On Friday, December 9, 2011 6:58:26 AM UTC-8, Wendall wrote: > > Thanks, I was able to get Auth working as you'd described. How can I
implement an expiration date? I have a db field called start_date, > and want to 'expire' the passcodes 30 days after they're created. This is done when you pull, or read the passcode record. You simple either add a condition that eliminates the old passcodes, or you read the passcode and check the date once you have the data. If the passcode is not retrieved or too old, kick back with error and do not authenticate. > I have a feeling that this logic should go in the Model, but with the > Auth component working in the mix I'm not sure how to code it. Put a > login method in the model that tests the age of the passcode? How can > I set this up while still working with the Auth component? No I would put it in the model, this is control logic, so it is ok to keep in the controller. Here are the steps I would take: 1. Try to read the passcode record. 2. If the date is too old, then redirect back to login. 3. If the passcode is valid, then read the associated user record. 4. Use the Auth->login() method to create authenticated session. 5. Redirect them to where ever you want. > thanks again for any help. > Your welcome. Just a note about the use of models and controllers... If the logic is data specific you can put it in the model, if it is request specific you leave it in the controller. Just because the controller needs to be "skinny," doesn't mean that you should handicap it by always putting things in the model. The Auth component is based in the Session, which has everything to do with the Server and the Web Requests. You don't want to tied up you Model with worrying about the session. That is the controller's job. If you were you want to use the model elsewhere, (Such as a shell script) you won't have access to the session and your model will break. Happy Coding! > On Dec 7, 10:31 am, Geoff Douglas <[email protected]> wrote: > > I done something like this before. I called them tokens, and they are > used > > to log someone in. > > > > I user the $this->Auth->login({User Data}); method, from a controller. > (Cake1.3 > > Docs <http://book.cakephp.org/view/1261/login> | Cake2.0 Docs< > http://book.cakephp.org/2.0/en/core-libraries/components/authenticati...> > > ) > > > > What you can do is save the passcode value, and tie it to a user record. > > Have the passcode login process, pull the passcode record, as well as the > > associated User data, log them in via the Auth Login method. > > > > This is not a secure login, so as long as the application is not housing > > any business critical data, or personal sensitive data, then this should > > work for you. I would probably still store the passcode as a secure hash, > > using the Security component, and have an expiration date on the > > passcodes.. just for added safety. > > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
