Problems with login CAKEPHP 2.6.1

Asked

Viewed 449 times

3

I’m having trouble logging in to the Cakephp site, I’m following the example described on the site, but when you enter any user or password, even if you are not registered in the bank, it allows access to the features.

Follow the code below:

User.php 

<?php       

App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');
App::uses('AppModel', 'Model');



class User extends AppModel{

    public $validate = array(
            'username' => array(
                'required' => array(
                    'rule' => array('notEmpty'),
                    'message' => 'A username is required.'
                )
            ),
            'password' => array(
                'required' => array(
                    'rule' => array('notEmpty'),
                    'message' => 'A password is required.'
                )
            ),
            'role' => array(
                'valid' => array(
                    'rule' => array('inList', array('admin', 'author')),
                    'message' => 'Please enter a valid role',
                    'allowEmpty' => false
                )
            ),

    );

    public function beforeSave($options = array()) {
        if (isset($this->data[$this->alias]['password'])) {
            $passwordHasher = new BlowfishPasswordHasher();
            $this->data[$this->alias]['password'] = $passwordHasher->hash(
                    $this->data[$this->alias]['password']
            );
        }
        return true;
    }

}
?>

Userscontroller.php

<?php

App::uses('AppController', 'Controller');

class UsersController extends AppController{

    public function beforeFilter(){
        parent::beforeFilter();
        $this->Auth->allow('logout');
    }

    public function index(){
        $this->User->recursive = 0;
        $this->set('users', $this->paginate());
    }

    public function view($id = null){
        $this->User->id = $id;
        if(!$this->User->exists()){
            throw new NotFoundException(__('Invalid User'));
        }
        $this->set('user', $this->User->read(null, $id));
    }

    public function add(){
        if($this->request->is('post')){
            $this->User->create();
            if($this->User->save($this->request->data)){
                $this->Session->setFlash(__('The User has been saved.'));
                $this->redirect(array('action' => 'index'));
            }
            else {
                $this->Session->setFlash(__('The user could not be saved. Please try again.'));
            }
        }

    }

    public function edit($id = null){
        $this->User->id = $id;
        if (!$this->User->exists()){
            throw new NotFoundException(__('Invalid User'));
        }

        if($this->request->is('post') || $this->request->is('put')){
            if($this->User->save($this->request->data)){
                $this->Session->setFlash(__('The user has been saved'));
                $this->redirect(array('action' => 'index'));
            }
            else {
                $this->Session->setFlash(__('The user could not been saved. Please, try again.'));
            }               
        }
        else{
            $this->request->data = $this->User->read(null, $id);
            unset($this->request->data['User']['password']);
        }
    }

    public function delete($id = null){
        $this->request->allowMethod('post');

        $this->User->id = $id;
        if(!$this->User->exists()){
            throw new NotFoundException(__('Invalid User'));
        }

        if($this->User->delete()){
            $this->Session->setFlash(__('User deleted.'));
            return $this->redirect(array('action' => 'index'));
        }
        $this->Session->setFlash(__('User was not deleted.'));
        return $this->redirect(array('action' => 'index'));
    }

    public function login(){
        if ($this->request->is('post')){
            if($this->Auth->login()){
                $this->redirect($this->Auth->redirectUrl());
            }
            else{
                $this->Session->setFlash(__('Invalid username or password, try again'));
            }
        }
    }

    public function logout(){
        return $this->redirect($this->Auth->logout());
    }
}
?>

Appcontroller.php

<?php

App::uses('Controller', 'Controller');

class AppController extends Controller {

    public function beforeFilter(){
        $this->Auth->allow('index', 'view');
    }

    public $components = array(
            'Session',
            'Auth' => array(
                'loginRedirect' => array(
                    'controller' => 'posts',
                    'action'     => 'index' 
                ),
                'logoutRedirect' => array(
                    'controller' => 'pages',
                    'action'     => 'display',
                    'home'
                ),
                'authenticate' => array(
                    'Form' => array(
                            'passwordHasher' => 'Blowfish'
                    )
                )
            )
    );
}

?>

Login.ctp

<div class="users form">
    <?php echo $this->Session->flash('auth'); ?>
    <?php echo $this->Form->create('User'); ?>
    <fieldset>
        <legend>
            <?php echo __('Please enter your username and password'); ?>
        </legend>

        <?php echo $this->Form->input('username'); 
            echo $this->Form->input('password');
        ?>
    </fieldset>     
    <?php echo $this->Form->end(__('Login')); ?>

</div>

I found the Framework very interesting, but for some reason it is not validating the information that is contained in the database.

cakephp login

  • Which error is presented? Which name of your user table?

  • In your Appcontroller, try removing this code snippet. public Function beforeFilter(){ $this->Auth->allow('index', 'view'); }

  • The error presented is that with any user I can authenticate myself in the system, even if the password is wrong or the user is not registered in the bank. The $this->Auth->login() function is always returning true. I will remove the code and post the reset.

2 answers

1

Remove in Appcontroller the line in the beforeFilter method.

$this->Auth->allow('index', 'view');

And in Usercontroller replace: 

$this->Auth->allow('logout');

for: 

$this->Auth->allow('logout','login');

1

Thanks for the help, I was able to solve the problems that were giving. The solution given above made me only able to enter the system through login.

The other problem that I was having, even if I informed a wrong user and the system accepted, I solved it as follows:

Userscontroller.php

public function beforeFilter(){
        parent::beforeFilter();
        $this->Auth->allow('login', 'logout');

        //Se estiver logado, redireciona para página
        if ($this->Session->check('Auth.User')) {
            $this->redirect(array('controller' => 'posts', 'action' => 'index'));
        }
        else{
            $this->Session->delete('User');
        }
    }

The problem was in the session as the data was getting stored. Now I check if the user is already logged in, it is redirected to the main page and if the session expires a new login is requested, erasing the previously stored data.

And yet I made the following change:

core php.

Configure::write('Session', array(
    'defaults' => 'php',
    'timeout' => 30, // A sessão irá expirar após 30 minutos de inatividade
));

I set my session to expire with 30 minutes.

Thank you all for your support.

Browser other questions tagged cakephp login

You are not signed in. Login or sign up in order to post.