Re: HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty
Hi McFadly, hats interesting thanks. I normally use othAuth but I jsut wanted a very simple HTTP-Auth, and it seems to me that should be easily achievable with this Security component, although I have not been able to get it to work! All I would like to do is turn off the separate checking of POSTed data -- can anyone help? Or even someone who uses a HTTP-auth (with or without the digest) to post an example of their code to achieve it? I am not sure if a problem is arsing becasue my code is in the app_controller, maybe it would be better in each controller that needs the HTTP-auth; this seems to be the way of the OC presentation on Cake's example. thanks Luke On Nov 1, 4:58 pm, McFadly [EMAIL PROTECTED] wrote: Hi Luke - I think you're making this process more difficult than it needs to be. I haven't used HTTP auth in theSecuritycomponent, so I can't offer much insight in that realm. But you may just want to look into using the Auth component, its pretty straightforward. Check out Chris's article here:http://www.littlehart.net/atthekeyboard/2007/09/11/a-hopefully-useful... On Nov 1, 7:03 am, luke BAKING barker [EMAIL PROTECTED] wrote: looking at the HTML of the form I am submitting, I see there is this token: form id=MemberAddForm method=post action=/admin/members/addp style=display: none;input type=hidden name=data[__Token][key] value=451ed6fb6ba0df462ad05faad6f0bdaab07b667c id=Token1063112810 / I suppose that is causing a mismatch upon a POST? regards luke On Nov 1, 12:55 pm, luke BAKING barker [EMAIL PROTECTED] wrote: Hi, I am using Cake 1.2 - 14th October nightly build. I have set up my app_controller with admin routing, so that an admin function will ask the user to authenticate with HTTP auth. (I had wanted to do a simple .htaccess, with .htpasswd - so I thought I would try the Cake way). I have this working, BUT, when I submit an add form (e.g. submit admin_Add or admin_edit) I get asked to authenticate again, which also doesnt seem to work if correct details are put in. (The latter is to do with my custom blackhole callback I think). How can I tell theSecuritycomponent not to ask for Auth again upon a POST? here is my app_controller code: class AppController extends Controller { var $helpers = array('Html','Form','Javascript'); var $components = array(Security); function beforeFilter() { if (isset($this-params[admin])) { $this-Security-blackHoleCallback = 'incorrect'; $this-Security-requireLogin('*',array('type'='basic','realm' = Configure::read('Settings.title'))); $this-Security-loginUsers = array(admin = 'password'); } } // added this callback because without, if a user enters wrong details, auth prompt will not re-display function incorrect () { header('WWW-Authenticate: Basic' .' realm=' . Configure::read('Settings.title') . ''); header('HTTP/1.1 401 Unauthorized'); $this-autoRender = false; $this-layout = ''; die('h1HTTP/1.1 401 Unauthorized./h1 Details incorrect. Please refresh.'); } if I change my callback to this, it will work, but this is insecure, obviously as it simply authenticates any POSTs! function incorrect () { if(!$this-RequestHandler-isPost()) { header('WWW-Authenticate: Basic' .' realm=' . Configure::read('Settings.title') . ''); header('HTTP/1.1 401 Unauthorized'); $this-autoRender = false; $this-layout = ''; die('h1HTTP/1.1 401 Unauthorized./h1 Details incorrect. Please refresh.'); } else { return true; } } thank you in advance for any help you can offer. Luke aka boobyW --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty
looking at the HTML of the form I am submitting, I see there is this token: form id=MemberAddForm method=post action=/admin/members/addp style=display: none;input type=hidden name=data[__Token][key] value=451ed6fb6ba0df462ad05faad6f0bdaab07b667c id=Token1063112810 / I suppose that is causing a mismatch upon a POST? regards luke On Nov 1, 12:55 pm, luke BAKING barker [EMAIL PROTECTED] wrote: Hi, I am using Cake 1.2 - 14th October nightly build. I have set up my app_controller with admin routing, so that an admin function will ask the user to authenticate with HTTP auth. (I had wanted to do a simple .htaccess, with .htpasswd - so I thought I would try the Cake way). I have this working, BUT, when I submit an add form (e.g. submit admin_Add or admin_edit) I get asked to authenticate again, which also doesnt seem to work if correct details are put in. (The latter is to do with my custom blackhole callback I think). How can I tell the Security component not to ask for Auth again upon a POST? here is my app_controller code: class AppController extends Controller { var $helpers = array('Html','Form','Javascript'); var $components = array(Security); function beforeFilter() { if (isset($this-params[admin])) { $this-Security-blackHoleCallback = 'incorrect'; $this-Security-requireLogin('*',array('type'='basic','realm' = Configure::read('Settings.title'))); $this-Security-loginUsers = array(admin = 'password'); } } // added this callback because without, if a user enters wrong details, auth prompt will not re-display function incorrect () { header('WWW-Authenticate: Basic' .' realm=' . Configure::read('Settings.title') . ''); header('HTTP/1.1 401 Unauthorized'); $this-autoRender = false; $this-layout = ''; die('h1HTTP/1.1 401 Unauthorized./h1 Details incorrect. Please refresh.'); } if I change my callback to this, it will work, but this is insecure, obviously as it simply authenticates any POSTs! function incorrect () { if(!$this-RequestHandler-isPost()) { header('WWW-Authenticate: Basic' .' realm=' . Configure::read('Settings.title') . ''); header('HTTP/1.1 401 Unauthorized'); $this-autoRender = false; $this-layout = ''; die('h1HTTP/1.1 401 Unauthorized./h1 Details incorrect. Please refresh.'); } else { return true; } } thank you in advance for any help you can offer. Luke aka boobyW --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty
Hi Luke - I think you're making this process more difficult than it needs to be. I haven't used HTTP auth in the Security component, so I can't offer much insight in that realm. But you may just want to look into using the Auth component, its pretty straightforward. Check out Chris's article here: http://www.littlehart.net/atthekeyboard/2007/09/11/a-hopefully-useful-tutorial-for-using-cakephps-auth-component/ On Nov 1, 7:03 am, luke BAKING barker [EMAIL PROTECTED] wrote: looking at the HTML of the form I am submitting, I see there is this token: form id=MemberAddForm method=post action=/admin/members/addp style=display: none;input type=hidden name=data[__Token][key] value=451ed6fb6ba0df462ad05faad6f0bdaab07b667c id=Token1063112810 / I suppose that is causing a mismatch upon a POST? regards luke On Nov 1, 12:55 pm, luke BAKING barker [EMAIL PROTECTED] wrote: Hi, I am using Cake 1.2 - 14th October nightly build. I have set up my app_controller with admin routing, so that an admin function will ask the user to authenticate with HTTP auth. (I had wanted to do a simple .htaccess, with .htpasswd - so I thought I would try the Cake way). I have this working, BUT, when I submit an add form (e.g. submit admin_Add or admin_edit) I get asked to authenticate again, which also doesnt seem to work if correct details are put in. (The latter is to do with my custom blackhole callback I think). How can I tell the Security component not to ask for Auth again upon a POST? here is my app_controller code: class AppController extends Controller { var $helpers = array('Html','Form','Javascript'); var $components = array(Security); function beforeFilter() { if (isset($this-params[admin])) { $this-Security-blackHoleCallback = 'incorrect'; $this-Security-requireLogin('*',array('type'='basic','realm' = Configure::read('Settings.title'))); $this-Security-loginUsers = array(admin = 'password'); } } // added this callback because without, if a user enters wrong details, auth prompt will not re-display function incorrect () { header('WWW-Authenticate: Basic' .' realm=' . Configure::read('Settings.title') . ''); header('HTTP/1.1 401 Unauthorized'); $this-autoRender = false; $this-layout = ''; die('h1HTTP/1.1 401 Unauthorized./h1 Details incorrect. Please refresh.'); } if I change my callback to this, it will work, but this is insecure, obviously as it simply authenticates any POSTs! function incorrect () { if(!$this-RequestHandler-isPost()) { header('WWW-Authenticate: Basic' .' realm=' . Configure::read('Settings.title') . ''); header('HTTP/1.1 401 Unauthorized'); $this-autoRender = false; $this-layout = ''; die('h1HTTP/1.1 401 Unauthorized./h1 Details incorrect. Please refresh.'); } else { return true; } } thank you in advance for any help you can offer. Luke aka boobyW --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---