On Thursday, 17 November 2011 01:50:09 UTC+1, huoxito wrote:
>
> So it seems I got a stupid question. Sorry folks sometimes I just cant see
> the sutff Im looking for.
>
> Just read the new Auth doc carefully. I realized that theres authenticate
> and authorize configs but I did not realize why it is ok to authenticate
> when a user submitts a blank login form or whatever else.
>
Pardon?
> I pass empty values or values of a user that doesnt exist on the model and
> it still passes authentication .. why? It doesnt sound weird?
>
Well, you're still not reading the code example in the book.
>
> I get it that this works fine $this->Auth->login(). But I really don't get
> it why $this->Auth->login("whatever shit is submitted passes
> authentication") always return true.
>
Because that code is silly and what you're saying there is explicitly log
"whatever shit is submitted passes authentication" in as the current user.
If there is any clear explanation about that on the docs I'm sorry I just
> miss it.
>
How about the code? You're confusing login with identify.
I don't really understand your issue in that you simply don't pass args to
login (ordinarily you never pass arguments to login) as shown in the docs -
and it just works. If you pass args to login you are bypassing the identify
logic and explicitly logging in whatever arguments you passed as the
current user. A contrived example of appropriate use would be .. for
example:
if (env('WHUTEVAH') === 'some specific value') {
$this->Auth->login(array('id' => 0, 'username' => 'Uberadmin'));
}
I.e. you only do that when you want to say "this is the current logged in
user" not "who is the current logged in user"
AD
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
