2014-02-28 07:13 阅读 12


I have created many Authentication apps with CakePHP fairly easily. However, it's always the same: Username and Password.

I want to create a login for a user to select a company as well, and if authentication to that company fails, it returns back to the login page without having him logged on.

Reason for this is, we work in a 'Parent' company that has many children. All the administration for these children companies comes through the parent company. But now, since not all employees in the Parent company has access to all children companies, we need to check if, when they log into a certain company, they have access to that specific company. The trick is that it's a one to many relationship. One user, can have access to one company or 2 or 3 or all of them.

I have the basics of authentication down, thanks to the guide on the cakePHP site, but what would I need to change from here, to do the extra Authentication check?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

2条回答 默认 最新

  • 已采纳
    dongwen3093 dongwen3093 2014-02-28 07:42

    You have to create your own Authenticate component

    you have to implement a function that checks if your user can log in and return an array of his data if so or false otherwise.

    something like


    App::uses('FormAuthenticate', 'Controller/Component/Auth');
    class CompanyAuthenticate extends FormAuthenticate
        public function authenticate(CakeRequest $request, CakeResponse $response)
            $user = parent::authenticate($request, $response);
                return false;
                 //check company
                 // if company is ok return $user
                 // else return false


    Of course you have to tell your application you are using this kind of authentication

    So in your AppController you have to do:

    public $components = array(
        'Auth' => array(
            'authenticate' => array('Company'),
             // ... other options
        // ... other components you wish to load
    点赞 评论 复制链接分享
  • dpspn60064 dpspn60064 2014-02-28 08:26

    A note of caution using this method:

    I inherited a CMS that did something like this. It was set up with a company name, company password, username, and user password. The one instance of the CMS would then administer many websites, choosing which one based on the credentials entered.

    This turned out to be the most confusing mess for the users. They would constantly call up trying to figure out their company username and company password. This might have been OK back in the days of arbitrary usernames, but these days when most people use the email address as the username it's not required.

    I can't see a valid reason for doing this at all, based on my experience. If companies like google, paypal, facebook etc can figure it out with just a username and password, then I'm sure you'll be able to sort it out.

    Just my $0.02, and as it looks like you're just starting the development for the system I hope you investigate other possibilities :-)

    点赞 评论 复制链接分享