I was having the hardest time getting Auth and ACL working in the
latest Cake 1.2. The several helpful tutorials I found got me set up
but then I ran into a problem. Any login data (username and password)
would authenticate, even if it was blank!
I dug around in the Auth component and found what was causing the
problem. The startup function of the component was recognizing it was
on the login page automatically like i wanted and then passing the
inputted data to the login function. The login function then calls
the identify function which returns the user or null if there is an
error. Identify was returning a user even on empty data.
The identify function (simplified) works like this:
if(user is array) {
if(user in form user[fieldname] {
if(user is blank or password is blank) {
return false;
}
create find conditions
} else if( user in form user[user.fieldname] {
if(user is blank or password is blank) {
return false;
}
create find conditions
}
user = find
}
I knew that when I entered a blank username and password I was
reaching that return false code after checking that that the username
was blank, but it wasn't returning out of the function. What it would
do is just exit the if statement without setting the find conditions.
The find conditions would then be an empty array and would
authenticate on my userScope, pulling the first active user.
To fix this I added an else statement to the if else group that checks
the form of the user input.
if(user in form user[fieldname]) {
...
} else if(user in form user[user.fieldname]) {
...
} ELSE {
return null;
}
Then when it finds a blank username or password it returns false,
control then enters the new else statement which returns null out of
identify, failing login as expected.
Maybe someone can better explain why the return false in the if
statement that checks to see if the username or password is blank
doesn't return out of the function, but this worked for me.
Another couple weird things I noticed.
1) The startup controller adds an equal sign before fields when saving
them to the data array, so $data[User.login] = '= username'; And then
the checks look for a an equal sign to see if the username is blank,
it seems redundant and you could just check for empty if it was a
blank string.
2) The automatic login worked for me, but like Brian in his super
helpful guide
http://realm3.com/articles/setting_up_users_groups_withacl_and_auth_in_cake_1.2.php
, the flash notification wasn't working. This is because the setFlash
isn't keyed to the default 'flash', getting rid of the specific keying
works, or you can set your layout to look for the proper key. I just
changed mine to $this->Session->setFlash($this->loginError); There
isn't a flash set for a successful login, this would be simple to add
to the component just another var set, but for now I just use user
login function to handle it.
function login() {
if($this->Session->check('AuthenticatedUser')) {
$this->Session->setFlash('You are already logged in.');
$this->redirect('/admin', null, true);
} else {
if(!empty($this->data)){
if($this->Auth->login()) {
$this->Session->setFlash('Login successful.');
}
}
}
}
3) Mentioned before but in the setDefaults function it incorrectly
checks to see if logoutAction is set instead of checking for
logoutRedirect.
Anyway that's my first foray into understanding the 1.2 Auth
component, hope it helps =D.
-thebrillopuff
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
