Hi community,
I'm trying to create a public interface to allow for registration and
I'm experiencing an issue that i don't understand. I have ACL (with
bindNode for easy group permissions) setup but no permissions within
the aro_aco join table as of yet. Please correct me but with no
permissions in the aro_aco table no one should have access to any of
the users controller actions.
When I completely remove the beforeFilter function, this holds true.
I can not access the users controllers index function - as expected.
However when I simply put the function back in, I can access index,
edit , etc..
function beforeFilter() {
$this->Auth-
>allow('register','register_confirm','verify','login','logout');
$this->Auth->autoRedirect = false;
}
Even if i just add an empty beforeFilter declaration. the access to
the users controller is opened up again.
I don't get it.
var $name = 'Users';
var $layout = 'gsc-layout';
var $components = array('Email','Acl', 'Auth', 'Session');
var $uses = array('User','Group');
var $paginate = array(
'limit' => 100,
'order' => array(
'user_id' => 'asc'
)
);
function index() {
$this->User->recursive = 0;
$this->set('users', $this->paginate());
}
function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid user', true));
$this->redirect(array('action' => 'index'));
}
$this->set('user', $this->User->read(null, $id));
}
function add() {
if (!empty($this->data)) {
$this->User->create();
if ($this->User->save($this->data)) {
$this->Session->setFlash(__('The user has been
saved', true));
$this->redirect(array('action' => 'index'));
} else {
$this->Session->setFlash(__('The user could not
be saved. Please,
try again.', true));
}
}
$users = $this->User->find('list');
$groups = $this->User->Group->find('list');
$this->set(compact('users', 'groups'));
}
function edit($id = null) {
if (!$id && empty($this->data)) {
$this->Session->setFlash(__('Invalid user', true));
$this->redirect(array('action' => 'index'));
}
if (!empty($this->data)) {
if ($this->User->save($this->data)) {
$this->Session->setFlash(__('The user has been
saved', true));
$this->redirect(array('action' => 'index'));
} else {
$this->Session->setFlash(__('The user could not
be saved. Please,
try again.', true));
}
}
if (empty($this->data)) {
$this->data = $this->User->read(null, $id);
}
$users = $this->User->find('list');
$groups = $this->User->Group->find('list');
$this->set(compact('users', 'groups'));
}
function delete($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid id for user', true));
$this->redirect(array('action'=>'index'));
}
if ($this->User->delete($id)) {
$this->Session->setFlash(__('User deleted', true));
$this->redirect(array('action'=>'index'));
}
$this->Session->setFlash(__('User was not deleted', true));
$this->redirect(array('action' => 'index'));
}
function send_confirm_email($user_id){
$User = $this->User->read(null,$user_id);
//$this->Email->to = $User['User']['email'];
$this->Email->to = $User['User']['email'];
//$this->Email->bcc = array('[email protected]');
$this->Email->subject = 'Web Registration Confirmation';
$this->Email->replyTo = 'me@mysitecom';
$this->Email->from = 'The co <[email protected]>';
$this->Email->template = 'registration_confirm'; // note no '.ctp'
//Send as 'html', 'text' or 'both' (default is 'text')
$this->Email->sendAs = 'text'; // because we like to send pretty
mail
//Set view variables as normal
$this->set('User', $User);
//Do not pass any args to send()
$this->Email->send();
}
function register(){
if (!empty($this->data)) {
if ($this->data['User']['password'] == $this->Auth-
>password($this->data['User']['password_confirm'])) {
$this->User->create();
//send verification link to email address and wait for
verification
if ( $this->User->save($this->data) ) {
//get id of new record
//$this->generateConfirmKey();
$this->generate_confirm_key($this->User->id);
$this->send_confirm_email($this->User->id);
$this->redirect(array('controller'=>'users','action' =>
'register_confirm',$this->User->id));
}
else{
$this->Session->setFlash(__('The new user record could not be
created. Please, try again.', true));
}
}else{
$this->Session->setFlash(__('Passwords do not match. Please
try again.', true));
}
}
}
function verify($id, $key){
if(! empty($key) && ! empty($id) ) {
$User = $this->User->read(null, $id);
if( $User['User']['verify_key'] == $key ){
$User['User']['verified'] = 't';
if($this->User->save($User)){
$this->Session->setFlash(__('Account Verified. Thank you.',
true));
$this->redirect(array('controller'=>'ee_customers','action'
=> 'index',$id));
}
}
$this->Session->setFlash(__('ACCOUNT VERIFICATION FAILED.',
true));
$this->redirect(array('controller'=>'users','action' =>
'register_confirm',$id));
}
}
function resend_confirm_email($user_id){
$this->generate_confirm_key($user_id);
$this->send_confirm_email($user_id);
$this->redirect(array('controller'=>'users','action' =>
'register_confirm',$user_id));
}
function generate_confirm_key($user_id){
//generate a random key for verification
$random = '';
$length = '32';
for ($i = 0; $i < $length; $i++) {
$random .= mt_rand(0, 9);
}
$data = $this->User->read(null, $user_id);
$data['User']['verify_key'] = $random;
$this->User->save($data);
}
function register_confirm($user_id){
$User = $this->User->read(null, $user_id);
$this->set('User', $User);
}
function login() {
if ($this->Auth->user()){
$User = $this->Auth->user();
$id = $User['User']['user_id'];
if ( $User['User']['verified'] ) {
$this->redirect(array('controller'=>'Splash','action' =>
'index'));
}
else{
$this->redirect(array('controller'=>'users','action' =>
'register_confirm', $id));
}
}
}
function logout() {
$this->Session->setFlash('Good-Bye');
$this->redirect($this->Auth->logout());
}
function bindNode($user) {
return array('model' => 'Group', 'foreign_key' => $user['User']
['group_id']);
}
function beforeFilter() {
$this->Auth-
>allow('register','register_confirm','verify','login','logout');
$this->Auth->autoRedirect = false;
}
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
