Yup, let me clarify a bit more, you're passing $this->reuqest->data into
$this->Auth->login():
$this->Auth->login($this->request->data)
This will always log the user in no matter what is posted!
On Thursday, 21 June 2012 00:37:07 UTC+3, Max Dörfler wrote:
>
> Like I said: You are passing data into the login function. In 2.0 this
> "will log the user in with whatever data is posted". Thats why only the two
> fields posted are displayed and the PW isn't hashed. Since you haven't
> specified what version of cake you are using, I still assume this is the
> reason. If you say you don't use cake 2.x I'll stop bothering you. ;)
>
> On 06/20/2012 09:27 PM, Joey Hauschildt wrote:
>
> I just followed the tutorial in the book. The only custimization I made
> was was using the email field instead of the username field.
>
> Here is my AppController:
>
> class AppController extends Controller {
>
> public $uses = array('User');
>
> public $components = array(
> 'Session',
> 'Auth' => array(
> 'loginRedirect' => array('controller' => 'posts', 'action' =>
> 'index'),
> 'logoutRedirect' => array('controller' => 'pages', 'action' =>
> 'display', 'home')
> )
> );
>
> public function beforeFilter() {
> $this->Auth->allow('index', 'view');
> $this->set('logged_in', $this->Auth->LoggedIn());
> $this->set('current_user', $this->Auth->user());
> //debug($this->Session->read('Auth.User'));
> }
>
> public function isAuthorized($user) {
> return TRUE;
> }
>
> }
>
>
> And here is my Users/login action:
>
> public function login() {
> if ($this->request->is('post')) {
>
> if ($this->Auth->login($this->request->data)) {
> return $this->redirect($this->Auth->redirect());
> } else {
> $this->Session->setFlash(__('Username or password is
> incorrect'), 'default', array(), 'auth');
> }
> }
> }
>
>
> The beforeFilter in my Users controller:
>
> public function beforeFilter() {
> parent::beforeFilter();
> $this->Auth->fields = array('username' => 'email', 'password' =>
> 'password');
> $this->Auth->allow('add', 'logout');
> }
>
>
>
> On Wednesday, June 20, 2012 12:31:35 AM UTC-6, Борислав Събев wrote:
>>
>> This could be the case - a wrongly implemented Authentication system. @Joey
>> Hauschildt $this->Auth->user() and the "Auth.User" Session key should both
>> return/contain the full user information - i.e. all fields from the users
>> DB table. This behaviour is strange. Can you provide more info on your
>> exact implementation.
>>
>> Cheers,
>> Borislav.
>>
>>
>> On Wednesday, 20 June 2012 00:36:24 UTC+3, Max Dörfler wrote:
>>>
>>>
>>> http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#identifying-users-and-logging-them-in
>>>
>>> "In 2.0 $this->Auth->login($this->request->data) will log the user in
>>> with whatever data is posted, whereas in 1.3
>>> $this->Auth->login($this->data) would try to identify the user first
>>> and only log in when successful."
>>>
>>> I assume you are yousing 2.x. I guess this is what you are looking for.
>>> Call login() without params.
>>>
>>> On 06/19/2012 11:18 PM, Joey Hauschildt wrote:
>>>
>>> I am. All passwords in the db are hashed. The problem seems to be that
>>> instead of getting info from the users table, it is only filling
>>> debug($this->Session->read('Auth.User'));
>>> and debug($this->Auth->User()) with data from the form. Otherwise the
>>> password would be hashed. It has nowhere else to get an unhashed password
>>> from. This seems like a pretty poor choice for default behavior. I would
>>> prefer that my app didn't store passwords from the form anywhere.
>>>
>>> On Tuesday, June 19, 2012 2:50:45 PM UTC-6, Jeremy Burns wrote:
>>>>
>>>> You should be hashing the password before saving it.
>>>>
>>>> Jeremy Burns
>>>> Class Outfit
>>>>
>>>> http://www.classoutfit.com
>>>>
>>>> On 19 Jun 2012, at 19:41:30, Joey Hauschildt wrote:
>>>>
>>>> debug($this->Session->read('Auth.User'));
>>>> and debug($this->Auth->User()); both return:
>>>>
>>>> array(
>>>> 'User' => array(
>>>> 'password' => '*****',
>>>> 'email' => '[email protected]'
>>>> )
>>>> )
>>>>
>>>> These are the fields that the user uses to log in. The password isn't
>>>> even hashed. When I print_r, it displays the actual password. I would like
>>>> to have access to other user info like an ID or role. Do I need to use my
>>>> own query to get this info or should the Auth Component be grabbing that
>>>> stuff for me?.
>>>>
>>>> --
>>>> Our newest site for the community: CakePHP Video Tutorials
>>>> http://tv.cakephp.org
>>>> Check out the new CakePHP Questions site http://ask.cakephp.org and
>>>> help others with their CakePHP related questions.
>>>>
>>>>
>>>> To unsubscribe from this group, send email to
>>>> [email protected] For more options, visit this
>>>> group at http://groups.google.com/group/cake-php
>>>>
>>>>
>>>> --
>>> Our newest site for the community: CakePHP Video Tutorials
>>> http://tv.cakephp.org
>>> Check out the new CakePHP Questions site http://ask.cakephp.org and
>>> help others with their CakePHP related questions.
>>>
>>>
>>> To unsubscribe from this group, send email to
>>> [email protected] For more options, visit this
>>> group at http://groups.google.com/group/cake-php
>>>
>>>
>>> --
> Our newest site for the community: CakePHP Video Tutorials
> http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help
> others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> [email protected] For more options, visit this group
> at http://groups.google.com/group/cake-php
>
>
>
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
