Here is a simple CakePHP login function (example taken from the CakePHP cookbook):
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
} else {
$message = 'Username or password is incorrect';
$this->Session->setFlash(__($message), 'default', array(), 'auth');
}
}
}
During testing of this login function I found out that:
if ($this->Auth->login()) {
// ...
}
It lets a user to login even if authorization was done earlier. For example, if I logged in as User1 and without a call to logout function I'm trying to log in as User2 - I will get the next error:
Notice (8): Undefined index: User [APP/Controller/UsersController.php, line 83]
In this case I can hide a login form from the user. Is it a correct way?
Update: what can you say about the next code snippet:
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->loggedIn()) {
$this->Auth->logout();
}
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
} else {
$message = 'Invalid login or password';
$this->Session->setFlash(__($message), 'default', array(), 'auth');
}
}
}