The first thing you need to do is to add the Auth component to your controllers. Since typically you want all your controllers to utilize the Auth component, it is best to create an App controller and include it in there.
Create
/app/app_controller.php
<?php
class AppController extends Controller{
var $components = array('Auth');
}
?>If at any time you encounter trouble with your authentication, comment out this line to turn it off.
NOTE: When you explicitly define your components, you disable the default components in CakePHP, such as
Session so if you want to use the session component, be sure to explicitly define it in your array.
var $components = array('Auth','Session');
The next requirement is to have login() and logout methods in your users controller.
Exit
/app/controllers/users_controller.php and add the login and logout methods as below.
function login() {
$this->set('title_for_layout', 'Login');
/* If user is already logged in, redirect */
if ($this->Auth->user()) {
$this->redirect($this->Auth->redirect());
}
}
function logout() {
$this->redirect($this->Auth->logout());
}
The last requirement is the view for the login action of the users controller.
Create
/app/views/users/login.ctp
<?php
echo $session->flash('auth');
echo $form->create('User', array('action' => 'login'));
echo $form->input('username');
echo $form->input('password');
echo $form->end('Login');
?>
The login view uses the form helper to create a form allowing entry of the username and password.
In a controller, the
beforeFilter() method is called automatically before any other controller action. This is where you define the settings for your Auth component.
Edit
/app/app_controller.php and add the beforeFilter method below.
function beforeFilter() {
/* Set username and password fields if not using default 'username' and 'password' */
$this->Auth->fields = array('username' => 'email', 'password' => 'password');
/* What actions are allowed without authentication */
$this->Auth->allow('*'); // Allow all defined methods
}By default, the Auth component only allows the login and logout methods. Allowing all actions will allow you to create a user and set the password so you will be able to login once you lock the site down.
If you are still using scaffolding at this point however, scaffold methods are not allowed without being explicitly defined.
Edit
/app/app_controller.php and change the $this->Auth->allow() command as follows:
$this->Auth->allow('*', 'add');
Browse to http://drug-ed.com/users/add/ and create a new user with a properly hashed password so you can login.
Edit
/app/app_controller.php and comment out the $this->Auth->allow() command to prevent all access to the site unless signed in. Browse to any page then login it verify it works.
If you are not allowing all actions and are explicitly defining the actions you are allowing, remember that for static pages the default action is
'display' and is required for authorization to view those pages.
No comments:
Post a Comment