Re: HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty
Hi McFadly,
hats interesting thanks. I normally use othAuth but I jsut wanted a
very simple HTTP-Auth, and it seems to me that should be easily
achievable with this Security component, although I have not been able
to get it to work!
All I would like to do is turn off the separate checking of POSTed
data -- can anyone help?
Or even someone who uses a HTTP-auth (with or without the digest) to
post an example of their code to achieve it?
I am not sure if a problem is arsing becasue my code is in the
app_controller, maybe it would be better in each controller that needs
the HTTP-auth; this seems to be the way of the OC presentation on
Cake's example.
thanks
Luke
On Nov 1, 4:58 pm, McFadly [EMAIL PROTECTED] wrote:
Hi Luke -
I think you're making this process more difficult than it needs to
be. I haven't used HTTP auth in theSecuritycomponent, so I can't
offer much insight in that realm. But you may just want to look into
using the Auth component, its pretty straightforward. Check out
Chris's article
here:http://www.littlehart.net/atthekeyboard/2007/09/11/a-hopefully-useful...
On Nov 1, 7:03 am, luke BAKING barker [EMAIL PROTECTED] wrote:
looking at the HTML of the form I am submitting, I see there is this
token:
form id=MemberAddForm method=post action=/admin/members/addp
style=display: none;input type=hidden name=data[__Token][key]
value=451ed6fb6ba0df462ad05faad6f0bdaab07b667c id=Token1063112810 /
I suppose that is causing a mismatch upon a POST?
regards
luke
On Nov 1, 12:55 pm, luke BAKING barker [EMAIL PROTECTED] wrote:
Hi,
I am using Cake 1.2 - 14th October nightly build. I have set up my
app_controller with admin routing, so that an admin function will ask
the user to authenticate with HTTP auth. (I had wanted to do a
simple .htaccess, with .htpasswd - so I thought I would try the Cake
way).
I have this working, BUT, when I submit an add form (e.g. submit
admin_Add or admin_edit) I get asked to authenticate again, which also
doesnt seem to work if correct details are put in. (The latter is to
do with my custom blackhole callback I think).
How can I tell theSecuritycomponent not to ask for Auth again upon
a POST?
here is my app_controller code:
class AppController extends Controller {
var $helpers = array('Html','Form','Javascript');
var $components = array(Security);
function beforeFilter() {
if (isset($this-params[admin])) {
$this-Security-blackHoleCallback = 'incorrect';
$this-Security-requireLogin('*',array('type'='basic','realm' =
Configure::read('Settings.title')));
$this-Security-loginUsers = array(admin =
'password');
}
}
// added this callback because without, if a user enters wrong
details, auth prompt will not re-display
function incorrect () {
header('WWW-Authenticate: Basic' .'
realm=' .
Configure::read('Settings.title') . '');
header('HTTP/1.1 401 Unauthorized');
$this-autoRender = false;
$this-layout = '';
die('h1HTTP/1.1 401 Unauthorized./h1
Details incorrect.
Please refresh.');
}
if I change my callback to this, it will work, but this is insecure,
obviously as it simply authenticates any POSTs!
function incorrect () {
if(!$this-RequestHandler-isPost()) {
header('WWW-Authenticate: Basic' .'
realm=' .
Configure::read('Settings.title') . '');
header('HTTP/1.1 401 Unauthorized');
$this-autoRender = false;
$this-layout = '';
die('h1HTTP/1.1 401 Unauthorized./h1
Details incorrect.
Please refresh.');
}
else {
return true;
}
}
thank you in advance for any help you can offer.
Luke aka boobyW
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty
looking at the HTML of the form I am submitting, I see there is this
token:
form id=MemberAddForm method=post action=/admin/members/addp
style=display: none;input type=hidden name=data[__Token][key]
value=451ed6fb6ba0df462ad05faad6f0bdaab07b667c id=Token1063112810 /
I suppose that is causing a mismatch upon a POST?
regards
luke
On Nov 1, 12:55 pm, luke BAKING barker [EMAIL PROTECTED] wrote:
Hi,
I am using Cake 1.2 - 14th October nightly build. I have set up my
app_controller with admin routing, so that an admin function will ask
the user to authenticate with HTTP auth. (I had wanted to do a
simple .htaccess, with .htpasswd - so I thought I would try the Cake
way).
I have this working, BUT, when I submit an add form (e.g. submit
admin_Add or admin_edit) I get asked to authenticate again, which also
doesnt seem to work if correct details are put in. (The latter is to
do with my custom blackhole callback I think).
How can I tell the Security component not to ask for Auth again upon
a POST?
here is my app_controller code:
class AppController extends Controller {
var $helpers = array('Html','Form','Javascript');
var $components = array(Security);
function beforeFilter() {
if (isset($this-params[admin])) {
$this-Security-blackHoleCallback = 'incorrect';
$this-Security-requireLogin('*',array('type'='basic','realm' =
Configure::read('Settings.title')));
$this-Security-loginUsers = array(admin =
'password');
}
}
// added this callback because without, if a user enters wrong
details, auth prompt will not re-display
function incorrect () {
header('WWW-Authenticate: Basic' .' realm=' .
Configure::read('Settings.title') . '');
header('HTTP/1.1 401 Unauthorized');
$this-autoRender = false;
$this-layout = '';
die('h1HTTP/1.1 401 Unauthorized./h1 Details
incorrect.
Please refresh.');
}
if I change my callback to this, it will work, but this is insecure,
obviously as it simply authenticates any POSTs!
function incorrect () {
if(!$this-RequestHandler-isPost()) {
header('WWW-Authenticate: Basic' .' realm=' .
Configure::read('Settings.title') . '');
header('HTTP/1.1 401 Unauthorized');
$this-autoRender = false;
$this-layout = '';
die('h1HTTP/1.1 401 Unauthorized./h1 Details
incorrect.
Please refresh.');
}
else {
return true;
}
}
thank you in advance for any help you can offer.
Luke aka boobyW
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty
Hi Luke -
I think you're making this process more difficult than it needs to
be. I haven't used HTTP auth in the Security component, so I can't
offer much insight in that realm. But you may just want to look into
using the Auth component, its pretty straightforward. Check out
Chris's article here:
http://www.littlehart.net/atthekeyboard/2007/09/11/a-hopefully-useful-tutorial-for-using-cakephps-auth-component/
On Nov 1, 7:03 am, luke BAKING barker [EMAIL PROTECTED] wrote:
looking at the HTML of the form I am submitting, I see there is this
token:
form id=MemberAddForm method=post action=/admin/members/addp
style=display: none;input type=hidden name=data[__Token][key]
value=451ed6fb6ba0df462ad05faad6f0bdaab07b667c id=Token1063112810 /
I suppose that is causing a mismatch upon a POST?
regards
luke
On Nov 1, 12:55 pm, luke BAKING barker [EMAIL PROTECTED] wrote:
Hi,
I am using Cake 1.2 - 14th October nightly build. I have set up my
app_controller with admin routing, so that an admin function will ask
the user to authenticate with HTTP auth. (I had wanted to do a
simple .htaccess, with .htpasswd - so I thought I would try the Cake
way).
I have this working, BUT, when I submit an add form (e.g. submit
admin_Add or admin_edit) I get asked to authenticate again, which also
doesnt seem to work if correct details are put in. (The latter is to
do with my custom blackhole callback I think).
How can I tell the Security component not to ask for Auth again upon
a POST?
here is my app_controller code:
class AppController extends Controller {
var $helpers = array('Html','Form','Javascript');
var $components = array(Security);
function beforeFilter() {
if (isset($this-params[admin])) {
$this-Security-blackHoleCallback = 'incorrect';
$this-Security-requireLogin('*',array('type'='basic','realm' =
Configure::read('Settings.title')));
$this-Security-loginUsers = array(admin =
'password');
}
}
// added this callback because without, if a user enters wrong
details, auth prompt will not re-display
function incorrect () {
header('WWW-Authenticate: Basic' .'
realm=' .
Configure::read('Settings.title') . '');
header('HTTP/1.1 401 Unauthorized');
$this-autoRender = false;
$this-layout = '';
die('h1HTTP/1.1 401 Unauthorized./h1
Details incorrect.
Please refresh.');
}
if I change my callback to this, it will work, but this is insecure,
obviously as it simply authenticates any POSTs!
function incorrect () {
if(!$this-RequestHandler-isPost()) {
header('WWW-Authenticate: Basic' .'
realm=' .
Configure::read('Settings.title') . '');
header('HTTP/1.1 401 Unauthorized');
$this-autoRender = false;
$this-layout = '';
die('h1HTTP/1.1 401 Unauthorized./h1
Details incorrect.
Please refresh.');
}
else {
return true;
}
}
thank you in advance for any help you can offer.
Luke aka boobyW
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
