Geek Answers Handbook

CakePHP Auth Component Verifies User Before Logging In

I want forbidden users to not be able to enter the site and tell them that they are prohibited. I tried using isAuthorized () for this, but it allows the user to log in and only after that refuses to allow unauthorized actions.

So basically I want to know where to put a condition that will check if the user table will be locked = true before the login process happens. My login function is currently empty because it is automatically controlled by the Auth component.

+6
authentication login cakephp components
source share
5 answers

Finally, I found a solution by going through the API. I wonder if anyone ever used this because no one pointed it out to me, or maybe I was not clear enough. In any case, to add a condition to the login process, you simply put it in the variable $ this-> Auth-> userScope

So, to check if the user is prohibited, I just added this line to beforeFilter () in my AppController,

$this->Auth->userScope = array('User.banned'=>0);

Hope this helps someone.

+12
source share

Alternatively: $this->Auth->userScope = array('User.banned'=>0);

This can be done if you enable your Auth component. This will probably save a small amount of overhead since $this->Auth->userScope not called every time the controller is parsed.

 public $components = array( 'Auth' => array( 'authenticate' => array( 'Form' => array( 'passwordHasher' => 'Blowfish', 'scope' => array('User.banned' => 0) ) ), 'authorize' => array('Controller') ) );
+6
source share

If you already have the whole Auth system, why don't you just follow the KISS principle and cancel your password or change your username there? If they can no longer authenticate with your system as before, they should be able to infer that they are denied.

If this is not enough, then you can add the code below.

 function login() { if ($this->Session->read('Auth.User')) { $this->Session->setFlash('You are alreadylogged in!~~~~~~~~~~~'); } $this->Session->setFlash('You have been banned!'); $this->redirect(array('controller'=>'users','action'=>'index')); }

Editing 1: for a more dynamic approach, as you pointed out in your comment, you can check the is_banned column of a user’s record of concern in UsersController::beforeFilter() and set the corresponding flash message. Also do a redirect based on the result of $this->Session->read('Auth.User.is_banned') . Perhaps you want to see the result of <?php debug $this->Session->read('Auth.User) ?> Before attacking your problem.

Edit 2: My mistake. You can save is_banned somewhere in the session via $this->Session->write(...) . After you read is_banned = true , you can is_banned = true user.

+3
source share

you should use:

 /** Function is executed after the login*/ function isAuthorized() { return true; }

where you can check if the user is banned or not. i.e.

 /** Function is executed after the login*/ function isAuthorized() { if($this->Auth->user('banned') == 1){ //column banned should be in the users table $this->Session->setFlash('You have been banned!'); return false; } return true; }

I think this is the right way.

+2
source share

After reading the last comment on Nik, I think that you could simply improve your original solution by manually entering the user’s log through $ this-> Auth-> logout () in the appropriate place in your code (followed by a redirect). Thus, he should look as if he / she had never logged in.

+1
source share

More articles:


All Articles