I also add my experience with Auth component :
http://groups.google.com/group/cake-php/browse_thread/thread/deb393fc04849829/1e83613ea09bbac3?lnk=gst&q=auth+francky06l&rnum=1#1e83613ea09bbac3
I haven't tested the empty password but will try soon.
I had to set some work around, but you can post an enhancement ticket
on trac :-)
On Aug 14, 11:38 pm, thebrillopuff <[EMAIL PROTECTED]> wrote:
> I was having the hardest time getting Auth and ACL working in the
> latest Cake 1.2. The several helpful tutorials I found got me set up
> but then I ran into a problem. Any login data (username and password)
> would authenticate, even if it was blank!
>
> I dug around in the Auth component and found what was causing the
> problem. The startup function of the component was recognizing it was
> on the login page automatically like i wanted and then passing the
> inputted data to the login function. The login function then calls
> the identify function which returns the user or null if there is an
> error. Identify was returning a user even on empty data.
>
> The identify function (simplified) works like this:
>
> if(user is array) {
> if(user in form user[fieldname] {
> if(user is blank or password is blank) {
> return false;
> }
> create find conditions
> } else if( user in form user[user.fieldname] {
> if(user is blank or password is blank) {
> return false;
> }
> create find conditions
> }
> user = find
>
> }
>
> I knew that when I entered a blank username and password I was
> reaching that return false code after checking that that the username
> was blank, but it wasn't returning out of the function. What it would
> do is just exit the if statement without setting the find conditions.
> The find conditions would then be an empty array and would
> authenticate on my userScope, pulling the first active user.
>
> To fix this I added an else statement to the if else group that checks
> the form of the user input.
>
> if(user in form user[fieldname]) {
> ...
>
> } else if(user in form user[user.fieldname]) {
> ...
> } ELSE {
> return null;
> }
>
> Then when it finds a blank username or password it returns false,
> control then enters the new else statement which returns null out of
> identify, failing login as expected.
>
> Maybe someone can better explain why the return false in the if
> statement that checks to see if the username or password is blank
> doesn't return out of the function, but this worked for me.
>
> Another couple weird things I noticed.
>
> 1) The startup controller adds an equal sign before fields when saving
> them to the data array, so $data[User.login] = '= username'; And then
> the checks look for a an equal sign to see if the username is blank,
> it seems redundant and you could just check for empty if it was a
> blank string.
>
> 2) The automatic login worked for me, but like Brian in his super
> helpful
> guidehttp://realm3.com/articles/setting_up_users_groups_withacl_and_auth_i...
> , the flash notification wasn't working. This is because the setFlash
> isn't keyed to the default 'flash', getting rid of the specific keying
> works, or you can set your layout to look for the proper key. I just
> changed mine to $this->Session->setFlash($this->loginError); There
> isn't a flash set for a successful login, this would be simple to add
> to the component just another var set, but for now I just use user
> login function to handle it.
>
> function login() {
> if($this->Session->check('AuthenticatedUser')) {
> $this->Session->setFlash('You are already logged in.');
> $this->redirect('/admin', null, true);
> } else {
> if(!empty($this->data)){
> if($this->Auth->login()) {
> $this->Session->setFlash('Login successful.');
> }
> }
> }
>
> }
>
> 3) Mentioned before but in the setDefaults function it incorrectly
> checks to see if logoutAction is set instead of checking for
> logoutRedirect.
>
> Anyway that's my first foray into understanding the 1.2 Auth
> component, hope it helps =D.
>
> -thebrillopuff
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
