dongqiancui9194 2012-05-24 09:27
浏览 13
已采纳

CakePHP 2.0帐户验证

I'm trying to create a simply login page. I want validation on that page so that when a user clicks login the site checks that in the users database activated is set to 1, if not they can't login. I'm still very new to cakephp and am trying to pick up quickly so I'm sorry if this is a simple beginner question.

here is the validation in my User model 

public $checkActive = array(
    'activated'=>array(
            'rule'=>array('equalTo', '0'),
            'message'=>'The account must be activated, please check your email.'
        ));

here is the login function in my usersController

 public function login() {

    $this->set('title_for_layout', 'Individual Registration');
    $this->set('stylesheet_used', 'style');
    $this->set('image_used', 'eBOXLogo.jpg');


    if ($this->request->is('post')){
    if ($this->request->data['User']['password'] == 'qazwsx'){
    if ($this->Auth->login()){
     if (0 === $this->User->find('count',array('conditions'=>array('enabled'=>1,'login'=> $username)))) {
         $this->Session->setFlash('Sorry, your account is not validated yet.');
    }

        $this->Auth->user('id');
        $this->redirect($this->Auth->redirect('eboxs/home')); 
        }   
    } 
    else {

        $this->Session->setFlash('Username or password is incorrect');
    }
    }else{
    $this->Session->setFlash('Welcome, please login');
    }


}

here is my beforeLogin function in the usersController

 public function beforeLogin(){

    if(isset($this->data['User']['password'])){
        $this->data['User']['password'] = AuthComponent::password($this->data['User']['password']);
        }
        return true;
    }

app controller 

class AppController extends Controller {

    public $components = array(
        'DebugKit.Toolbar',
        'Session', 
        'Auth'=>array(
            'loginRedirect'=>array('controller'=>'users', 'action'=>'login'),
            'logoutRedirect'=>array('controller'=>'users', 'action'=>'login'),
            'authError'=>"You can't access this page",
            'authorize'=>array('Controller')
        )
    );

    public function isAuthorized($user){
        return true;
    }

    public function beforeFilter(){
    $this->Auth->allow('index','view');
    $this->set('logged_in', $this->Auth->loggedIn());
    $this->set('current_user',$this->Auth->user());

    }

I realize that there is no call in my controller to the validation but with my other validation such as username is unique, I haven't had to call it.

in short at the moment anyone can log into my page, I'm trying to make it so only those who have 1 in the activated field in the users table can login.

  • 写回答

2条回答 默认 最新

  • drb88830 2012-05-24 10:21
    关注

    One option would be to check account validation right after login like this : 

    <?php
if ($this->request->is('post')){
if ($this->request->data['User']['password'] == 'qazwsx'){
if ($this->Auth->login()) {

    // login ok, but check if activated
    $username = $this->request->data['User']['username'];
    if (0 === $this->User->find('count',array('conditions'=>array('activated'=>1,'username'=> $username)))) {
         $this->Session->setFlash('Sorry, your account is not validated yet.');
         $this->redirec($this->referer());
    }

    $this->Auth->user('id');
    $this->redirect($this->Auth->redirect('eboxs/home')); 
    }   
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题