alsharif wrote: > >> My first guess would be that you lost session data when you went to the > >> subdomain. Maybe because the session cookies weren't sent with the > >> requests going to the subdomain or maybe something else, I'm can't see > >> whats happening on your servers The point is it's easy to check if > >> the session was lost, that wold be the first thing I'd look at. Good > >> luck. > > >> On Sun, 2010-03-07 at 15:25 -0800, Kyle Decot wrote: > >> > Yep. It's all one Cake App. Any ideas? > > >> > On Mar 7, 11:43 am, cricket wrote: > >> > > A subdomain is usually a completely separate site. Do you already > >> > > have > >> > > the same Cake app serving all of your subdomains? > > >> > > On Mar 6, 5:34 pm, Kyle Decot wrote: > > >> > > > I have a couple different subdomains on my site but I am having > >> > > > some > >> > > > problems w/ the Auth Component. I login fine under the standard www > >> > > > subdomain but then if I go to a different subdomain, then I am no > >> > > > longer logged in. How do I make sure that my Auth login persists > >> > > > across all of my subdomains? > > >> > Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp others > >> > with their CakePHP related questions. > > >> > You received this message because you are subscribed to the Google > >> > Groups "CakePHP" group. > >> > To post to this group, send email to cake-php@googlegroups.com > >> > To unsubscribe from this group, send email to > >> > cake-php+unsubscr...@googlegroups.com For more options, visit this group > >> > athttp://groups.google.com/group/cake-php?hl=en > > > Check out the new CakePHP Questions sitehttp://cakeqs.organd help others > > with their CakePHP related questions. > > > You received this message because you are subscribed to the Google Groups > > "CakePHP" group. > > To post to this group, send email to cake-php@googlegroups.com > > To unsubscribe from this group, send email to > > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > >http://groups.google.com/group/cake-php?hl=en > > -- > Sent from my mobile device Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Subdomain Auth Problem
You also need to set the realm of the session cookie to your domain (it defaults to the hostname) and set the security level of the security component below 2 On 3/8/10, Kyle Decot wrote: > Well my sessions.save is set to database in my core.php file. Also, I > did $session->read() on my www page and I get all of my auth info, > however if I do the same thing on, blog.mysite.com then auth is now > empty. Any ideas on next steps to take towards solving this? Thanks > guy. > > On Mar 7, 8:36 pm, Nabil Alsharif wrote: >> My first guess would be that you lost session data when you went to the >> subdomain. Maybe because the session cookies weren't sent with the >> requests going to the subdomain or maybe something else, I'm can't see >> whats happening on your servers The point is it's easy to check if >> the session was lost, that wold be the first thing I'd look at. Good >> luck. >> >> >> >> On Sun, 2010-03-07 at 15:25 -0800, Kyle Decot wrote: >> > Yep. It's all one Cake App. Any ideas? >> >> > On Mar 7, 11:43 am, cricket wrote: >> > > A subdomain is usually a completely separate site. Do you already >> > > have >> > > the same Cake app serving all of your subdomains? >> >> > > On Mar 6, 5:34 pm, Kyle Decot wrote: >> >> > > > I have a couple different subdomains on my site but I am having >> > > > some >> > > > problems w/ the Auth Component. I login fine under the standard www >> > > > subdomain but then if I go to a different subdomain, then I am no >> > > > longer logged in. How do I make sure that my Auth login persists >> > > > across all of my subdomains? >> >> > Check out the new CakePHP Questions sitehttp://cakeqs.organd help others >> > with their CakePHP related questions. >> >> > You received this message because you are subscribed to the Google >> > Groups "CakePHP" group. >> > To post to this group, send email to cake-php@googlegroups.com >> > To unsubscribe from this group, send email to >> > cake-php+unsubscr...@googlegroups.com For more options, visit this group >> > athttp://groups.google.com/group/cake-php?hl=en > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > http://groups.google.com/group/cake-php?hl=en > -- Sent from my mobile device Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Subdomain Auth Problem
Well my sessions.save is set to database in my core.php file. Also, I did $session->read() on my www page and I get all of my auth info, however if I do the same thing on, blog.mysite.com then auth is now empty. Any ideas on next steps to take towards solving this? Thanks guy. On Mar 7, 8:36 pm, Nabil Alsharif wrote: > My first guess would be that you lost session data when you went to the > subdomain. Maybe because the session cookies weren't sent with the > requests going to the subdomain or maybe something else, I'm can't see > whats happening on your servers The point is it's easy to check if > the session was lost, that wold be the first thing I'd look at. Good > luck. > > > > On Sun, 2010-03-07 at 15:25 -0800, Kyle Decot wrote: > > Yep. It's all one Cake App. Any ideas? > > > On Mar 7, 11:43 am, cricket wrote: > > > A subdomain is usually a completely separate site. Do you already have > > > the same Cake app serving all of your subdomains? > > > > On Mar 6, 5:34 pm, Kyle Decot wrote: > > > > > I have a couple different subdomains on my site but I am having some > > > > problems w/ the Auth Component. I login fine under the standard www > > > > subdomain but then if I go to a different subdomain, then I am no > > > > longer logged in. How do I make sure that my Auth login persists > > > > across all of my subdomains? > > > Check out the new CakePHP Questions sitehttp://cakeqs.organd help others > > with their CakePHP related questions. > > > You received this message because you are subscribed to the Google Groups > > "CakePHP" group. > > To post to this group, send email to cake-php@googlegroups.com > > To unsubscribe from this group, send email to > > cake-php+unsubscr...@googlegroups.com For more options, visit this group > > athttp://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Subdomain Auth Problem
My first guess would be that you lost session data when you went to the subdomain. Maybe because the session cookies weren't sent with the requests going to the subdomain or maybe something else, I'm can't see whats happening on your servers The point is it's easy to check if the session was lost, that wold be the first thing I'd look at. Good luck. On Sun, 2010-03-07 at 15:25 -0800, Kyle Decot wrote: > Yep. It's all one Cake App. Any ideas? > > On Mar 7, 11:43 am, cricket wrote: > > A subdomain is usually a completely separate site. Do you already have > > the same Cake app serving all of your subdomains? > > > > On Mar 6, 5:34 pm, Kyle Decot wrote: > > > > > > > > > I have a couple different subdomains on my site but I am having some > > > problems w/ the Auth Component. I login fine under the standard www > > > subdomain but then if I go to a different subdomain, then I am no > > > longer logged in. How do I make sure that my Auth login persists > > > across all of my subdomains? > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
$Auth problem when 404 type errors occur.
Hi, I have two elements (short menus) set to appear in the default layout based upon the group ID of the current user. If $Auth['User'] ['group_id']==1 then menu 1 appears,if $Auth['User']['group_id']==2 then menu 2 appears. This works just fine, except when I encounter a 404 type error. When redirected to the default CakePHP error page I encounter an "Undefined variable: Auth" error and both menus appear. I can't quite work out why this page wouldn't have access to the $Auth variable. I'm using the default error handling in Cakephp, no custom views etc at this stage. Am I missing something fundamental here? TIA for any sage advice. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Auth problem. Please help
Hello, I've configure the auth module in app_controller, and in a user view I use swfupload script to upload an image. When it is completed, it launch windows.location.reload() The module upload image and update db, BUT when the javascript launch windows.location.reload(), auth finalize session: - how could I check the error? - Where is the error? Thank you in advantage --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth problem with '/' and "You are not authorized to access that location."
On 27 Jun 2009, at 23:11, tpynegar wrote: > > Hi, > > I've got a setup where i've got a login action at /users/login. If you > go directly to that > controller, action there is no error message wereas if you goto '/' as > in the site > address with no controller or action and then follow the routes i've > got setup for '/' > to /users/login you get this message. > > I've tried putting this into the beforeFilter > >$this->Auth->allow( '/' ); > You need to allow the action that is called when you go to /. Check in routes it's probably default set to display action in the pages controller. > but doesn't seem to help. > > Thanks, > Tim. > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth problem with '/' and "You are not authorized to access that location."
Url '/' points by default routes to PagesController::display(), so you should call either a) in PagesController::beforeFilter(): parent::beforeFilter(); $this->Auth->allow('display'); or b) in AppController::beforeFilter(): if ($this->name == 'Pages') { $this->Auth->allow('display'); } Your usage $this->Auth->allow('/') is wrong, this is not valid argument. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth problem with '/' and "You are not authorized to access that location."
Hi, I've got a setup where i've got a login action at /users/login. If you go directly to that controller, action there is no error message wereas if you goto '/' as in the site address with no controller or action and then follow the routes i've got setup for '/' to /users/login you get this message. I've tried putting this into the beforeFilter $this->Auth->allow( '/' ); but doesn't seem to help. Thanks, Tim. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Weird ACL / Auth problem: action denied, action/5 allowed - why?
It's really weird.I can't think what is going on. 2009/6/26 DigitalDude > > Hey, > > yeah the problem with who can edit what is solved and works fine. The > action is just usable for anyone who knows the correct url, and all > other actions are blocked by the ACL unless you login into the > system. > > I don't know what this is, this makes no sense at all, as all other > actions which have no parameters ore only one are secured and the one > with 2 params is not controlled via ACL. > > I tested other function with 2 parameters in my app, and the same > problem appears with them. > > For example: > > user/add => Access denied > user/edit/5 => Access denied > user/index => Access denied > user/setStatus => Access denied > user/setStatus/4 => anybody can see the view of that action > user/setStatus/4/1 => anybody can see the view of that action > > in this example, edit only has ONE parameter, in fact the user ID. The > action setStatus has 2 Parameters. > > This is really a weird problem... > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Weird ACL / Auth problem: action denied, action/5 allowed - why?
Hey, yeah the problem with who can edit what is solved and works fine. The action is just usable for anyone who knows the correct url, and all other actions are blocked by the ACL unless you login into the system. I don't know what this is, this makes no sense at all, as all other actions which have no parameters ore only one are secured and the one with 2 params is not controlled via ACL. I tested other function with 2 parameters in my app, and the same problem appears with them. For example: user/add => Access denied user/edit/5 => Access denied user/index => Access denied user/setStatus => Access denied user/setStatus/4 => anybody can see the view of that action user/setStatus/4/1 => anybody can see the view of that action in this example, edit only has ONE parameter, in fact the user ID. The action setStatus has 2 Parameters. This is really a weird problem... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Weird ACL / Auth problem: action denied, action/5 allowed - why?
Well with a quick view to your problem i think you should map your action editScooter using actionMap with one of the 4 actions (create,read,update,delete) and then go with crud mode.I don't think it is a problem with the parameters because edit take parameters too for the id for example. If you use action mode you do $this->Acl->allow($aroAlias,$acoAlias); which means $this->Acl->allow(users,scooters/edit); So you allow users to edit any scooter,but to edit ONLY their own you do what i post you 1st. 2009/6/26 DigitalDude > > Hey, > > it is an edit action for an item, and it is similar to other ones I > have in my app and all other ones are denied for non-logged-in users > (which means, in all other actions, the ACL works fine). > > I checked the controller if there were any allowedActions in the > beforeFilter and other pre-occuring actions before the controller > action, but there were none. > > My function header looks like this: > > public function editScooter($shop_id = null, $scooter_id = null) { > > } > > So the function gets two parameters to work with, and in my ACL Table > under ACO's the editScooter-Acion is listed. > > When I call the action without any parameters, eg > > http://www.myapp.com/scooters/editScooter > > the ACL works fine. But the moment I put some parameters behind that > action, the ACL fails. > > My ACL is defined via shell and the code of it looks like this: > > $this->Acl->allow('users', 'Scooters'); > > Normally every controller action of the controller "Scooters" should > be secured by ACL, and this works for methods like index, add, edit, > view... > > Only the editScooter action is not secured by ACL. Maybe this has to > do with the two parameters which CAN be applied to the function, but > the function also is used for modifications with one passed > parameter. > > I did not change any routes, and the beforeFilter in my app_controller > has no allowedActions. > > :( > > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Weird ACL / Auth problem: action denied, action/5 allowed - why?
Hey, it is an edit action for an item, and it is similar to other ones I have in my app and all other ones are denied for non-logged-in users (which means, in all other actions, the ACL works fine). I checked the controller if there were any allowedActions in the beforeFilter and other pre-occuring actions before the controller action, but there were none. My function header looks like this: public function editScooter($shop_id = null, $scooter_id = null) { } So the function gets two parameters to work with, and in my ACL Table under ACO's the editScooter-Acion is listed. When I call the action without any parameters, eg http://www.myapp.com/scooters/editScooter the ACL works fine. But the moment I put some parameters behind that action, the ACL fails. My ACL is defined via shell and the code of it looks like this: $this->Acl->allow('users', 'Scooters'); Normally every controller action of the controller "Scooters" should be secured by ACL, and this works for methods like index, add, edit, view... Only the editScooter action is not secured by ACL. Maybe this has to do with the two parameters which CAN be applied to the function, but the function also is used for modifications with one passed parameter. I did not change any routes, and the beforeFilter in my app_controller has no allowedActions. :( --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Weird ACL / Auth problem: action denied, action/5 allowed - why?
I wonder what the 'action' do.It is edit,view?Tell more details about your app controller.You use crud mode or action?If you want to get access to only logged in users you must remove it from allowedActions for example,if you have it in public pages.Print some code here to see it. 2009/6/25 DigitalDude > > Hey, > > no I took care of that and my role-system works perfectly. I want to > restrict the access of that action to only logged in users, not for > public viewing! Everyone can see the page and this is very bad! > > The action should be only accessible for logged in users. But it isn't > even though other actions (with parameters!) are secured by ACL and > only viewable while logged in. > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Weird ACL / Auth problem: action denied, action/5 allowed - why?
Hey, no I took care of that and my role-system works perfectly. I want to restrict the access of that action to only logged in users, not for public viewing! Everyone can see the page and this is very bad! The action should be only accessible for logged in users. But it isn't even though other actions (with parameters!) are secured by ACL and only viewable while logged in. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Weird ACL / Auth problem: action denied, action/5 allowed - why?
I suppose you want the http://www.myapp.com/controller/action/5 to be accessed only with the owner of this.If this is what you might want to this particular url will help you http://aranworld.com/article/189/cakephp-acl-and-auth-record-level-protection-and-crud Hope it helps, regards Paulos 2009/6/25 DigitalDude > > Hey, > > In my app I have the following ACL issue: > > All actions/controllers are secured by ACL and a user should only see > pages when he is logged in. This works fine in general, but I > discovered a weird error today which is given me a headache: > > When you enter the url > > http://www.myapp.com/controller/action > > the user is redirected to the login, which is exactly what I want. > > But if the user types in this, e.g. to edit an article or sth like > that: > > http://www.myapp.com/controller/action/5 > > the ACL does NOT deny the access to the page and everyone can view the > contents of the page! > > This is a horrible security issue and I gotta fix it ASAP, so I'd be > very happy if someone could point me to the right direction so I can > solve this big problem! > > Thx in advance, > > DD > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Weird ACL / Auth problem: action denied, action/5 allowed - why?
Hey, In my app I have the following ACL issue: All actions/controllers are secured by ACL and a user should only see pages when he is logged in. This works fine in general, but I discovered a weird error today which is given me a headache: When you enter the url http://www.myapp.com/controller/action the user is redirected to the login, which is exactly what I want. But if the user types in this, e.g. to edit an article or sth like that: http://www.myapp.com/controller/action/5 the ACL does NOT deny the access to the page and everyone can view the contents of the page! This is a horrible security issue and I gotta fix it ASAP, so I'd be very happy if someone could point me to the right direction so I can solve this big problem! Thx in advance, DD --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Problem using in Login Process
A bit hard to diagnose without seeing any code... but is your form posting to the login action? And also make sure cookies are enabled in your browser. Cheers, Adam - Original Message - From: "uday" To: "CakePHP" Sent: Thursday, June 18, 2009 7:36 AM Subject: Auth Problem using in Login Process > > Hi, > > I am using the Auth component for registration and login, registration > is working perfectly, but login doesnt seem to be doing anything at > all, > > I have Auth loaded in the AppController since I will be using it site > wide, however when I try to log in I just return to the login page > because the page it is supposed to redirect me to requires you to be > logged in. > > The only message I get from auth is the message I set "Sorry you > cannot access this page" > > my login.ctp is just a simple login form with a username and password > field, and my Users controller has an empty login function at the > moment. > > from what i've read everything should work, however it is not... > > am I missing something here? do I need to add code to the login > function of the controller? or add anything to the user model? > > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth Problem using in Login Process
Hi, I am using the Auth component for registration and login, registration is working perfectly, but login doesnt seem to be doing anything at all, I have Auth loaded in the AppController since I will be using it site wide, however when I try to log in I just return to the login page because the page it is supposed to redirect me to requires you to be logged in. The only message I get from auth is the message I set "Sorry you cannot access this page" my login.ctp is just a simple login form with a username and password field, and my Users controller has an empty login function at the moment. from what i've read everything should work, however it is not... am I missing something here? do I need to add code to the login function of the controller? or add anything to the user model? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth problem
Hello, I have an AdminsController class that uses User model to validate the username and password. the app_controller's before filter looks like this public function beforeFilter() { $this->set('site_url', 'http://localhost/cake/'); //Override default fields used by Auth component $this->Auth->fields = array('username'=>'email_address','password'=>'password'); $this->Auth->loginAction = array('controller' => 'admins', 'action'=> 'login'); $this->Auth->logoutRedirect = array('controller'=> 'admins', 'action' =>'login'); $this->Auth->loginError = __('Invalid username or password', true); //$this->Auth->authError = __(' ', true); //this is for now. $this->Auth->loginRedirect = array( 'controller' => 'admins', 'action' => 'manage_users' ); //$this->set('admin', false); } After it logs in I dont see Auth component setting User information in session. I want the user to login before using any other page. My AdminsControllers beforeFilter and login() looks like this public function beforeFilter() { parent::beforeFilter(); $this->Auth->allow('login'); } function login() { $this->Session->write('userrole', ''); if(isset($this->data)) { //echo pr($this->data); $temp = $this->User->find(array('email_address'=>$this->data['User']['email_address'])); //echo pr($this->Auth); $this->Session->write('userrole', $temp['Group'][0]['name']); //$this->Session->write('user_logged_id', $this->Auth['data']['username']); //once admin user logs in, he is redirected to manage users' page $this->redirect('/admins/manage_users'); } } Whats happening is everytime i login with correct password, I get Auth error ' You are not authorized to access that location.' and it goes back to login page again. In the function login, the echo pr($this->data); has empty string for password. Any pointers? Thanks, Bharani _ Lauren found her dream laptop. Find the PC that’s right for you. http://www.microsoft.com/windows/choosepc/?ocid=ftp_val_wl_290 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth problem: Page refresh or multiple page loads lead to logout
Wow, setting the Variable "Security.level" to "medium" definetly did the trick!! Great! Thank you, Dr. Loboto. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth problem: Page refresh or multiple page loads lead to logout
Yeah, I am interested in that matter too. I have a lot of ajax requests and when I click some buttons multiple times while the request is beeing processed, I get kicked out - i.e. the session is destroyed and I end with the login form. So, what session storage engine could be used? This is annoying problem and I still haven't get rid of it. On Apr 3, 10:08 am, "Dr. Loboto" wrote: > It looks like problem with concurrent access to session files. > Standard advice in all such cases - try to set lower security level. > Actually, I don't know how can it help, but it is really common > advice. > Other advice - choose session storage engine that works better with > concurrent requests. > > On Apr 2, 10:57 pm, Andreas Müller wrote: > > > > > Hello, > > I have some issues with two CakePHP (current stable version) > > applications regarding Auth. > > > When a user is logged in and loads multiple pages simultaneously, he > > gets logged out. This happens for example when he follows a hyperlink > > while the page is still loading or if he hits "F5" twice. > > > Furthermore, the user receives the message: "You are not authorized to > > access that location." > > > This is the code from my App_Controller: > > > function beforeFilter(){ > > > Configure::load('settings'); // My application configuration > > > $this->Auth->loginAction = array('controller' => 'users', > > 'action' > > => 'login'); > > $this->Auth->autoRedirect = false; > > > $this->Auth->loginError = > > Configure::read('Auth.LoginError'); > > $this->Auth->authError = Configure::read('Auth.AuthError'); > > > $this->Auth->authorize = 'controller'; > > } > > > function isAuthorized() { > > return true; // For testing! > > } > > > It seems that the app cannot process multiple requests in the same > > session at the same time. But it should, to my view.. :-) > > > Does somebody of you have a clue, why this could happen or where to > > start searching? > > > Thanks and greetings from Kiel/Germany, > > Andreas- Hide quoted text - > > - Show quoted text - --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth problem: Page refresh or multiple page loads lead to logout
It looks like problem with concurrent access to session files. Standard advice in all such cases - try to set lower security level. Actually, I don't know how can it help, but it is really common advice. Other advice - choose session storage engine that works better with concurrent requests. On Apr 2, 10:57 pm, Andreas Müller wrote: > Hello, > I have some issues with two CakePHP (current stable version) > applications regarding Auth. > > When a user is logged in and loads multiple pages simultaneously, he > gets logged out. This happens for example when he follows a hyperlink > while the page is still loading or if he hits "F5" twice. > > Furthermore, the user receives the message: "You are not authorized to > access that location." > > This is the code from my App_Controller: > > function beforeFilter(){ > > Configure::load('settings'); // My application configuration > > $this->Auth->loginAction = array('controller' => 'users', > 'action' > => 'login'); > $this->Auth->autoRedirect = false; > > $this->Auth->loginError = Configure::read('Auth.LoginError'); > $this->Auth->authError = Configure::read('Auth.AuthError'); > > $this->Auth->authorize = 'controller'; > } > > function isAuthorized() { > return true; // For testing! > } > > It seems that the app cannot process multiple requests in the same > session at the same time. But it should, to my view.. :-) > > Does somebody of you have a clue, why this could happen or where to > start searching? > > Thanks and greetings from Kiel/Germany, > Andreas --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth problem: Page refresh or multiple page loads lead to logout
Hello, I have some issues with two CakePHP (current stable version) applications regarding Auth. When a user is logged in and loads multiple pages simultaneously, he gets logged out. This happens for example when he follows a hyperlink while the page is still loading or if he hits "F5" twice. Furthermore, the user receives the message: "You are not authorized to access that location." This is the code from my App_Controller: function beforeFilter(){ Configure::load('settings'); // My application configuration $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); $this->Auth->autoRedirect = false; $this->Auth->loginError = Configure::read('Auth.LoginError'); $this->Auth->authError = Configure::read('Auth.AuthError'); $this->Auth->authorize = 'controller'; } function isAuthorized() { return true; // For testing! } It seems that the app cannot process multiple requests in the same session at the same time. But it should, to my view.. :-) Does somebody of you have a clue, why this could happen or where to start searching? Thanks and greetings from Kiel/Germany, Andreas --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth problem, login not working.
Everything looks ok. And I guess something as follow: 1. Is your users table has both username and password fields. 2. How about the hash password stored after registration action. 3. Try this code in Users::login action, you should remove comment at //print_r($user) for debug if(!empty($this->data)) { $user = $this->Auth->user(); //$user = false; if($user){ //print_r($user); $this->redirect('/', null, true); } $this->Session->setFlash("Check your account"); - Best regards ! Giang Son Dat Mobile: +84 988114164 Email giangson...@gmail.com, giangson...@yahoo.com On Tue, Feb 10, 2009 at 11:38 PM, Dcahrakos wrote: > > oops, sorry, was in a rush to leave for work didnt have time to post > it. > > The login function is empty, which according to the docs on the auth > component, thats the way its supposed to be since auth does it all. > > my config for auth in the AppController is: > >var $components = array('Auth'); > >function beforeFilter() { > >$this->Auth->loginAction = array('controller' => 'users', > 'action' => 'login'); >$this->Auth->loginRedirect = array('controller' => > 'members', > 'action' => 'home'); >$this->Auth->loginError = "Incorrect Password!"; >$this->Auth->authError = "Sorry, you cannot access this > page."; > > } > > On Feb 10, 2:49 pm, Miles J wrote: > > Can we see your login action() and all the config for auth. > > > > On Feb 10, 1:29 pm, Dcahrakos wrote: > > > > > Hi, > > > > > I am using the Auth component for registration and login, registration > > > is working perfectly, but login doesnt seem to be doing anything at > > > all, > > > > > I have Auth loaded in the AppController since I will be using it site > > > wide, however when I try to log in I just return to the login page > > > because the page it is supposed to redirect me to requires you to be > > > logged in. > > > > > The only message I get from auth is the message I set "Sorry you > > > cannot access this page" > > > > > my login.ctp is just a simple login form with a username and password > > > field, and my Users controller has an empty login function at the > > > moment. > > > > > from what i've read everything should work, however it is not... > > > > > am I missing something here? do I need to add code to the login > > > function of the controller? or add anything to the user model? > > > > > Thanks. > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth problem, login not working.
oops, sorry, was in a rush to leave for work didnt have time to post it. The login function is empty, which according to the docs on the auth component, thats the way its supposed to be since auth does it all. my config for auth in the AppController is: var $components = array('Auth'); function beforeFilter() { $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); $this->Auth->loginRedirect = array('controller' => 'members', 'action' => 'home'); $this->Auth->loginError = "Incorrect Password!"; $this->Auth->authError = "Sorry, you cannot access this page."; } On Feb 10, 2:49 pm, Miles J wrote: > Can we see your login action() and all the config for auth. > > On Feb 10, 1:29 pm, Dcahrakos wrote: > > > Hi, > > > I am using the Auth component for registration and login, registration > > is working perfectly, but login doesnt seem to be doing anything at > > all, > > > I have Auth loaded in the AppController since I will be using it site > > wide, however when I try to log in I just return to the login page > > because the page it is supposed to redirect me to requires you to be > > logged in. > > > The only message I get from auth is the message I set "Sorry you > > cannot access this page" > > > my login.ctp is just a simple login form with a username and password > > field, and my Users controller has an empty login function at the > > moment. > > > from what i've read everything should work, however it is not... > > > am I missing something here? do I need to add code to the login > > function of the controller? or add anything to the user model? > > > Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth problem, login not working.
Can we see your login action() and all the config for auth. On Feb 10, 1:29 pm, Dcahrakos wrote: > Hi, > > I am using the Auth component for registration and login, registration > is working perfectly, but login doesnt seem to be doing anything at > all, > > I have Auth loaded in the AppController since I will be using it site > wide, however when I try to log in I just return to the login page > because the page it is supposed to redirect me to requires you to be > logged in. > > The only message I get from auth is the message I set "Sorry you > cannot access this page" > > my login.ctp is just a simple login form with a username and password > field, and my Users controller has an empty login function at the > moment. > > from what i've read everything should work, however it is not... > > am I missing something here? do I need to add code to the login > function of the controller? or add anything to the user model? > > Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth problem, login not working.
Hi, I am using the Auth component for registration and login, registration is working perfectly, but login doesnt seem to be doing anything at all, I have Auth loaded in the AppController since I will be using it site wide, however when I try to log in I just return to the login page because the page it is supposed to redirect me to requires you to be logged in. The only message I get from auth is the message I set "Sorry you cannot access this page" my login.ctp is just a simple login form with a username and password field, and my Users controller has an empty login function at the moment. from what i've read everything should work, however it is not... am I missing something here? do I need to add code to the login function of the controller? or add anything to the user model? Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Simple auth problem
Hi Jason, if the password-hash is not the solution, additionally you can go this way. There is a good tutorial with a demo-download on: http://www.webdevelopment2.com/cakephp-auth-component-tutorial-1/ Try this and compare the steps with your application and your config. I think, so you can get the right solution. Hope that helps RoVo --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Simple auth problem
Make sure your password in the DB is hashed. Also check your salt: http://www.milesj.me/blog/read/3/debugging-the-cakephp-auth-component --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Simple auth problem
Hello, I just started using CakePHP and can't get the AuthComponent to accept a valid username and password - I keep getting "Login failed. Invalid username or password." I've set up a "users" table in my db with the login credentials set to: username: username password: password Here is my code: models/ user.php controllers/ users_controller.php redirect($this->Auth->logout()); } } ?> views/ login.ctp check('Message.auth')) $session->flash('auth'); echo $form->create('User', array('action' => 'login')); echo $form->input('username'); echo $form->input('password'); echo $form->end('Login'); if ($session->check('Message.flash')) { $session->flash(); } if ($session->check('Message.auth')) { $session->flash('auth'); } ?> mysql> select * from users; ++--+--+ | id | username | password | ++--+--+ | 1 | username | password | ++--+--+ 1 row in set (0.00 sec) Thanks for any help, Jason --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Problem
I've got a sample of how I setup my auth component on my blog at: http://php.abdullahsolutions.com/2008/03/using-proper-auth-component-in-cakephp.html On Wed, May 28, 2008 at 10:10 PM, Dardo Sordi Bogado <[EMAIL PROTECTED]> wrote: > > It depends on how you setup the auth component. > > On Wed, May 28, 2008 at 11:02 AM, Kyle Decot <[EMAIL PROTECTED]> wrote: > > > > I am attempting to create a login system using the Auth component. > > when i log in, i get redirected to the users/dashboard page that i > > have specified, but then i get redirected right back to the login page > > with a "You are not authorized to access that location." message. Any > > ideas why this is happening? > > > > > > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Problem
It depends on how you setup the auth component. On Wed, May 28, 2008 at 11:02 AM, Kyle Decot <[EMAIL PROTECTED]> wrote: > > I am attempting to create a login system using the Auth component. > when i log in, i get redirected to the users/dashboard page that i > have specified, but then i get redirected right back to the login page > with a "You are not authorized to access that location." message. Any > ideas why this is happening? > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth Problem
I am attempting to create a login system using the Auth component. when i log in, i get redirected to the users/dashboard page that i have specified, but then i get redirected right back to the login page with a "You are not authorized to access that location." message. Any ideas why this is happening? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: phpThumb component + redirect(Auth?) problem
On 5 Mar, 01:18, the_woodsman <[EMAIL PROTECTED]> wrote: > As this is line 1 of the file, this sounds like there's white space no, it wasn't. I've checked every involved file at the beginning and the end. But it was something similar, just converted the thumb.php file to windows format and then back to *nix format. now works fine. Thank you, i was loosing time searching for same strange cake config Pierpaolo --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: phpThumb component + redirect(Auth?) problem
> Warning (2): Cannot modify header information - headers already sent > by (output started at D:\Programas\xampp\htdocs\kanja\app\controllers > \components\thumb.php:1) [CORE\cake\libs\controller\controller.php, > line 546] As this is line 1 of the file, this sounds like there's white space before a php tag in thumb.php, stopping the session from being started. Take a look, delete any new lines or spaces on that line, and see what happens... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
phpThumb component + redirect(Auth?) problem
Hi everyone, i'm trying to use ThumbComponent from http://bakery.cakephp.org/articles/view/phpthumb-component (the enhanced version, actually) in my cake1.2 app, but there is some redirect problem: 1) using Auth & Thumb Components in the controller, calling any actions get this error: Warning (2): Cannot modify header information - headers already sent by (output started at D:\Programas\xampp\htdocs\kanja\app\controllers \components\thumb.php:1) [CORE\cake\libs\controller\controller.php, line 546] Code | Context Warning: implode() [function.implode]: Bad arguments. in D:\Programas \xampp\htdocs\kanja\cake\libs\debugger.php on line 497 header - [internal], line ?? Controller::redirect() - CORE\cake\libs\controller\controller.php, line 546 AuthComponent::startup() - CORE\cake\libs\controller\components \auth.php, line 315 Dispatcher::start() - CORE\cake\dispatcher.php, line 319 Dispatcher::dispatch() - CORE\cake\dispatcher.php, line 226 [main] - APP\webroot\index.php, line 84 the error line (auth.php, line 315) => $controller->redirect($this- >loginAction, null, true); or 2) using Thumb Component (without Auth) in the controller, all works fine until the first redirect when I get this error: Warning (2): Cannot modify header information - headers already sent by (output started at D:\Programas\xampp\htdocs\kanja\app\controllers \components\thumb.php:1) [CORE\cake\libs\controller\controller.php, line 546] Code | Context Warning: implode() [function.implode]: Bad arguments. in D:\Programas \xampp\htdocs\kanja\cake\libs\debugger.php on line 497 header - [internal], line ?? Controller::redirect() - CORE\cake\libs\controller\controller.php, line 546 NoticiasController::addimg() - APP\controllers \noticias_controller.php, line 175 Dispatcher::_invoke() - CORE\cake\dispatcher.php, line 268 Dispatcher::dispatch() - CORE\cake\dispatcher.php, line 240 [main] - APP\webroot\index.php, line 84 the error line (noticias_controller.php, line 175) => $this- >redirect('/noticias/edit/'.$id); It seems to be a problem in my configuration, but i'm unable to find? What i'm missing? thank you Pierpaolo --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: auth problem
> How can I resolve this problem : > > if I try to connect to my application, it asks me a login and > password , that's ok ! > I'm now connected to the restricted area , that's ok too ! > > but now if I open a new window and try to connect to the application, > it asks me nothing and connects me directly because I'm already > connect in the another window ... this is not a cake issue, it's how browsers deal with sessions. it's no different from gmail or hotmail, if you're signed in in one window and open a new window pointing at the same url, you won't need to sign in again. hth jb -- jon bennett w: http://www.jben.net/ iChat (AIM): jbendotnet Skype: jon-bennett --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
auth problem
Hi everybody ! How can I resolve this problem : if I try to connect to my application, it asks me a login and password , that's ok ! I'm now connected to the restricted area , that's ok too ! but now if I open a new window and try to connect to the application, it asks me nothing and connects me directly because I'm already connect in the another window ... Thanks to help me --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: XHR calls and an Auth problem - [security risk?]
I checked my application, and I found the origin + fix. In the file routes.php: Router::connect('/pages/*', array('controller' => 'pages', 'action' => 'display')); Router::connect('/sections/', array('controller' => 'sections', 'action' => 'index', 'prefix' => Configure::read('Routing.admin'))); My old file was without the 'prefix' key. That fixed the problem. Any ideas why? On Nov 30, 12:59 pm, AD7six <[EMAIL PROTECTED]> wrote: > On Nov 30, 11:46 am, phpjoy <[EMAIL PROTECTED]> wrote: > > > > > I'm experiencing a VERY weird auth problem, which is a very big > > security risk for my application. > > > When I try to access a page in the admin section directly, I'm being > > redirected to the login page. > > When I try to do the same via an XHR call, the page is loaded! > > > Example: > > When I try to access the URLhttp://localhost/admin/sections/edit/1294 > > I get redirected tohttp://localhost/admin/login > > > When the program accesses the same URL, it loads the page. > > Any ideas why it happens? > > > Here's my auth setup: > > function auth() { > > $this->controller->Auth->userScope = array( > > 'AdminUser.active' => > > '1' ); > > $this->controller->Auth->userModel = 'AdminUser'; > > $this->controller->Auth->loginAction='/' > > .Configure::read('Routing.admin') .'/login/'; > > > $this->controller->Auth->loginRedirect='/' > > .Configure::read('Routing.admin') .'/'; > > > $this->controller->Auth->authorize = false; > > $this->controller->Auth->sessionKey = 'AdminUser'; > > } > > > Here are the headers, checked by FireBug: > > > Response Headers > > == > > DateFri, 30 Nov 2007 10:30:54 GMT > > Server Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e > > mod_autoindex_color PHP/5.2.3 > > X-Powered-ByPHP/5.2.3 > > P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" > > Pragma no-cache > > Cache-Control no-store, no-cache, max-age=0, must-revalidate > > Content-Length 719 > > Keep-Alive timeout=5, max=97 > > Connection Keep-Alive > > Content-Typetext/html > > > Request Headers > > = > > Hostlocalhost > > User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: > > 1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 > > Accept text/xml,application/xml,application/xhtml+xml,text/ > > html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > > Accept-Language en-us,en;q=0.7,he;q=0.3 > > Accept-Encoding gzip,deflate > > Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 > > Keep-Alive 300 > > Connection keep-alive > > X-Requested-WithXMLHttpRequest > > Refererhttp://localhost/admin/ > > Cookie ProgramName=77254f4fb7cf56b71b28f6708f9a > > Pragma no-cache > > Cache-Control no-cache > > > If I request it through an HTTP data proxy, it doesn't load. Here are > > the headers: > > Response Headers > > == > > DateFri, 30 Nov 2007 10:43:57 GMT > > Server Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e > > mod_autoindex_color PHP/5.2.3 > > X-Powered-ByPHP/5.2.3 > > P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" > > Pragma no-cache > > Cache-Control no-store, no-cache, max-age=0, must-revalidate > > Locationhttp://localhost/admin/login/ > > Content-Length 0 > > Keep-Alive timeout=5, max=95 > > Connection Keep-Alive > > Content-Typetext/html > > > Request Headers > > > > Hostlocalhost > > User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: > > 1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 > > Accept */* > > Accept-Language en-us,en;q=0.7,he;q=0.3 > > Accept-Encoding gzip,deflate > > Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 > > Keep-Alive 300 > > Connection keep-alive > > Refererhttp://localhost/admin/ > > Cookie ProgramName=bc904aec5ff06a2d12bb6f334fde97ab > > > How can I make Auth check XHR calls? > > I doubt the Auth component cares how it receives a call, it's probably > an app specific problem (if not provide a sample application which > demonstrates the problem). Try having a look and investigatively debug > the auth class, or stick some calls to $this-log($aVar); in your code > to see if it´s bypassing the Auth class, or calling it and succeeding > etc. > > hth, > > AD --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: XHR calls and an Auth problem - [security risk?]
On Nov 30, 11:46 am, phpjoy <[EMAIL PROTECTED]> wrote: > I'm experiencing a VERY weird auth problem, which is a very big > security risk for my application. > > When I try to access a page in the admin section directly, I'm being > redirected to the login page. > When I try to do the same via an XHR call, the page is loaded! > > Example: > When I try to access the URLhttp://localhost/admin/sections/edit/1294 > I get redirected tohttp://localhost/admin/login > > When the program accesses the same URL, it loads the page. > Any ideas why it happens? > > Here's my auth setup: > function auth() { > $this->controller->Auth->userScope = array( > 'AdminUser.active' => > '1' ); > $this->controller->Auth->userModel = 'AdminUser'; > $this->controller->Auth->loginAction='/' > .Configure::read('Routing.admin') .'/login/'; > > $this->controller->Auth->loginRedirect='/' > .Configure::read('Routing.admin') .'/'; > > $this->controller->Auth->authorize = false; > $this->controller->Auth->sessionKey = 'AdminUser'; > } > > Here are the headers, checked by FireBug: > > Response Headers > == > DateFri, 30 Nov 2007 10:30:54 GMT > Server Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e > mod_autoindex_color PHP/5.2.3 > X-Powered-ByPHP/5.2.3 > P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" > Pragma no-cache > Cache-Control no-store, no-cache, max-age=0, must-revalidate > Content-Length 719 > Keep-Alive timeout=5, max=97 > Connection Keep-Alive > Content-Typetext/html > > Request Headers > = > Hostlocalhost > User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: > 1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 > Accept text/xml,application/xml,application/xhtml+xml,text/ > html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > Accept-Language en-us,en;q=0.7,he;q=0.3 > Accept-Encoding gzip,deflate > Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive 300 > Connection keep-alive > X-Requested-WithXMLHttpRequest > Refererhttp://localhost/admin/ > Cookie ProgramName=77254f4fb7cf56b71b28f6708f9a > Pragma no-cache > Cache-Control no-cache > > If I request it through an HTTP data proxy, it doesn't load. Here are > the headers: > Response Headers > == > DateFri, 30 Nov 2007 10:43:57 GMT > Server Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e > mod_autoindex_color PHP/5.2.3 > X-Powered-ByPHP/5.2.3 > P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" > Pragma no-cache > Cache-Control no-store, no-cache, max-age=0, must-revalidate > Locationhttp://localhost/admin/login/ > Content-Length 0 > Keep-Alive timeout=5, max=95 > Connection Keep-Alive > Content-Typetext/html > > Request Headers > > Hostlocalhost > User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: > 1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 > Accept */* > Accept-Language en-us,en;q=0.7,he;q=0.3 > Accept-Encoding gzip,deflate > Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive 300 > Connection keep-alive > Refererhttp://localhost/admin/ > Cookie ProgramName=bc904aec5ff06a2d12bb6f334fde97ab > > How can I make Auth check XHR calls? I doubt the Auth component cares how it receives a call, it's probably an app specific problem (if not provide a sample application which demonstrates the problem). Try having a look and investigatively debug the auth class, or stick some calls to $this-log($aVar); in your code to see if it´s bypassing the Auth class, or calling it and succeeding etc. hth, AD --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
XHR calls and an Auth problem - [security risk?]
I'm experiencing a VERY weird auth problem, which is a very big security risk for my application. When I try to access a page in the admin section directly, I'm being redirected to the login page. When I try to do the same via an XHR call, the page is loaded! Example: When I try to access the URL http://localhost/admin/sections/edit/1294 I get redirected to http://localhost/admin/login When the program accesses the same URL, it loads the page. Any ideas why it happens? Here's my auth setup: function auth() { $this->controller->Auth->userScope = array( 'AdminUser.active' => '1' ); $this->controller->Auth->userModel = 'AdminUser'; $this->controller->Auth- >loginAction='/' .Configure::read('Routing.admin') .'/login/'; $this->controller->Auth- >loginRedirect='/' .Configure::read('Routing.admin') .'/'; $this->controller->Auth->authorize = false; $this->controller->Auth->sessionKey = 'AdminUser'; } Here are the headers, checked by FireBug: Response Headers == DateFri, 30 Nov 2007 10:30:54 GMT Server Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e mod_autoindex_color PHP/5.2.3 X-Powered-ByPHP/5.2.3 P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Pragma no-cache Cache-Control no-store, no-cache, max-age=0, must-revalidate Content-Length 719 Keep-Alive timeout=5, max=97 Connection Keep-Alive Content-Typetext/html Request Headers = Hostlocalhost User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: 1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 Accept text/xml,application/xml,application/xhtml+xml,text/ html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language en-us,en;q=0.7,he;q=0.3 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 300 Connection keep-alive X-Requested-WithXMLHttpRequest Referer http://localhost/admin/ Cookie ProgramName=77254f4fb7cf56b71b28f6708f9a Pragma no-cache Cache-Control no-cache If I request it through an HTTP data proxy, it doesn't load. Here are the headers: Response Headers == DateFri, 30 Nov 2007 10:43:57 GMT Server Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e mod_autoindex_color PHP/5.2.3 X-Powered-ByPHP/5.2.3 P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Pragma no-cache Cache-Control no-store, no-cache, max-age=0, must-revalidate Locationhttp://localhost/admin/login/ Content-Length 0 Keep-Alive timeout=5, max=95 Connection Keep-Alive Content-Typetext/html Request Headers Hostlocalhost User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: 1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 Accept */* Accept-Language en-us,en;q=0.7,he;q=0.3 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 300 Connection keep-alive Referer http://localhost/admin/ Cookie ProgramName=bc904aec5ff06a2d12bb6f334fde97ab How can I make Auth check XHR calls? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---