Problems with CAKEPHP login 2.6.1

Question

Problems with CAKEPHP login 2.6.1

Navigation

#1 by (1 votes)
#2 by (1 votes)

3

I am having problems with the login of the CakePHP site, I am following the example that is described in the site, however informing any user or password, even if it is not registered in the bank, it allows access to the features.

The following is the code below:

User.php

<?php       

App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');
App::uses('AppModel', 'Model');



class User extends AppModel{

    public $validate = array(
            'username' => array(
                'required' => array(
                    'rule' => array('notEmpty'),
                    'message' => 'A username is required.'
                )
            ),
            'password' => array(
                'required' => array(
                    'rule' => array('notEmpty'),
                    'message' => 'A password is required.'
                )
            ),
            'role' => array(
                'valid' => array(
                    'rule' => array('inList', array('admin', 'author')),
                    'message' => 'Please enter a valid role',
                    'allowEmpty' => false
                )
            ),

    );

    public function beforeSave($options = array()) {
        if (isset($this->data[$this->alias]['password'])) {
            $passwordHasher = new BlowfishPasswordHasher();
            $this->data[$this->alias]['password'] = $passwordHasher->hash(
                    $this->data[$this->alias]['password']
            );
        }
        return true;
    }

}
?>

UsersController.php

<?php

App::uses('AppController', 'Controller');

class UsersController extends AppController{

    public function beforeFilter(){
        parent::beforeFilter();
        $this->Auth->allow('logout');
    }

    public function index(){
        $this->User->recursive = 0;
        $this->set('users', $this->paginate());
    }

    public function view($id = null){
        $this->User->id = $id;
        if(!$this->User->exists()){
            throw new NotFoundException(__('Invalid User'));
        }
        $this->set('user', $this->User->read(null, $id));
    }

    public function add(){
        if($this->request->is('post')){
            $this->User->create();
            if($this->User->save($this->request->data)){
                $this->Session->setFlash(__('The User has been saved.'));
                $this->redirect(array('action' => 'index'));
            }
            else {
                $this->Session->setFlash(__('The user could not be saved. Please try again.'));
            }
        }

    }

    public function edit($id = null){
        $this->User->id = $id;
        if (!$this->User->exists()){
            throw new NotFoundException(__('Invalid User'));
        }

        if($this->request->is('post') || $this->request->is('put')){
            if($this->User->save($this->request->data)){
                $this->Session->setFlash(__('The user has been saved'));
                $this->redirect(array('action' => 'index'));
            }
            else {
                $this->Session->setFlash(__('The user could not been saved. Please, try again.'));
            }               
        }
        else{
            $this->request->data = $this->User->read(null, $id);
            unset($this->request->data['User']['password']);
        }
    }

    public function delete($id = null){
        $this->request->allowMethod('post');

        $this->User->id = $id;
        if(!$this->User->exists()){
            throw new NotFoundException(__('Invalid User'));
        }

        if($this->User->delete()){
            $this->Session->setFlash(__('User deleted.'));
            return $this->redirect(array('action' => 'index'));
        }
        $this->Session->setFlash(__('User was not deleted.'));
        return $this->redirect(array('action' => 'index'));
    }

    public function login(){
        if ($this->request->is('post')){
            if($this->Auth->login()){
                $this->redirect($this->Auth->redirectUrl());
            }
            else{
                $this->Session->setFlash(__('Invalid username or password, try again'));
            }
        }
    }

    public function logout(){
        return $this->redirect($this->Auth->logout());
    }
}
?>

AppController.php

<?php

App::uses('Controller', 'Controller');

class AppController extends Controller {

    public function beforeFilter(){
        $this->Auth->allow('index', 'view');
    }

    public $components = array(
            'Session',
            'Auth' => array(
                'loginRedirect' => array(
                    'controller' => 'posts',
                    'action'     => 'index' 
                ),
                'logoutRedirect' => array(
                    'controller' => 'pages',
                    'action'     => 'display',
                    'home'
                ),
                'authenticate' => array(
                    'Form' => array(
                            'passwordHasher' => 'Blowfish'
                    )
                )
            )
    );
}

?>

Login.ctp

<div class="users form">
    <?php echo $this->Session->flash('auth'); ?>
    <?php echo $this->Form->create('User'); ?>
    <fieldset>
        <legend>
            <?php echo __('Please enter your username and password'); ?>
        </legend>

        <?php echo $this->Form->input('username'); 
            echo $this->Form->input('password');
        ?>
    </fieldset>     
    <?php echo $this->Form->end(__('Login')); ?>

</div>

I found the Framework very interesting, but for some reason it is not validating the information that is contained in the database.

cakephp login

asked by anonymous 18.01.2015 / 22:09

2 answers

How to avoid wordpress spam without spending anything Inserting HTML blocks into HTML document using PHP

score 1 · Answer 1

Remove in the AppController the line that is in the beforeFilter method.

$this->Auth->allow('index', 'view');

And in UserController replace:

$this->Auth->allow('logout');

by:

$this->Auth->allow('logout','login');

score 1 · Answer 2

Thanks for the help, I was able to solve the problems you were experiencing. The above solution has meant that I can only log in through the login.

The other problem I was having, even informing a wrong user and the system accepted, I solved it as follows:

UsersController.php

public function beforeFilter(){
        parent::beforeFilter();
        $this->Auth->allow('login', 'logout');

        //Se estiver logado, redireciona para página
        if ($this->Session->check('Auth.User')) {
            $this->redirect(array('controller' => 'posts', 'action' => 'index'));
        }
        else{
            $this->Session->delete('User');
        }
    }

The problem was in the session because the data was being stored. Now I check if the user is already logged in, he is redirected to the main page and if the session expires a new login is requested, erasing the previously stored data.

And I made the following change:

core.php

Configure::write('Session', array(
    'defaults' => 'php',
    'timeout' => 30, // A sessão irá expirar após 30 minutos de inatividade
));

I set my session to expire with 30 minutes.

I thank everyone for their support.