Home CakePHP Computer Stuff CakePHP Auth Site Tutorial

CakePHP Auth Site Tutorial

,

Basic Information

CakePHP version: 2.1.4
Platform: XAMPP, Windows
Source Code: https://github.com/kevguy/Auth-Website

Preparation

  1. Step 1:
    Download the initial code using this link
  2. Step 2:
    Set up the database and database.php accordingly
  3. Step 3:
    Inside AppController.php, add the beforeFilter() method
    1. Step 3.1:
      This method is run every time before running the action of a controller

      // whenever someone tries to access these actions, 
// right before Filter Callback is called beforehand,
// this allows us to do any pre-configuration or send values to the view, etc..
public function beforeFilter() {
 // This is for non-login actions
 $this->Auth->allow('index', 'view');
}
    2. Step 3.2:
      For all the code edited, you can refer to this git diff: link
  4. Step 4:
    In UsersController.php, add login and logout functions.
    1. Step 4.1:
      The login method

      public function login() {
 // check the request type to see if it's a post request
 // if it is, that means someone is trying to login and submit the form 
 if ($this->request->is('post')){
  // so log the user in
  if ($this->Auth->login()){
   //redirect the user
   $this->redirect($this->Auth->redirect());
  } else {
   $this->Session->setFlash('Your username/password combination was incorrect');
  }
 }
}
    2. Step 4.2:
      The logout method

      public function logout() {
 $this->redirect($this->Auth->logout());
}
    3. Step 4.3:
      For all the code edited, you can refer to this git diff: link
  5. Step 5:
    Add the login page
    1. Step 5.1:
      In app/View/Users, create login.ctp

      <h2>Login</h2>
<?php
 echo $this->Form->create();
 echo $this->Form->input('username');
 echo $this->Form->input('password');
 echo $this->Form->end('Login');
?>
    2. Step 5.2:
      For all the code edited, you can refer to this git diff: link
  6. Step 6:
    Add password and confirm password fields in Users/add.ctp
    1. Step 6.1:
      For all the code edited, you can refer to this git diff: link

      echo $this->Form->input('password');
echo $this->Form->input('password_confirmation', array('type' => 'password'));
  7. Step 7:
    Add validation rules for password and password confirm fields
    1. Step 7.1:
      For all the code edited, you can refer to this git diff: link

      'password'=>array(
  'Not empty'=>array(
   'rule'=>'notEmpty',
   'message'=>'Please enter your password'
  )
 ),
 'password_confirmation'=>array(
  'Not empty'=>array(
   'rule'=>'notEmpty',
   'message'=>'Please confirm your password'
  )
  )
  8. Step 8:
    Add validation method for password and password_confirmation.
    1. Step 8.1:
      Model/User.php



      <?php
class User extends AppModel {
 ...
 public $validate = array(
  ...
  'password'=>array(
   'Not empty'=>array(
    'rule'=>'notEmpty',
    'message'=>'Please enter your password'
   ),
   'Match passwords'=>array(
    'rule'=>'matchPasswords',
    'message'=>'Your passwords do not match'
   )
  ),
  ...
 );
 public function matchPasswords($data) {
  // compare password and password_confirmation
  if ($data['password'] == $this->data['User']['password_confirmation']){
   return true;
  }
  // also invalidate the password_confimration field
  $this->invalidate('password_confirmation', 'Your passwords do not match');
  return false;
 }
}
?>
    2. Step 8.2:
      For all the code edited, you can refer to this git diff: link
  9. Step 9:
    Add beforeSave() method to encrypt the password.
    1. Step 9.1:
      Inside Model/User.php, add a new method:

      public function beforeSave($options = Array()) {
 // encrypt the password before savig user info
 if (isset($this->data['User']['password'])){
  $this->data['User']['password'] = AuthComponent::password($this->data['User']['password']);
 }
 return true;
}
    2. Step 9.2:
      For all the code edited, you can refer to this git diff: link
  10. Step 10:
    Add login/logout links
    1. Step 10.1:
      Inside beforeFilter() of Controller/AppController.php

      public function beforeFilter() {
  // This is for non-login actions
  $this->Auth->allow('index', 'view');
  $this->set('logged_in', $this->Auth->loggedIn());
  $this->set('current_user', $this->Auth->user());
 }
    2. Step 10.2:
      Add the links in View/Layouts/default.ctp

      <div style="text-align: right">
 <?php if ($logged_in): ?>
  Welcome <?php echo $current_user['username']; ?>.
  <?php echo $this->Html->link('Logout', array('controller'=>'users', 'action'=>'logout')); ?>
 <?php else: ?>
  <?php echo $this->Html->link('Login', array('controller'=>'users', 'action'=>'login')); ?>
 <?php endif; ?>
</div>
    3. Step 10.3:
      For all the code edited, you can refer to this git diff: link
  11. Step 11:
    Stop user edit/delete other user's’ information
    1. Step 11.1:
      Inside Controller/UsersController/php. add this new method:


      public function isAuthorized($user){
 if (in_array($this->action, array('edit', 'delete'))) {
  if ($user['id'] != $this->request->params['pass'][0]) {
   return false;
  }
 }
 return true;
}
    2. Step 11.2:
      For all the code edited, you can refer to this git diff: link
  12. Step 12:
    Edit index page of User to hide function button the user has no access to
    1. Step 12.1:
      Inside View/Users/index.ctp, add the following code:

      <?php if ($current_user['id'] == $user['User']['id']): ?>
 <?php echo $this->Html->link('Edit', array('action' => 'edit', $user['User']['id'])); ?>
 <?php echo $this->Form->postLink('Delete', array('action' => 'delete', $user['User']['id']), array('confirm'=>'Are you sure you want to delete that user?')); ?>
<?php endif; ?>
    2. Step 12.2:
      For all the code edited, you can refer to this git diff: link
  13. Step 13:
    Edit view page of Users to hide function buttons the user doesn't have access to
    1. Step 13.1:
      Inside View/Users/view.ctp, add the following code:

      <?php if ($current_user['id'] == $user['User']['id']): ?>
 <li><?php echo $this->Html->link('Edit User', array('action' => 'edit', $user['User']['id'])); ?> </li>
 <li><?php echo $this->Form->postLink('Delete User', array('action' => 'delete', $user['User']['id']), array('confirm'=>'Are you sure you want to delete that user?')); ?> </li>
<?php endif; ?>
    2. Step 13.2:
      For all the code edited, you can refer to this git diff: link
  14. Step 14:
    Add admin functionality.
    1. Step 14.1:
      Inside Controller/UsersController.php, add the following code inside the isAuthorized method:

      // for admin
if ($user['role'] == 'admin'){
 return true;
}
    2. Step 14.2:
      Inside View/Users/index.ctp, edit the respective condition:

      <?php if ($current_user['id'] == $user['User']['id'] || $current_user['role'] == 'admin'): ?>
    3. Step 14.3:
      Inside View/Users/view.ctp, edit the respective condition:

      <?php if ($current_user['id'] == $user['User']['id'] || $current_user['role'] == 'admin'): ?>
CakePHP Auth Site Tutorial CakePHP Auth Site Tutorial Reviewed by Kevin Lai on 11:10:00 AM Rating: 5

No comments:

Subscribe to: Post Comments ( Atom )
Powered by Blogger.