Re: Remote Login Form - security blocking?
Okay, I found the solution! I needed to set cake security to medium instead of high, so that the session_id isn't regenerated upon every request. That's my solution for now anyway. It works! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Remote Login Form - security blocking?
Update: I was able to pinpoint that the issue is in fact a session issue. I created a smaller test case to verify this, although I still don't know what the solution is. When I submit the form to the server, it saves some values in the session, but then when it redirects, the session variables are gone. The server is secure (https), and I've tried submitting from both http and an https and am getting the same results. It works fine on my local machine to my local machine, or on the server to the server, but not from one posting to the other. What can I do? Thanks, Brandon --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Remote Login Form - security blocking?
Thanks for the reply. Here is the login function code. (see below) I have verified that it is at least getting to this function, and the Authentication component is finding and returning the user properly. Yes, I am redirecting at the end of the function. Is there some trouble then, with having sessions created after coming from remote server? function login() { if (!empty($this-data)) { if (!empty($this-data['User']['current_url'])) // for remote logins $this-Session-write('current_url', $this-data['User'] ['current_url']); $this-Authentication-userFieldName = 'username'; $data = $this-Authentication-userExists($this-data['User'] ['username'], $this-data['User']['password']); // Just checking here to make sure the user's account is active. if (!empty($data) $data['Usergroup']['name'] == 'Site Admin' || ( ($data['Studio']['StudioStatus']['name'] == 'Active' || $data['Studio']['StudioStatus']['name'] == 'Trial') ) ) { if (is_null($data['Studio']['expiration_date']) || strtotime($data['Studio']['expiration_date']) time()) { $expired = false; } else { if ($data['Usergroup']['name'] == 'Studio Admin') { // Account is expired. Let studio admin login just to update billing info $expired = true; $this-Session-write('expired', true); } else // Don't let other users in the studio login { $this-flash('Sorry, this account is not currently active. Please contact the studio administrator.', 'warning'); $this-redirect('/users/login'); exit(); } } $this-Session-write('User', $data['User']); $this-Session-write('Usergroup', $data['Usergroup']); if (isset($data['User']['studio_id'])) { $this-Session-write('Studio', $data['Studio']); } else { $data['Studio']['name'] = 'Studio Helper'; $this-Session-write('Studio', $data['Studio']); } $this-Session-write('Usergroup.child_usergroup_id', $this- Usergroup-field('id', 'rank '.$this-Session- read('Usergroup.rank').' ORDER BY rank DESC')); $this-flash('Welcome, '.$data['User']['first_name'].'!', 'success'); // Update last login date $userdata['User']['id'] = $data['User']['id']; $userdata['User']['last_login_date'] = date('Y-m-d H:i:s'); $this-User-save($userdata); if ($data['Usergroup']['name'] == 'Site Admin') { if (DEVELOPMENT_MODE) $this-redirect('/studios'); else { // Make SSL //if (!env(HTTPS)) $this-redirect('https://' . $_SERVER['SERVER_NAME'] .'/ studios'); //$this-redirect('https://studiohelper.com/studios'); } } else { // Default initial login page(s) if (DEVELOPMENT_MODE) $this-redirect('/users/dashboard'); else
Remote Login Form - security blocking?
Hello, I'm trying to allow users to login to my CakePHP website from remote servers. So, they can put a login form on their own website to login, rather than having to go to my website. This is simply a regular html form created that posts to the /users/remote_login action of my website. (Yes, I'm making sure that it's posting to the correct domain - the domain that's hosting the website and the Cake code, not the the domain that's hosting the login form). So, it submits the POST request to my website, logs in their session, and then redirects them to a page on my site. This remote login form works great if it's done from the same server (so, locally, not remotely), but if the form is placed on a remote server, and you try to login, permission is denied. I'm just wondering if there's something in Cake's security component, or something else that is prohibiting remote logins. Does it reject post requests if they come from an IP address that's different from what the server is sitting on? I've tried disabling the security component and it still doesn't work, so I'm not sure what else to try. Can anyone offer some insight into how I might resolve this? Thanks, Brandon --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Remote Login Form - security blocking?
If I had to guess, I'd say it was because of the way that URL rewrites and sessions are handled in CakePHP. Perhaps if you share a view of the code and where it's failing, it might make more sense. Do you have a redirect at the end of the login function? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---