I'm trying to login in my CakePHP 2.0 application but I always get the login error.
In the official documentation and the tutorial I've read how to hash the passwords, but I still get the login error, here is how I did it:
// Users Model
public function beforeSave ($options = array ()) {
$this->data['User']['password'] = AuthComponent::password($this->data['User']['password']);
return true;
}
// Users Controller
public $components = array ('Acl', 'Session',
'Auth' => array (
'authenticate' => array (
// login e logout sono di default i seguenti controller e views
// 'loginRedirect' => array ('controller' => 'users', 'action' => 'login'),
// 'logoutRedirect' => array ('controller' => 'users', 'action' => 'logout'),
'Form' => array (
'fields' => array (
// il valore default
'username' => 'email'
),
'scope' => array (
'User.active' => 1
)
)
),
'authError' => 'Login error message I get'
));
public function login () {
if ($this->request->is('post')) { // if the request came from post data and not via http (useful for security)
// the password is hashed in User Model in beforeSave method as read on documentation
// debug ($this->data);
if ($this->Auth->login()) {
$id = $this->Auth->user('id');
return $this->redirect(array('controller'=>'users', 'action'=>$id, $this->Auth->user('username')));
} else {
$this->Session->setFlash('Login error message', 'default', array(), 'auth');
}
}
}
In the view I have this:
// the view login.ctp
echo $this->Form->text('User.email', array('id'=>'email', 'value'=>'your#email.com'));
echo $this->Form->password('User.password', array('id'=>'password', 'value'=>'password'));
If I try to debug the data I get this:
// in the controller
debug($this->data);
// in the view
Array
(
[User] => Array
(
[email] => the#email.com
[password] => thepass // not hashed
)
)
I can't login because I get always the Login error message. How can I fix it?
Vitto,
(1) Which error message is displayed?
(2) Just for the record, be sure sessionFlash is printed at layout!
echo $this->Layout->sessionFlash();
(3) How did you set your Auth component? For example, in my AppController I've set this way:
public $components = array(
'Session',
'Cookie',
'Acl',
/**
* Default is authorize option is ActionsAuthorize.
* In this case, system uses AclComponent to check for permissions on an action level.
* learn more: http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#authorization
*/
'Auth'=> array(
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
),
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email', 'password' => 'password')
)
)
)
);
(4) Finally, I believe (must be sure) there is no need to manually hash password to perform login. At least, after correct configuration, this code works for me:
if ($this->request->is('post')) {
if ($this->Auth->login()) {
// recirect stuffs
Related
I am following the tutorial to apply FB login in my application. I have completed whole tutorial step by step. There is also button visible on login page "Login via Facebook". But when I click on that button and got autheticated by FB or I am already logged into FB but my page is not redirecting to logged in area. Even after login via FB I remain at login page. But CakePHP login works normal.
Some code snippet from login action of UsersController.php
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
if($this->Auth->user('id')==1){
if($this->Auth->user('type')==1){
if($this->Auth->user('verified')==0){
$this->Auth->logout();
}
}
return $this->redirect($this->Auth->redirectUrl());
$this->Session->setFlash(__('Logged In Successfully'), 'default', array('class' => 'alert alert-success'));
}
else{
$this->redirect(array('controller'=>'users','action'=>'index'));
}
}
$this->Session->setFlash(__('Invalid username or password, try again'), 'default', array('class' => 'alert alert-danger'));
}
}
In AppController.php I have included following code:
public $components = array(
'Paginator',
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'users',
'action' => 'index'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'home',
),
'authenticate' => array(
'Form' => array(
'passwordHasher' => 'Blowfish',
'fields'=>array('username'=>'email')
)
)
),
'Email',
'Facebook.Connect'
);
var $helpers = array('Facebook.Facebook');
In UsersContoller.php pr($_SESSION) output following code when I am already logged in FB on CakePHP login page:
Array
(
[Config] => Array
(
[userAgent] => f04e6*****************c00392
[time] => 1425647071
[countdown] => 10
)
[fb_989554394440625_user_id] => 8459*********71
)
I have searched around the web for this issue but unable to get it solved.
There is missing some important part of code needed to give an qualified, verified answer..
Where are you calling the login-Function? Ensure you only call this if user is NOT logged in, otherwise render your stuff..
if(!$this->Auth->user()) {
$this->login(); // request login
} else {
$this->render('profile'); //render your view
}
This should render the "profile"-View if a user was logged on correctly. If you seem to be logged in but the login-Fn still gets called, you probably made a mistake in overriding Auth-Methods (if you did so)
If you still cannot solve the issue put some more code here.
I have a form in Zend Framework 1. when I click on edit button I want to display values from databases in the form. but I don't know how to do it.
This is my form code:
// Add an email element
$this->addElement('text', 'orgname', array(
'required' => true,
'filters' => array('StringTrim'),
'style' => array('width:220px'),
'decorators'=>Array(
'ViewHelper','Errors'
)
));
This is my controller:
public function editclientcompanyAction()
$form = new Application_Form_Companyform();
$form->addform();
$this->view->form = $form;
$request = $this->getRequest();
$editid=$request->getParam('id');
$edit_show = new Application_Model_Clientcompany;
$showdetails = $edit_show->editclient($editid);
$this->view->assign('datas', $showdetails);
How do I display database vlaues in my Zend Form?
There are two cases.
1) Populating form which has fields same like the database table fields : If you have the form which has same fields like the database fields, then you can populate them easily.
First you need to get the data from the database and then call the Zend_Form populate function passing the data as an associative array, where keys will be same like form fields names and values will be values for the form fields, as below in case of your form.
This will be in your controller
$data = array("orgname" => "Value for the field");
$form = new Application_Form_Companyform();
$form->populate($data);
Now send will automatically populate the form field orgname. You dont need to modify your form or set the value field in the addElement.
*2)Setting field value manually: * The second case is to set the value manually. First you will need to modify your form and add a constructor to it. Also in your form class you will need to create a property (if you have multiple fields, then you can create an array property or multiple properties for each field. This will be all up to you.). And then set the value key in the addElement. Your form should look like this
class Application_Form_Companyform extends Zend_Form
{
private $orgname;
public function __contruct($orgname)
{
$this->orgname = $orgname;
//It is required to call the parent contructor, else the form will not work
parent::__contruct();
}
public function init()
{
$this->addElement('text', 'orgname',
array(
'required' => true,
'filters' => array('StringTrim'),
'style' => array('width:220px'),
'decorators'=>Array('ViewHelper','Errors'),
'value'=>$this->orgname
)
));
} //end of init
} //end of form
Now your controller, you will need to instantiate the form object passing the value of the orgname field like below
$form = new Application_Form_Companyform("This is the value for orgname");
And thats it.
I used such methods and it works like a charm. For your requirements, you may need to adjust the above sample code, as i did not checked it, but it will run fine for sure i hope :P
Thank you
Ok in either ZF1 or ZF2 just do this.
// Add an email element
$this->addElement('text', 'orgname',
array(
'required' => true,
'filters' => array('StringTrim'),
'style' => array('width:220px'),
'decorators' => Array('ViewHelper','Errors'),
'value' => $showdetails->orgname
)
));
You might want to test first for null/empty values first though, you could use ternary operators for convenience:
// Add an email element
$this->addElement('text', 'orgname',
array(
'required' => true,
'filters' => array('StringTrim'),
'style' => array('width:220px'),
'decorators' => Array('ViewHelper','Errors'),
'value' => empty($showdetails->orgname)? null : $showdetails->orgname
)
));
Please have a look in my edit function at /var/www/html/zend1app/application/controllers/CountryController.php :
public function editAction() {
$data = $this->getRequest()->getParams();
$id = (int)$data['id'];
$options = array();
$country = $this->getCountryModel()->fetchRow("id=$id");
if(!$country)
{
throw new Exception("Invalid Request Id!");
}
$form = new Application_Form_Country();
$form->addIdElement();
if ($this->getRequest()->isPost()) {
if ($form->isValid($this->getRequest()->getPost())){
$data = new Application_Model_Country();
if($data->save($form->getValues()))
{
$message = array("sucess" => "Country has been updated!");
}
else {
$message = array("danger" => "Country could not be updated!");
}
$this->_helper->FlashMessenger->addMessage($message);
return $this->_helper->redirector('index');
}
}
$options = array (
'id' => $country->id,
'name' => $country->name,
'code' => $country->code
);
$form->populate( $options ); // data binding in the edit form
$this->view->form = $form;
}
and form class at /var/www/html/zend1app/application/forms/Country.php :
class Application_Form_Country extends Zend_Form
{
public function init()
{
// Set the method for the display form to POST
$this->setMethod('post');
// Add an email element
$this->addElement('text', 'name', array(
'label' => 'Enter Country Name:',
'required' => true,
'filters' => array('StringTrim'),
'validators' => array(
array('validator' => 'StringLength', 'options' => array(0, 20))
)
));
// Add the comment element
$this->addElement('text', 'code', array(
'label' => 'Enter Country Code:',
'required' => true,
'validators' => array(
array('validator' => 'StringLength', 'options' => array(0, 20))
)
));
// Add the submit button
$this->addElement('submit', 'submit', array(
'ignore' => true,
'label' => 'Save',
));
// And finally add some CSRF protection
$this->addElement('hash', 'csrf', array(
'ignore' => true,
));
}
public function addIdElement()
{
$this->addElement('hidden', 'id');
}
}
HTH
I'm trying to get a simple login form to work using CakePHP 2.0... just Auth, no ACLs for now.
I'm able to see the form and enter the email and password as they are in the database, but I just get returned to the form and the flash error message is displayed. Here is my code:
AppController:
class AppController extends Controller
{
function beforeFilter()
{
$this->Auth->userModel = 'Users';
$this->Auth->fields = array('username' => 'email', 'password' => 'password'); //have to put both, even if we're just changing one
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
$this->Auth->loginRedirect = array('controller' => 'hotels', 'action' => 'dashboard');
$this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
}
}
login.ctp:
<?php
echo $this->Form->create('User', array('action' => 'login'));
echo $this->Form->input('email');
echo $this->Form->input('password');
echo $this->Form->end('Login');
?>
UsersController:
class UsersController extends AppController
{
var $name = 'Users';
var $helpers = array('Html','Form');
var $components = array('Auth','Session');
function beforeFilter()
{
$this->Auth->allow("logout");
parent::beforeFilter();
}
function index() { } //Redirects to login()
function login()
{
if ($this->Auth->login())
{
$this->redirect($this->Auth->redirect());
} else
{
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
function logout()
{
$this->redirect($this->Auth->logout());
}
}
?>
I appreciate any help with this. Thanks!
The "Invalid username or password, try again" error is displayed after you hit login?
There are a few things you should check:
• Is the output of $this->Auth->login() identical to the information in your database? Put debug($this->Auth->login()) to see the output in your login method after the form is submitted.
• Are the passwords correctly hashed in the database?
• Try making the AuthComponent available to all your controllers not just the UsersController.
• Not sure if this makes a difference, but call parent::beforeFilter(); before anything else in your controller's beforeFilter method.
EDIT:
Is see that you're trying to validate based on email and password. As a default AuthComponent expects a username and password. You have to explicitly state that you want the email and password to be validated by $this->Auth->login(). This comes from the 2.0 documentation:
public $components = array(
'Auth'=> array(
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
)
)
);
The fact that you're not seeing any SQL output is to be expected, I believe.
Also you must check if your field "password" in database is set to VARCHAR 50.
It happens to me that I was truncating the hashed password in DB and Auth never happened.
if you are not using defalut "username", "password" to auth, you cant get login
e.g., you use "email"
you should edit component declaration in your controller containing your login function:
$component = array('Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email', 'password' => 'mot_de_passe')
)
)
));
Becareful with cakephp's conventions. You should change this "$this->Auth->userModel = 'Users';" to "$this->Auth->userModel = 'User';" because User without plural is the Model's convention in cake. That worked for me and also becareful with the capital letters. it almost drived me crazy. Good luck.
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'Events',
'action' => 'index'
),
'logoutRedirect' => array(
'controller' => 'Users',
'action' => 'login',
'home'
),
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'username','password' => 'password')
)
)
)
);
Editing the component declaration in AppController did the trick for me. If you have the fields named other than "username" and "password" you should always specify them. In your case it would be
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'passwordHasher' => 'Blowfish',
'fields' => array('username' => 'email','password' => 'password')
)
)
)
);
There is a bug in the cakephp tutorial.
$this->Auth->login() should be changed to
$this->Auth->login($this->request->data)
I'm trying to create a login form for my web application.
Form validation errros are not showing even though I'm using the $validate Array.
user.php
public $validate = array(
'email' => array(
'notEmpty' => array(
'rule' => 'notEmpty',
'message' => 'notEmpty',
'required' => true
),
'isEmail' => array(
'rule' => 'email'
),
'isUnique' => array(
'rule' => 'isUnique'
)
),
'password' => array(
'notEmpty' => array(
'rule' => 'notEmpty'
),
'minLength' => array(
'rule' => array('minLength', 8)
)
)
);
I can't see an error in my user model, so I show you my controller and my view.
users_controller.php
class UsersController extends AppController {
public $name = 'Users';
public $helpers = array(
'Form'
);
public function login() {
if(!empty($this->data)) {
if ($this->Auth->user() != null) {
$this->Session->setFlash('You are now logged in.', 'flash/success');
$this->redirect('/');
} else {
$this->Session->setFlash('You could not get logged in. Please see errors below.', 'flash/error');
}
}
}
login.ctp
echo $this->Form->create('User', array('action' => 'login'));
echo $this->Form->input('User.email', array(
'label' => __('email address:', true),
'error' => array(
'notEmpty' => __('Email address must not be blank.', true),
'isEmail' => __('Email address must be valid.', true),
)
));
echo $this->Form->input('User.password', array('label' => __('password:', true)));
echo $this->Form->end('Log in');
I hope you can help me. I can't find my mistake since hours. Is there maybe a component or an helper which I need to include?
put echo $this->Session->flash('auth'); before form->create. You don't have to validate login form, Auth will take care of that for you. Read the cookbook: http://book.cakephp.org/view/1250/Authentication
Since you are using Auth, the minLength validation for password is useless.
Validation doesn't occur automatically unless you're saving into the database. Change the first line of the login method in the controller to
if( !empty( $this->data ) && $this->User->validates() ) {
...
In my form, I'm trying to verify that the user fills in the same value both times (to make sure they didn't make a mistake). I think that's what Zend_Validate_Identical is for, but I'm not quite sure how to use it. Here's what I've got so far:
$this->addElement('password', 'password', array(
'label' => 'Password:',
'required' => true,
'validators' => array(
'Identical' => array(What do I put here?)
)
));
$this->addElement('password', 'verifypassword', array(
'label' => 'Verify Password:',
'required' => true,
'validators' => array(
'Identical' => array(What do I put here?)
)
));
Do I need it on both elements? What do I put in the array?
For what its worth, support for comparing two identical form fields within a model was added to the 1.10.5 release. I wrote up a short tutorial on the matter, which you can access via the below link, but the bottom line is that the Zend_Validate_Identical validator has been refactored to accept a form field name as input. For instance, to compare the values of form fields pswd and confirm_pswd, you'll attach the validator to confirm_pswd like so:
$confirmPswd->addValidator('Identical', false, array('token' => 'pswd'));
Works like a charm.
See Validating Identical Passwords with the Zend Framework for a more complete example.
I can't test it at the moment, but I think this might work:
$this->addElement('password', 'password', array(
'label' => 'Password:',
'required' => true
));
$this->addElement('password', 'verifypassword', array(
'label' => 'Verify Password:',
'required' => true,
'validators' => array(
array('identical', true, array('password'))
)
));
After two days I found the right answer follow me step by step:
step 1:
create PasswordConfirmation.php file in root directory of your project with this path:
yourproject/My/Validate/PasswordConfirmation.php with this content below:
<?php
require_once 'Zend/Validate/Abstract.php';
class My_Validate_PasswordConfirmation extends Zend_Validate_Abstract
{
const NOT_MATCH = 'notMatch';
protected $_messageTemplates = array(
self::NOT_MATCH => 'Password confirmation does not match'
);
public function isValid($value, $context = null)
{
$value = (string) $value;
$this->_setValue($value);
if (is_array($context)) {
if (isset($context['user_password'])
&& ($value == $context['user_password']))
{
return true;
}
}
elseif (is_string($context) && ($value == $context)) {
return true;
}
$this->_error(self::NOT_MATCH);
return false;
}
}
?>
step 2:
Add two field in your form like this:
//create the form elements user_password
$userPassword = $this->createElement('password', 'user_password');
$userPassword->setLabel('Password: ');
$userPassword->setRequired('true');
$this->addElement($userPassword);
//create the form elements user_password repeat
$userPasswordRepeat = $this->createElement('password', 'user_password_confirm');
$userPasswordRepeat->setLabel('Password repeat: ');
$userPasswordRepeat->setRequired('true');
$userPasswordRepeat->addPrefixPath('My_Validate', 'My/Validate', 'validate');
$userPasswordRepeat->addValidator('PasswordConfirmation', true, array('user_password'));
$this->addElement($userPasswordRepeat);
now enjoy your code
class My_Validate_PasswordConfirmation extends Zend_Validate_Abstract
{
const NOT_MATCH = 'notMatch';
protected $_messageTemplates = array(
self::NOT_MATCH => 'Password confirmation does not match'
);
public function isValid($value, $context = null)
{
$value = (string) $value;
$this->_setValue($value);
if (is_array($context)) {
if (isset($context['password_confirm'])
&& ($value == $context['password_confirm']))
{
return true;
}
} elseif (is_string($context) && ($value == $context)) {
return true;
}
$this->_error(self::NOT_MATCH);
return false;
}
}
http://framework.zend.com/manual/en/zend.form.elements.html
$token = Zend_Controller_Front::getInstance()->getRequest()->getPost('password');
$confirmPassword->addValidator(new Zend_Validate_Identical(trim($token)))
->addFilter(new Zend_Filter_StringTrim())
->isRequired();
Use the above code inside the class which extends zend_form.
I was able to get it to work with the following code:
In my form I add the Identical validator on the second element only:
$this->addElement('text', 'email', array(
'label' => 'Email address:',
'required' => true,
'filters' => array('StringTrim'),
'validators' => array('EmailAddress')
));
$this->addElement('text', 'verify_email', array(
'label' => 'Verify Email:',
'required' => true,
'filters' => array('StringTrim'),
'validators' => array('EmailAddress', 'Identical')
));
And in the controller, just before calling isValid():
$validator = $form->getElement('verify_email')->getValidator('identical');
$validator->setToken($this->_request->getPost('email'));
I don't know if there is a more elegant way of doing this without having to add this code to the controller. Let me know if there is a better way to do this.
With Zend Framework 1.10 the code needed to validate the equality of two fields using Zend Form and Zend Validate is:
$form->addElement('PasswordTextBox',
'password',
array('label' => 'Password')
);
$form->addElement('PasswordTextBox',
'password_confirm',
array('label' => 'Confirm password',
'validators' => array(array('Identical', false, 'password')),
)
);
You can notice, in the validators array of the password_confirm element, that the Identical validator is passed as array, the semantics of that array is: i) Validator name, ii) break chain on failure, iii) validator options
As you can see, it's possible to pass the field name instead of retrieving the value.