Cakephp Auth Component Tutorial Part 3

Показать описание

This is a three part series in understanding the basics of using Cakephp's Auth component. You will need to watch all three videos as they build on to each other by adding more functionality to the application.

Рекомендации по теме

Комментарии

Good job! You combine all knowledge I have in 3 videos.Thanks

uchmn_tmp

Thanks Andrew. It was excellent and really helped me

rajender

nice man.. it helps a lot to me and I finished my first touch of cakephp.. thanks..

TubolMotoadventures

@don9721 You are correct. To fix this security hole you have to use cakephp's Security component. Just enabling this component in your controller or appcontroller for sitewide protection will fix this problem. The security component will prevent form tampering, timeout, and csrf token protection as well. Some other security tips are that you don't have to worry about sql injection as long as you use cake's orm to do your queries. Also all helpers that output automatically escape for xss too.

andrewperk

@dandandaniboy Thats great. I'm happy it helped you guys out. I do plan on doing more but I'm not sure when I will do so.

andrewperk

just completed all ur 17 vids. very helpful indeed! we have to use cakePHP for our school project and this has helped us so much. thanks a lot!!

are you planning to do more?

dandandaniboy

@benedictaluan In config/routes.php add a new line using the Router::connect(); The first parameter to the connect method is the string that you want your url to be. The second parameter is an array with key value pairs matching the exact location by controller and action. Router::connect('/add', array('controller'=>'users', 'action'=>'add')); You could easily make this say register instead of add.

andrewperk

@taqman001 The auth component takes care of the logging in code. You only need to define the login function but it doesn't need an implementation. Make sure you are using the auth component in your appcontroller or at least in your userscontroller if you dont have an appcontroller. If you've followed the tutorial from part 1 everything should work.

andrewperk

@tyebillion You would need to make additional changes to edit a user and their password. The password_confirmation field is empty because there's nothing to pre-populate that field with from the database, there is no password_confirmation field in the DB. so the form field remains empty. The password field would show the hashed password because it does not store a plain password in the DB, it stores the hashed password. You cannot retrieve the user's plain password, nor should you for security.

andrewperk

@carlosvmurillo Most likely I would use ACL and Auth together to do the roles which would create ACO and ARO tables to hold the relationships between roles and or groups. But doing that was beyond the scope of teaching someone the fundamentals of Cakephp's Auth component. Being able to add a roles field to the users table is a very simple way to do role based authentication without ACL or having to deal with any relationships. But you are right, there are better ways of doing this.

andrewperk

Hello Andrew,

I really enjoyed your training videos. I was wondering if you have plans to do a video, or set of videos on adding a search of some kind. A cakephp powered site is great... but when you start having several hundred entries... it can be a bit weighty, unless you can search for a few key words. It would be awesome if you do decide to to the tutorial that you can have a single search look through several fields at once.

Anyway, thanks again for you hard work and I hope to see more!

TomGarland

man you rock i spent hours goign through all of your videos... it all worked so far
tmrw ill do testing and make sure everything works perfect, then ill start adding more checks for other than admins... any more videos coming on anything?

AllegJDM

@endesigner I use a laptop, so its the standard laptop that comes with the gateway p172s fx series laptop.

andrewperk

@ryantuosto Oh I see. Are you getting any validation errors on the form? If not, most likely you might have an error some where in the process of rewriting the hashPasswords method. Double check over that whole process again including the controller part in the beforeFilter where we set authenticate to use the User model for hashing. If that doesn't work disable all of the hashPasswords rewriting and just let Auth save users normally and see if it works then, just to troubleshoot. Good luck.

andrewperk

@andrewperk I found a similar solution to what you suggested. First I created a users_id variable in the app_controller, with value $this->Auth->user('id'). Then I created a hidden field in the add post view with the code: echo $this->Form->hidden('user_id', array('value'=>$users_id)).

tyebillion

you big brain

so very very thank s

playgoods

@levticus0506 Double check your users controller for telling it to authenticate with the User model. Double check the overwrite of the hashPasswords method to make sure you did the Security::hash method properly. And make sure you are calling the hashPasswords method in your beforeSave filter and that you're passing it NULL, and TRUE. Also check that you're returning true after the hashPasswords call. If any of these return $data, return TRUE, TRUE, etc gets skipped, the password wont work.

andrewperk

@tyebillion Edit your posts add action, pass in only the logged in user instead of $users using $user = $this->Post->User->read(null, $this->Auth->user('id')); change the set method to user the 'user' variable instead of 'users' in the compact statement. Now in your view change the 'user_id' field to be a hidden field and make its value equal to the $user variable you passed from your controller like so: $this->Form->input('user_id', array('type'=>'hidden',

andrewperk

@tyebillion Everytime you make a new post that post automatically belongs to the logged in user because you pass in the logged in user's id to the form which is then saved with the post in the user_id field. I hope this makes sense.

andrewperk

@dandandaniboy Hi, I don't know what the problem would be. I've never had that problem myself. Common problems when first hosting are that modrewrite's don't work, .htaccess's dont point to the proper place, etc.. But I've never had it not be able to find the table. Does the exact same code work locally but not remotely? You coded it locally, tested it, then uploaded the tested code? If not then It sounds like a naming convention mistake.

andrewperk

Cakephp Auth Component Tutorial Part 3

Cakephp Auth Component Tutorial Part 1

Cakephp Auth Component Tutorial Part 2

Cakephp Auth Component Tutorial Part 3

Cakephp 2.0 Auth Component Tutorial

Cakephp 3 login (Auth component#2)

Cakephp 3 login (Auth component#3 final part)

CakePHP 1.3 Auth (Authentication) Component Tutorial - Administrator Login - ( download source code)

CakePHP 3 Tutorial - part 4: Authentication

29 Authentication tutorial part 3 login page

cakephp 3 x Auth login and admin theme settings

Cakephp 3.4 Authentication Tutorial

WORKSHOP - Authentication & Authorization by Kevin Pfeifer

Part 03 - Prosty blog CakePHP - dodajemy Auth, login, logout, beforeFilter

CakePHP 2.5.4 Basics Tutorial for Beginners - Blog Application - 20 - Using Auth Component

CakePHP 4 login using AuthComponent deprecated see tutorial 45 ! (18).

CakePHP 3.4 Tutorial For Beginners Step By Step - 7 - Login Authentication

Cakephp Login - Authentication System

CakePHP 3 4 Tutorial on Setting up user roles ACL [part 21]

CakePHP 3.1 Login & Registration From Scratch - Part 2

CakePHP 2.5.4 Basics Tutorial for Beginners - Blog Application - 19 - Baking Users (Auth Component)

CakePHP 2.5.4 Basics Tutorial for Beginners - Blog Application - 23 - Login or Logout Link Logic

Part 05 - Prosty blog CakePHP - uprawnienia za pomocą 'Auth'

How to CakePHP - following 'Simple Acl controlled Application' tutorial (part 1/3)

Curso de CakePHP - Aula 10 - Auth Component