Hey Baz I dont like useing user/pass - i rather use id, if something will be compromised then i would have to change my hash/login system only and no user data would be lost ( we have an cookie encryption functionality ya know) I did it this way - when the user is loggged i check if hewants to rememeber him and set a session variable. Then in before filter (in this order): check the usual auth stuff, check if the user isnt logged and if there is a cookie with the user id/hash ( $this->Auth->login($id) can get the userId as a param) ( depends on the level of security you want - i have a hash field in the user table that i hash and save in the cookie) check if there is the session var set in login() -> if true set the coookie
and it works :) HTH On Jan 4, 11:08 pm, Baz <[EMAIL PROTECTED]> wrote: > I'm proud to say that after some startling revalations from gwoo, I finally > understand how to use the Auth component. I'm not doing anything fancy with > ACL, but just some basic Controller authorization. > > First off, here's my > resource:http://www.littlehart.net/atthekeyboard/2007/11/20/follow-up-to-a-hop...http://www.littlehart.net/atthekeyboard/2007/09/11/a-hopefully-useful... > > This is how I'm trying to implement this: > - User logs in and hit's remember me. > - A cookie is written with user and pass (from $this->data, hash by Auth). > - Session ends and cookie is still active. > - User tries to access restricted model > - Check for cookie, if none proceed as normal (redirect to login). > - If cookie make Auth comp. use username and password in cookie for login > attempt. > > - Unlike Chris, I don't want to delete the cookie at every login attempt. I > would like to cookie to remain and eventually expire. > I prefer to delete the cookie when the user physically logs out. > > Here's some code: > > //users_controller > function login() > { > if ($this->Auth->user()) { > if (!empty($this->data)) { > $cookie = array(); > $cookie['username'] = $this->data['User']['username']; > $cookie['password'] = $this->data['User']['password']; > $this->Cookie->write('Auth.User', $cookie, true, '+1 > minute'); > unset($this->data['User']['remember_me']); > } > $this->redirect($this->Auth->redirect()); > } > } > > function logout(){ > $this->Session->setFlash('Good-Bye'); > $this->redirect($this->Auth->logout()); > } > > function beforeFilter() { > $this->Auth->autoRedirect = false; > parent::beforeFilter(); > $this->Auth->allow('add', 'view', 'admin_add'); > } > > // app_controller: > > function beforeFilter(){ > $this->Auth->authorize = 'controller'; > $this->Auth->loginAction = '/login/'; > $this->Auth->allow('admin_add', 'view', 'add'); > > $cookie = $this->Cookie->read('Auth.User'); > > if (!is_null($cookie)) > { > $this->data['User']['username'] = $cookie['username']; > $this->data['User']['password'] = $cookie['password']; > > // Clear auth message, just in case we use it. > $this->Session->destroy('Message.auth'); > } > } > > function isAuthorized() { > return true; > } > > Problems: > bottom line it doesn't work. > > But this is my main problem. When it does work (in it's unstable way - > sometimes not allowing a login, sometimes restricting access when it should > arleady be logged in) if I use anything in the User model it prepopulates my > $this->data, like it should. > > But this causes problems, eg. when adding a user. Since this is populated > in the beforeFilter() it just submits right away. > > Anyone had any success implementing something simliar? > > I would greatly appreciate any help. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
