othAuth 0.2 released
UPDATE: Please download the package from the snippets here
In the menu:
- Bug Fixes
- Some Refractoring
- New Features
The major new feature is CAKE_ADMIN routing support. That doesn't mean that the old version couldn't work with CAKE_ADMIN, but it was not automatic ( e.g redirections redirect to /controller/admin_action instead of /admin/controller/action ), you can also specify CAKE_ADMIN routing in the permission list of a group, previously you'de specify controller/admin_action, now you can specify admin/controller/action, admin/controller/*, or just admin if want to have access to all CAKE_ADMIN actions
Another important feature is a simplified method for accessing user/group/permission stored in the session, given the fact that othAuth uses a hashkey (the one you specify when you init the component). to get othAuth information you need to do something like:
$auth_sess_name = 'othAuth_'.$this->othAuth->hashkey;
$user_data = $_SESSION[$auth_sess_name];
$user_data is now an array, containing all the information related to the user logged in print_r($user_data); to get an overview of how it's stored
to get the user name, it should be something like $user_data['User']['name']
to get the group name $user_data['Group']['name'];
othAuth now includes a methods to simplify all this, a helper to be used in the view scope is available too: $othAuth->user('name') $othAuth->group('name') etc..
on May 13, 2006 on 7:12 pm
Hi,
Thanks for taking the time to develop this auth system. I’m having some difficulties integrating it with my cake applications; I downloaded it, I created the tables, I added permissions for my controller actions, and created the models,
I added this to my app_controller.php
var $components = array(‘othAuth’);
var $othAuthRestrictions = “*”;
function beforeFilter()
{
$auth_conf = array(‘auto_redirect’ => true,
‘login_page’ => ‘users/login’,
‘logout_page’ => ‘users/logout’,
‘access_page’ => ‘users/admin/index’,
‘hashkey’ => ‘MySEcEeTHaSHKeYz’,
’strict_gid_check’ => false);
$this->othAuth->controller = &$this;
$this->othAuth->init($auth_conf);
$this->othAuth->check();
}
I created an users controller
class UsersController extends AppController {
var $name = ‘Users’;
var $othAuthRestrictions = null;
function login()
{
if(isset($this->params['data']))
{
$auth_num = $this->othAuth->login($this->params['data']['User']);
$this->set(‘auth_msg’, $this->othAuth->getMsg($auth_num));
}
}
function logout()
{
$this->othAuth->logout();
$this->flash(‘You are not logged out!’,'/login’);
}
}
I created the login view:
User Login
formTag(‘/users/login’)?>
User: input(‘User/USER_LOGIN_VAR’, array(’size’ => ‘40′))?>
Password: input(‘User/USER_PASSW_VAR’, array(’size’ => ‘40′))?>
Group: input(‘User/USER_GROUP_VAR’, array(’size’ => ‘40′))?>
submit(‘Sign In’) ?>
Now, I’m always redirect to the login page, I try to log in using admin/123456 and nothing happens, It seems like I’m not being authenticated.
I was wondering if you could thing of anything that I’m doing wrong.
Thanks,
Sebastian Macias
on May 14, 2006 on 3:32 am
Hi,
1st of all,
$othAuthRestrictions is per controller, so either you set it in AppController, that way it’s an overall auth restriction list, or you set it per controller and that way you override what you’ve set in AppController,
basically, setting it in AppController will limit you to three values, null ( no auth ), “*” all actions of all controllers, CAKE_ADMIN, all cake_admin actions of all controllers.
anyway to solve your problem,
In your login view, you have ’User/USER_LOGIN_VAR’
this is not what you want unless the value of user_login_var in othAuthComponent is USER_LOGIN_VAR ( which would be a bit odd )
actually you need User/ValueOfUSER_LOGIN_VAR’, which means the field the value of $user_login_var in the component, normally it should be username or pseudo or whatever you’ve called the field in your db.
same thing applies for USER_PASSW_VAR, should be password or ..
USER_GROUP_VAR ( that should be normally group_id ) however is misleading, it doesn’t translate as the group of the user, (this is actually read from the db when then a user login)
but it means the level of users you want to give access to from this LP ( login point ) it’s interpretion depends on the value of ’strict_gid_check’ the param you passed to init, if true, only the level of users you supplied will be able to login from this form ( LP ), if howerver it is false, it means the lowest level that can login from this LP, ( the lowest group is the group that has the greated id, the stroner group is the group that has the smallest id )
so, USER_GROUP_VAR ( its value really ) should be a hidden tag, or set in the login action before calling othAuth->login.
Hope this helps clarify things a bit.
on May 15, 2006 on 4:38 pm
Hey, CraZyLeGs – the new features are GREAT, and the documentation in the readme is a Godsend!
Access via the helper makes so much more functionality available. Now I just need to figure how to integrate a self-registration doohickey into this sucker, and I’ll be golden. I’m assuming I’ll just set a default group for the self-registered users, lower level than admins/superadmins. Yeah, that’s the ticket!
Again, thanks for a GREAT addition!
on May 16, 2006 on 1:18 pm
Thanks
You can do whatever you want in there, you can have as many levels as you like, I put member, admin, superadmin because they are the most common ones
on May 20, 2006 on 10:17 pm
Thanks for the help othy,
I’m still having trouble with the user form I tried:
input(‘User/valueOfUSER_LOGIN_VAR ‘, array(’size’ => 20)); ?>
password(‘User/USER_PASSW_VAR ‘, array(’size’ => 20)); ?>
and I still can’t login.
I always get the “Please Log In ! ” message.
Would you mind posting the HTML of a working form?
Thanks a lot!
Sebastian Macias
on May 20, 2006 on 10:32 pm
I read more the code and found out I needed to use:
input(‘User/username’, array(’size’ => 20)); ?>
password(‘User/password’, array(’size’ => 20)); ?>
How ever I’m now getting the following message after I try to login:
Notice: Trying to get property of non-object in E:\WebDev\oth_authTest \htdocs\cake\app\controllers\components\oth_auth.php on line 115
Fatal error: Call to a member function find() on a non-object in E:\WebDev\oth_authTest \htdocs\cake\app\controllers\components\oth_auth.php on line 115
Any ideas about what I could be doing wrong?
Thanks,
Sebastian
on May 21, 2006 on 5:18 pm
did you have your ‘User’ model in the controller that calls $this->othAuth->login(…); ?
$uses = array(‘User’,…);
this will change in the next version
on May 30, 2006 on 8:22 am
I found a critical security fail :
No need to login if you access with remote function !
In controller :
var $othAuthRestrictions = array(‘notes/rate’);
In view :
$ajax->remoteFunction(
array(
‘url’ => ‘/notes/rate/’,
[...]
)
Easy!
on May 30, 2006 on 8:30 am
In this case, redirect in login is do BUT action “rate” is executed nevertheless, you can pass data from form with “with” attribute of remote function…
on May 30, 2006 on 8:54 am
Question :
Maybe I’m in fault but to make restrictions work, I must set it in the controller and both in the DB. It’s right?
If it’s right, maybe should be more simple to have to do it only on the DB ? What utility to set in controller too ?
Correct me, if it’s need.
Best regards,
Fabien
on May 30, 2006 on 12:12 pm
restrictions are per controller
thus this
var $othAuthRestrictions = array(’notes/rate’);
is not correct.
it should be:
var $othAuthRestrictions = array(’rate’);
in the controller Notes.
othAuth think it the action called notes with an arg rate
thus it restrict notes/notes/rate and not notes/rate.
In the controller you set restrictions, that is you declare the actions + params that you want to protect. in the db you set permissions on those restricted action + params
on May 31, 2006 on 5:00 am
Thanks Othy for this explication.
I didn’t understand wich they are per controller.
Nevertheless my var $othAuthRestrictions was good in Notes’s controller.
I test again and always the same pb :no need to be logged if you access with remote function !
on May 31, 2006 on 10:48 am
No official release
othy, you have my email address, so …
true,
‘login_page’ => ‘/users/login’, // Don’t forget the first /
‘logout_page’ => ‘/users/logout’, // Don’t forget the first /
‘access_page’ => ‘/’,
‘hashkey’ => ‘mYpERsOnALhaSHkeY’,
’strict_gid_check’ => false);
Example in view :
$ajax->remoteFunction(
array(
‘url’ => ‘/notes/rate’,
‘update’ => ‘ajax_update’,
‘with’ => “testid”
)
*/
// comments, bug reports are welcome crazylegs@gmail.com
class OthAuthComponent extends Object
{
/**
* Constants to modify the behaviour of othAuth Component
*/
var $user_login_var = ‘username’;
var $user_passw_var = ‘password’;
var $user_group_var = ‘group_id’;
var $user_table = ‘users’;
var $user_table_login = ‘username’;
var $user_table_passw = ‘password’;
var $user_table_gid = ‘group_id’;
var $user_table_active = ‘active’;
var $user_table_last_visit = ‘last_visit’;
var $auth_url_redirect_var = ‘from’;
var $user_model = ‘User’;
var $group_model = ‘Group’;
var $permission_model = ‘Permission’;
/*
* Internals you don’t normally need to edit those
*/
var $components = array(‘Session’, ‘RequestHandler’);
var $controller = true;
var $redirect_page;
var $hashkey = “mYpERsOnALhaSHkeY”;
var $auto_redirect;
var $gid = 1;
var $login_page = ”;
var $logout_page = ”;
var $access_page = ”;
var $strict_gid_check = true;
function init($auth_config = null)
{
if(is_array($auth_config) && !is_null($auth_config) && !empty($auth_config))
{
$this->login_page = isset($auth_config['login_page']) ? $auth_config['login_page'] : ‘users/login’;
$this->logout_page = isset($auth_config['logout_page'])? $auth_config['logout_page'] : ‘users/logout’;
$this->access_page = isset($auth_config['access_page'])? $auth_config['access_page'] : $this->login_page;
$this->auto_redirect = isset($auth_config['auto_redirect']) ? (boolean)$auth_config['auto_redirect'] : true;
$this->hashkey = isset($auth_config['hashkey'])? (string) $auth_config['hashkey'] : ‘mYpERsOnALhaSHkeY’;
$this->strict_gid_check = isset($auth_config['strict_gid_check']) ? (boolean)$auth_config['strict_gid_check'] : true;
}
else
{
$this->login_page = ‘users/login’;
$this->logout_page = ‘users/logout’;
$this->auto_redirect = true;
$this->hashkey = “mYpERsOnALhaSHkeY”;
$this->strict_gid_check = true;
}
// pass auth data to the view so it can be used by the helper
$this->_passAuthData();
}
function login($params) // username,password,group
{
if($this->Session->valid() && $this->Session->check(‘othAuth_’.$this->hashkey))
{
return 1;
}
if($params == null ||
!isset($params[$this->user_login_var]) ||
!isset($params[$this->user_passw_var]))
{
return 0;
}
uses(’sanitize’);
$login = Sanitize::paranoid($params[$this->user_login_var]);
$passw = Sanitize::paranoid($params[$this->user_passw_var]);
if(isset($params[$this->user_group_var]))
{
$this->gid = (int) Sanitize::paranoid($params[$this->user_group_var]);
if( $this->gid gid = 1;
}
}
if($login == “” || $passw == “”)
{
return -1;
}
$passw = md5($passw);
$gid_check_op = ($this->strict_gid_check)?”:’user_model}.”.$this->user_table_login => “$login”,
“{$this->user_model}.”.$this->user_table_passw => “$passw”,
“{$this->user_model}.”.$this->user_table_gid => “$gid_check_op{$this->gid}”,
“{$this->user_model}.”.$this->user_table_active => 1);
$this->controller->{$this->user_model}->recursive = 5;
$row = $this->controller->{$this->user_model}->find($conditions);
$num_users = (int) $this->controller->{$this->user_model}->findCount($conditions);
if( empty($row) || $num_users != 1 )
{
return -2;
}
else
{
$this->_saveSession($row);
// Update the last visit date to now
if(isset($this->user_table_last_visit))
{
$row["{$this->user_model}"][$this->user_table_last_visit] = date(‘Y-m-d h:i:s’);
$res = $this->controller->{$this->user_model}->save($row,true,array($this->user_table_last_visit));
}
if($this->auto_redirect == true)
{
$this->redirect($this->access_page);
}
return 1;
}
}
function _saveSession($row)
{
$login = $row[$this->user_model][$this->user_table_login];
$passw = $row[$this->user_model][$this->user_table_passw];
$gid = $row[$this->user_model][$this->user_table_gid];
//$hk = md5($this->hashkey.$login.$passw.$this->gid);
$hk = md5($this->hashkey.$login.$passw.$gid);
$row["{$this->user_model}"]['login_hash'] = $hk;
$row["{$this->user_model}"]['hashkey'] = $this->hashkey;
//$this->Session->write(‘othAuth_’.$this->gid,$row);
$this->Session->write(‘othAuth_’.$this->hashkey,$row);
}
function __notcurrent($page)
{
if($page == “”) return false;
$c = strtolower($this->controller->name);
$a = strtolower($this->controller->action);
$page = strtolower($page.’/');
$c_a = $this->_handleCakeAdmin($c,$a);
$not_current = strpos($page,$c_a);
// !== is required, $not_current might be boolean(false)
return ((!is_int($not_current)) || ($not_current !== 0));
}
function redirect($page = “”,$back = false)
{
if($page == “”)
//$page = $this->redirect_page;
$page = $this->logout_page;
if(isset($this->auth_url_redirect_var))
{
if(!isset($this->controller->params['url'][$this->auth_url_redirect_var]))
{
//die(“1″);
if($back == true)
{
if(!isset($this->controller->params['url']['url'])){
$this->controller->params['url']['url'] = ‘/’;
}
if(isset($this->controller->params['url']['from_url'])){
$from = $this->controller->params['url']['from_url'];
}else{
$from = $this->controller->params['url']['url'];
}
$this->Session->write(‘othauth_from_page’,$from);
$page .= “?”.$this->auth_url_redirect_var.”=”.$from;
}
else
{
if($this->Session->check(‘othauth_from_page’))
{
$page = $this->Session->read(‘othauth_from_page’);
$this->Session->del(‘othauth_from_page’);
}
}
}
}
if($this->__notcurrent($page)){
if ($this->RequestHandler->isAjax())
{
$this->RequestHandler->setAjax($this->controller);
// Brute force !
echo ‘window.location = “‘.$this->url($page).’”‘;
exit;
}
else
{
$this->controller->redirect($page);
exit;
}
}
}
// users/login users/logout
// Logout the user
function logout ()
{
$us = ‘othAuth_’.$this->hashkey;
if($this->Session->valid($us))
{
$ses = $this->Session->read($us);
if(!empty($ses) && is_array($ses))
{
// two logins of different hashkeys can exist
if($this->hashkey == $ses["{$this->user_model}"]['hashkey'])
{
$this->Session->del($us);
$this->Session->del(‘othauth_from_page’);
}
}
}
if($this->auto_redirect == true)
{
$this->redirect($this->logout_page);
}
}
// Confirms that an existing login is still valid
function check()
{
// is there a restriction list && action is in
if($this->_validRestrictions())
{
$us = ‘othAuth_’.$this->hashkey;
// does session exists
//if(!empty($ses) && is_array($ses))
if($this->Session->valid() &&
$this->Session->check($us))
{
$ses = $this->Session->read($us);
$login = $ses["{$this->user_model}"][$this->user_table_login];
$password = $ses["{$this->user_model}"][$this->user_table_passw];
$gid = $ses["{$this->user_model}"][$this->user_table_gid];
$hk = $ses["{$this->user_model}"]['login_hash'];
// is user invalid
if (md5($this->hashkey.$login.$password.$gid) != $hk)
{
/*
if($this->auto_redirect == true)
{
$this->logout();
}
*/
$this->logout();
return false;
}
// check permissions on the current controller/action/p/a/r/a/m/s
if(!$this->_checkPermission($ses))
{
if($this->auto_redirect == true)
{
// should probably add $this->noaccess_page too or just flash
$this->redirect($this->login_page,true);
}
return false;
}
return true;
}
$this->redirect($this->login_page,true);
return false;
}
return true;
}
function _validRestrictions()
{
$isset = isset($this->controller->othAuthRestrictions);
if($isset)
{
$oth_res = $this->controller->othAuthRestrictions;
if(is_string($oth_res))
{
if(($oth_res === “*”) ||(
defined(‘CAKE_ADMIN’) && (($oth_res === CAKE_ADMIN) || $this->isCakeAdminAction())))
{
if(
$this->__notcurrent($this->login_page) &&
$this->__notcurrent($this->logout_page))
{
//die(‘here’);
return true;
}
}
}
elseif(is_array($oth_res))
{
if(defined(‘CAKE_ADMIN’))
{
if(in_array(CAKE_ADMIN,$oth_res))
{
if($this->isCakeAdminAction())
{
if($this->__notcurrent($this->login_page) &&
$this->__notcurrent($this->logout_page))
{
return true;
}
}
}
}
foreach($oth_res as $r)
{
$pos = strpos($r.”/”,$this->controller->action.”/”);
if($pos === 0)
{
return true;
}
}
}
}
return false;
}
function _checkPermission(&$ses)
{
//die(‘c’);
$c = strtolower($this->controller->name);
$a = strtolower($this->controller->action);
$h = strtolower($this->controller->here);
$c_a = $this->_handleCakeAdmin($c,$a);// controller/admin_action -> admin/controller/action
// extract params
$aa = substr( $c_a, strpos($c_a,’/'));
$params = isset($this->controller->params['pass'])?implode(‘/’,$this->controller->params['pass']): ”;
$c_a_p = $c_a.$params;
$return = false;
if(!isset($ses[$this->group_model][$this->permission_model]))
{
return false;
}
$ses_perms = $ses[$this->group_model][$this->permission_model];
// quickly check if the group has full access (*) or
// current_controller/* or CAKE_ADMIN/current_controller/*
// full params check isn’t supported atm
foreach($ses_perms as $sp)
{
if($sp['name'] == ‘*’)
{
return true;
}else
{
$sp_name = strtolower($sp['name']);
$perm_parts = explode(‘/’,$sp_name);
// users/edit/1 users/edit/*
// users/* users/*
if(defined(‘CAKE_ADMIN’))
{
if((count($perm_parts) > 1) &&
($perm_parts[0] == CAKE_ADMIN) &&
($perm_parts[1] == strtolower($c)) &&
($perm_parts[2] == “*”))
{
return true;
}
}else
{
if((count($perm_parts) > 1) &&
($perm_parts[0] == strtolower($c)) &&
($perm_parts[1] == “*”))
{
return true;
}
}
}
}
if(is_string($this->controller->othAuthRestrictions))
{
$is_checkall = $this->controller->othAuthRestrictions === “*”;
$is_cake_admin = defined(‘CAKE_ADMIN’) && ($this->controller->othAuthRestrictions === CAKE_ADMIN);
if($is_checkall || $is_cake_admin)
{
foreach($ses_perms as $p)
{
if(strpos($c_a_p,strtolower($p['name'])) === 0)
{
$return = true;
break;
}
}
}
}
else
{
$a_p_in_array = in_array($a.’/’.$params, $this->controller->othAuthRestrictions);
// if current url is restricted, do a strict compare
// ex if current url action/p and current/p is in the list
// then the user need to have it in perms
// current/p/s current/p
if($a_p_in_array)
{
foreach($ses_perms as $p)
{
if($c_a_p == strtolower($p['name']))
{
$return = true;
break;
}
}
}
// allow a user with permssion on the current action to access deeper levels
// ex: user access = ‘action’, allow ‘action/p’
else
{
foreach($ses_perms as $p)
{
if(strpos($c_a_p,strtolower($p['name'])) === 0)
{
$return = true;
break;
}
}
}
}
return $return;
}
function _handleCakeAdmin($c,$a)
{
if(defined(‘CAKE_ADMIN’))
{
$strpos = strpos($a,CAKE_ADMIN.’_');
if($strpos === 0)
{
$function = substr($a,strlen(CAKE_ADMIN.’_'));
if($c == null) return $function.’/';
$c_a = CAKE_ADMIN.’/’.$c.’/’.$function.’/';
return $c_a;
}else
{
if($c == null) return $a.’/';
}
}
return $c.’/’.$a.’/';
}
function getSafeCakeAdminAction()
{
if(defined(‘CAKE_ADMIN’))
{
$a = $this->controller->action;
$strpos = strpos($a,CAKE_ADMIN.’_');
if($strpos === 0)
{
$function = substr($a,strlen(CAKE_ADMIN.’_'));
return $function;
}
}
return $this->controller->action;
}
function isCakeAdminAction()
{
if(defined(‘CAKE_ADMIN’))
{
$a = $this->controller->action;
$strpos = strpos($a,CAKE_ADMIN.’_');
if($strpos === 0)
{
return true;
}
}
return false;
}
// helper methods
function user($arg)
{
$us = ‘othAuth_’.$this->hashkey;
// does session exists
if($this->Session->valid() && $this->Session->check($us))
{
$ses = $this->Session->read($us);
if(isset($ses["{$this->user_model}"][$arg]))
{
return $ses["{$this->user_model}"][$arg];
}
else
{
return false;
}
}
return false;
}
// helper methods
function group($arg)
{
$us = ‘othAuth_’.$this->hashkey;
// does session exists
if($this->Session->valid() && $this->Session->check($us))
{
$ses = $this->Session->read($us);
if(isset($ses["{$this->group_model}"][$arg]))
{
return $ses["{$this->group_model}"][$arg];
}
else
{
return false;
}
}
return false;
}
// helper methods
function permission($arg)
{
$us = ‘othAuth_’.$this->hashkey;
// does session exists
if($this->Session->valid() && $this->Session->check($us))
{
$ses = $this->Session->read($us);
if(isset($ses[$this->group_model][$this->permission_model]))
{
$ret = array();
if(is_array($ses[$this->group_model][$this->permission_model]))
{
for($i = 0; $i group_model][$this->permission_model]); $i++ )
{
$ret[] = $ses[$this->group_model][$this->permission_model][$i][$arg];
}
}
return $ret;
}
else
{
return false;
}
}
return false;
}
function getData()
{
$us = ‘othAuth_’.$this->hashkey;
// does session exists
if($this->Session->valid() && $this->Session->check($us))
{
return $this->Session->read($us);
}
return false;
}
// passes data to the view to be used by the helper
function _passAuthData()
{
$data['hashkey'] = $this->hashkey;
$data['user_model'] = $this->user_model;
$data['group_model'] = $this->group_model;
$data['permission_model'] = $this->permission_model;
$data['login_page'] = $this->login_page;
$data['logout_page'] = $this->logout_page;
$data['access_page'] = $this->access_page;
$data['auth_url_redirect_var'] = $this->auth_url_redirect_var;
$data['strict_gid_check'] = $this->strict_gid_check;
$this->controller->set(‘othAuth_data’,$data);
}
function getMsg($id)
{
switch($id) {
case 1:
{
return “Vous êtes maintenant identifié !”;
}break;
case 0:
{
return “Merci de vous identifier !”;
}break;
case -1:
{
return $this->user_login_var.”/”.$this->user_passw_var.” vide!”;
}break;
case -2:
{
return $this->user_login_var.”/”.$this->user_passw_var.” érronés !”;
}break;
default:
{
return “Invalid error ID”;
}break;
}
}
function url($url = null)
{
$base = $this->controller->base;
if($this->controller->plugin != null)
{
$base = preg_replace(‘/’.$this->controller->plugin.’/', ”, $this->controller->base);
$base = str_replace(‘//’,”, $base);
$pos1 = strrpos($base, ‘/’);
$char = strlen($base) -1;
if($pos1 == $char)
{
$base = substr($base, 0, $char);
}
}
if (empty($url))
{
return $this->controller->here;
}
elseif ($url{0} == ‘/’)
{
$output = $base . $url;
}
else
{
$output = $base.’/’.strtolower($this->controller->params['controller']).’/’.$url;
}
return preg_replace(‘/&([^a])/’, ‘&\1′, $output);
}
}
?>
on May 31, 2006 on 10:49 am
Othy, I will send you email because somes problems when I post it here
on June 24, 2006 on 10:42 am
I dont suppose you can write a step-by-step tutorial of this and put it somewhere? I’m lost
on June 25, 2006 on 6:30 am
Will do that in the next release.
on June 28, 2006 on 6:02 pm
Hi othy,
I was following what Sebastian was saying and your responses. I am getting the following erro after clicking the submit button on the login form:
Notice: Trying to get property of non-object in C:\apache2\htdocs\Trans2\app\controllers\components\oth_auth.php on line 108
Fatal error: Call to a member function find() on a non-object in C:\apache2\htdocs\Trans2\app\controllers\components\oth_auth.php on line 108
the function call to login is in the users controller, which has access to the users model by default. I added the $uses variable to see if that would help and it did not either.
Any suggestions?
Thanx.
on July 28, 2006 on 8:47 am
Great job on the auth.
I`m having a problem with implementing your auth. The first time i implmented it, it work fine.
But then later on, i cant seem to login anymore, and it keep redirecting back to the login page
i implemented it similiarly to your example.
Havent did any changes to the records in the database.
I`ve also cleared the session and cookies but the problem still persist
I printed out the auth_msg, it say i`m login in.
on August 1, 2006 on 6:40 pm
hi all,
i’m struggeling a bit with this thing… i now get the following message:
Fatal error: Call to a member function on a non-object in /srv/www/htdocs/web16/html/cake/app/controllers/components/oth_auth.php on line 111
line 111 is for me (due to some debug output):
$row = $this->controller->{$this->user_model}->find($conditions);
and a general question – sorry i’m new to cakephp.. how can i show the error message which get set here: “$this->set(‘auth_msg’, $this->othAuth->getMsg($auth_num));” in the login view?
thanks
torsten
on August 2, 2006 on 4:41 pm
Torsten,
To display error message,
In your view
if(isset($auth_msg))
{
print $auth_msg;
}
Simple as that. Isset is just to check whether the variable is assigned or not.
on August 12, 2006 on 5:09 pm
Hi, I have othAuth working, mostly…..
Using the blog tutorial thingy as an example, I have the posts controller set with restrictions as array(‘add’, ‘edit’, ‘delete’);
Works fine for add and edit, however delete just goes ahead and deletes.
Does it have anything to do with the javascript popup that asks you to confirm deletion in the bloggy bit?
Cheers, Mark.
on September 1, 2006 on 7:09 am
Does othAuth support granting access to user, not group?
Like user can edit article id 1 but nothing else, or can edit only documents that he owns, but not create (somebody else ‘gives’ document to him).
on November 12, 2006 on 5:16 am
Hi Othy,
I having some problem in getting authentication system working with ajax. It works perfectly when I don’t use ajax. But when ajax calls are made, authentication system fails to check for valid user.
The problem seems similar to a problem as reported by Naonak.
Regards,