Cake provides a very good tutorial on how to use the Auth component here, but its not complete. So, I spent a couple hours setting up a complete tutorial that you can download and check out a live demo. Here is what we will be creating: A web application that uses CakePHP’s Auth component to login and logout as well as bar access to certain pages if the user is not authorized. Once a user is logged-in, they will be able to go the dashboard and edit users. (Please note that I am not changing the default CakePHP theme. So below is what the login screen looks like:)
Edit: July 2014 Updates
Thanks to various reader inputs, I have updated the .zip file to fix some minor issues that were noticed. I also have a live demo that you can play with here. Fixes include:
- fixed: deleted members can no longer login
- fixed: error when you try to use an existing username or email again for a new user
Users Database Table
Let’s start by creating the users database table. The users table contains a user’s username, password and role. Additional fields are meta fields such as created and modified dates as well as a status field. (I never actually delete records, just turn their status to 0.) Here is what the final users table looks like:
CREATE TABLE users (
`id` INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
`username` VARCHAR(128),
`password` VARCHAR(128),
`email` VARCHAR(128),
`role` VARCHAR(64),
`created` DATETIME DEFAULT NULL,
`modified` DATETIME DEFAULT NULL,
`status` tinyint(1) NOT NULL DEFAULT '1'
);
Routes.php
Now, lets modify the core components of CakePHP to support our login module. First, we need to modify routes.php so that we can have a custom link for login, logout and the dashboard. This step is not required but I do it so that the URLs look clean..
Router::connect('/dashboard', array('controller' => 'users', 'action' => 'index'));
Router::connect('/login', array('controller' => 'users', 'action' => 'login'));
Router::connect('/logout', array('controller' => 'users', 'action' => 'logout'));
We also need to modify the home page so that it now points to our login action.
Router::connect('/', array('controller' => 'users', 'action' => 'login'));
User.php
Next, we need to create a file called User.php in the app\Model folder. This is our users model where all of our validation logic will be. To accomplish this, I used some of Cake’s buil-in validation rules as well as my own custom validation rules. My rules are pretty simple: Usernames must be unique, non-empty, alphanumeric and be between 5 and 15 characters. Passwords must have a minimum length of 6 and must match the confirmation password. Emails must be unique and be at least 6 characters in length. Finally, roles must be in the list of accepted roles that I have selected, which include: ‘king’, ‘queen’, ‘bishop’, ‘rook’, ‘knight’ and ‘pawn’. Some of the custom validation functions I created include isUniqueUsername() to determine if a username is unique, isUniqueEmail() to determine if an email is unique, alphaNumericDashUnderscore() to only allow alphanumeric values, equaltofield() to check if a value is equal to another value. You can learn more about CakePHP’s custom validation rules here. Finally, I had to alter the beforeSave() function so that I hash the passwords that I get before saving them. For security reasons, you should never store unencrypted passwords in your Database. Below is the full code for User.php
App::uses('AuthComponent', 'Controller/Component');
class User extends AppModel {
public $avatarUploadDir = 'img/avatars';
public $validate = array(
'username' => array(
'nonEmpty' => array(
'rule' => array('notEmpty'),
'message' => 'A username is required',
'allowEmpty' => false
),
'between' => array(
'rule' => array('between', 5, 15),
'required' => true,
'message' => 'Usernames must be between 5 to 15 characters'
),
'unique' => array(
'rule' => array('isUniqueUsername'),
'message' => 'This username is already in use'
),
'alphaNumericDashUnderscore' => array(
'rule' => array('alphaNumericDashUnderscore'),
'message' => 'Username can only be letters, numbers and underscores'
),
),
'password' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'A password is required'
),
'min_length' => array(
'rule' => array('minLength', '6'),
'message' => 'Password must have a mimimum of 6 characters'
)
),
'password_confirm' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'Please confirm your password'
),
'equaltofield' => array(
'rule' => array('equaltofield','password'),
'message' => 'Both passwords must match.'
)
),
'email' => array(
'required' => array(
'rule' => array('email', true),
'message' => 'Please provide a valid email address.'
),
'unique' => array(
'rule' => array('isUniqueEmail'),
'message' => 'This email is already in use',
),
'between' => array(
'rule' => array('between', 6, 60),
'message' => 'Usernames must be between 6 to 60 characters'
)
),
'role' => array(
'valid' => array(
'rule' => array('inList', array('king', 'queen', 'bishop', 'rook', 'knight', 'pawn')),
'message' => 'Please enter a valid role',
'allowEmpty' => false
)
),
'password_update' => array(
'min_length' => array(
'rule' => array('minLength', '6'),
'message' => 'Password must have a mimimum of 6 characters',
'allowEmpty' => true,
'required' => false
)
),
'password_confirm_update' => array(
'equaltofield' => array(
'rule' => array('equaltofield','password_update'),
'message' => 'Both passwords must match.',
'required' => false,
)
)
);
/**
* Before isUniqueUsername
* @param array $options
* @return boolean
*/
function isUniqueUsername($check) {
$username = $this->find(
'first',
array(
'fields' => array(
'User.id',
'User.username'
),
'conditions' => array(
'User.username' => $check['username']
)
)
);
if(!empty($username)){
if($this->data[$this->alias]['id'] == $username['User']['id']){
return true;
}else{
return false;
}
}else{
return true;
}
}
/**
* Before isUniqueEmail
* @param array $options
* @return boolean
*/
function isUniqueEmail($check) {
$email = $this->find(
'first',
array(
'fields' => array(
'User.id'
),
'conditions' => array(
'User.email' => $check['email']
)
)
);
if(!empty($email)){
if($this->data[$this->alias]['id'] == $email['User']['id']){
return true;
}else{
return false;
}
}else{
return true;
}
}
public function alphaNumericDashUnderscore($check) {
// $data array is passed using the form field name as the key
// have to extract the value to make the function generic
$value = array_values($check);
$value = $value[0];
return preg_match('/^[a-zA-Z0-9_ \-]*$/', $value);
}
public function equaltofield($check,$otherfield)
{
//get name of field
$fname = '';
foreach ($check as $key => $value){
$fname = $key;
break;
}
return $this->data[$this->name][$otherfield] === $this->data[$this->name][$fname];
}
/**
* Before Save
* @param array $options
* @return boolean
*/
public function beforeSave($options = array()) {
// hash our password
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
}
// if we get a new password, hash it
if (isset($this->data[$this->alias]['password_update']) && !empty($this->data[$this->alias]['password_update'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password_update']);
}
// fallback to our parent
return parent::beforeSave($options);
}
}
AppController.php
Next, AppController needs to be modified so that it uses Cake’s Auth component. This is where we tell the Auth component to redirect users to the index page after a successful login and to the login page after they logout. Once we do so, we need to update the beforeFilter() function to only allow the login action to be authorized in any controller. All other actions will only be accessible after the user is logged-in. I’ve also setup an isAuthorized() function that could be used to manage access to various pages. (The isAuthorized() function is not covered in this post, but its quite easy to setup one..)
public $components = array(
'DebugKit.Toolbar',
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'authError' => 'You must be logged in to view this page.',
'loginError' => 'Invalid Username or Password entered, please try again.'
));
// only allow the login controllers only
public function beforeFilter() {
$this->Auth->allow('login');
}
public function isAuthorized($user) {
// Here is where we should verify the role and give access based on role
return true;
}
UsersController.php
At this point, we can create our Users controller by creating a file called UsersController.php in app/Controller. This controler contains functions for login, logout, edit, index, add, edit and delete. There is also a function called activate, which is used to turn a user’s status back to active after they have been deleted. (remember that I don’t actually delete users. I just change their status flag). One important thing to note is that I override the beforeFilter() function defined in AppController so that I now allow login() and add() functions to be visible without requiring authorization. If we don’t do this, we will never be able to add users to our application. The rest of the controller is pretty straightforward and the full code is presented below:
class UsersController extends AppController {
public $paginate = array(
'limit' => 25,
'conditions' => array('status' => '1'),
'order' => array('User.username' => 'asc' )
);
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('login','add');
}
public function login() {
//if already logged-in, redirect
if($this->Session->check('Auth.User')){
$this->redirect(array('action' => 'index'));
}
// if we get the post information, try to authenticate
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->Session->setFlash(__('Welcome, '. $this->Auth->user('username')));
$this->redirect($this->Auth->redirectUrl());
} else {
$this->Session->setFlash(__('Invalid username or password'));
}
}
}
public function logout() {
$this->redirect($this->Auth->logout());
}
public function index() {
$this->paginate = array(
'limit' => 6,
'order' => array('User.username' => 'asc' )
);
$users = $this->paginate('User');
$this->set(compact('users'));
}
public function add() {
if ($this->request->is('post')) {
$this->User->create();
if ($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user has been created'));
$this->redirect(array('action' => 'index'));
} else {
$this->Session->setFlash(__('The user could not be created. Please, try again.'));
}
}
}
public function edit($id = null) {
if (!$id) {
$this->Session->setFlash('Please provide a user id');
$this->redirect(array('action'=>'index'));
}
$user = $this->User->findById($id);
if (!$user) {
$this->Session->setFlash('Invalid User ID Provided');
$this->redirect(array('action'=>'index'));
}
if ($this->request->is('post') || $this->request->is('put')) {
$this->User->id = $id;
if ($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user has been updated'));
$this->redirect(array('action' => 'edit', $id));
}else{
$this->Session->setFlash(__('Unable to update your user.'));
}
}
if (!$this->request->data) {
$this->request->data = $user;
}
}
public function delete($id = null) {
if (!$id) {
$this->Session->setFlash('Please provide a user id');
$this->redirect(array('action'=>'index'));
}
$this->User->id = $id;
if (!$this->User->exists()) {
$this->Session->setFlash('Invalid user id provided');
$this->redirect(array('action'=>'index'));
}
if ($this->User->saveField('status', 0)) {
$this->Session->setFlash(__('User deleted'));
$this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('User was not deleted'));
$this->redirect(array('action' => 'index'));
}
public function activate($id = null) {
if (!$id) {
$this->Session->setFlash('Please provide a user id');
$this->redirect(array('action'=>'index'));
}
$this->User->id = $id;
if (!$this->User->exists()) {
$this->Session->setFlash('Invalid user id provided');
$this->redirect(array('action'=>'index'));
}
if ($this->User->saveField('status', 1)) {
$this->Session->setFlash(__('User re-activated'));
$this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('User was not re-activated'));
$this->redirect(array('action' => 'index'));
}
}
All that remains is creating our ctp files that match the actions in our controller. Here they are:
login.ctp
This is the main page that is used to login to the system. It requires a valid username and password combination.
<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
<fieldset>
<legend><?php echo __('Please enter your username and password'); ?></legend>
<?php echo $this->Form->input('username');
echo $this->Form->input('password');
?>
</fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>
<?php
echo $this->Html->link( "Add A New User", array('action'=>'add') );
?>
add.ctp
This is the page that allows you to add new users to the system. It is available when you are logged-in and when you are logged-out. The password is required twice, like in any professional website and validation rules, set in Users.php are enforced
<!-- app/View/Users/add.ctp -->
<div class="users form">
<?php echo $this->Form->create('User');?>
<fieldset>
<legend><?php echo __('Add User'); ?></legend>
<?php echo $this->Form->input('username');
echo $this->Form->input('email');
echo $this->Form->input('password');
echo $this->Form->input('password_confirm', array('label' => 'Confirm Password *', 'maxLength' => 255, 'title' => 'Confirm password', 'type'=>'password'));
echo $this->Form->input('role', array(
'options' => array( 'king' => 'King', 'queen' => 'Queen', 'rook' => 'Rook', 'bishop' => 'Bishop', 'knight' => 'Knight', 'pawn' => 'Pawn')
));
echo $this->Form->submit('Add User', array('class' => 'form-submit', 'title' => 'Click here to add the user') );
?>
</fieldset>
<?php echo $this->Form->end(); ?>
</div>
<?php
if($this->Session->check('Auth.User')){
echo $this->Html->link( "Return to Dashboard", array('action'=>'index') );
echo "<br>";
echo $this->Html->link( "Logout", array('action'=>'logout') );
}else{
echo $this->Html->link( "Return to Login Screen", array('action'=>'login') );
}
?>
which produces this form if the user is logged-in:
and this form if the user is logged-out:
index.ctp
Index.ctp acts as my dashboard and can only be accessed when a user is logged-in. This is where the list of users is displayed. It also uses Cake’s paginator to display the data.
<div class="users form">
<h1>Users</h1>
<table>
<thead>
<tr>
<th><?php echo $this->Form->checkbox('all', array('name' => 'CheckAll', 'id' => 'CheckAll')); ?></th>
<th><?php echo $this->Paginator->sort('username', 'Username');?> </th>
<th><?php echo $this->Paginator->sort('email', 'E-Mail');?></th>
<th><?php echo $this->Paginator->sort('created', 'Created');?></th>
<th><?php echo $this->Paginator->sort('modified','Last Update');?></th>
<th><?php echo $this->Paginator->sort('role','Role');?></th>
<th><?php echo $this->Paginator->sort('status','Status');?></th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php $count=0; ?>
<?php foreach($users as $user): ?>
<?php $count ++;?>
<?php if($count % 2): echo '<tr>'; else: echo '<tr class="zebra">' ?>
<?php endif; ?>
<td><?php echo $this->Form->checkbox('User.id.'.$user['User']['id']); ?></td>
<td><?php echo $this->Html->link( $user['User']['username'] , array('action'=>'edit', $user['User']['id']),array('escape' => false) );?></td>
<td style="text-align: center;"><?php echo $user['User']['email']; ?></td>
<td style="text-align: center;"><?php echo $this->Time->niceShort($user['User']['created']); ?></td>
<td style="text-align: center;"><?php echo $this->Time->niceShort($user['User']['modified']); ?></td>
<td style="text-align: center;"><?php echo $user['User']['role']; ?></td>
<td style="text-align: center;"><?php echo $user['User']['status']; ?></td>
<td >
<?php echo $this->Html->link( "Edit", array('action'=>'edit', $user['User']['id']) ); ?> |
<?php
if( $user['User']['status'] != 0){
echo $this->Html->link( "Delete", array('action'=>'delete', $user['User']['id']));}else{
echo $this->Html->link( "Re-Activate", array('action'=>'activate', $user['User']['id']));
}
?>
</td>
</tr>
<?php endforeach; ?>
<?php unset($user); ?>
</tbody>
</table>
<?php echo $this->Paginator->prev('<< ' . __('previous', true), array(), null, array('class'=>'disabled'));?>
<?php echo $this->Paginator->numbers(array( 'class' => 'numbers' ));?>
<?php echo $this->Paginator->next(__('next', true) . ' >>', array(), null, array('class' => 'disabled'));?>
</div>
<?php echo $this->Html->link( "Add A New User.", array('action'=>'add'),array('escape' => false) ); ?>
<br/>
<?php
echo $this->Html->link( "Logout", array('action'=>'logout') );
?>
It produces this form:
Edit.ctp
Edit allows you to edit data about a given user. In my case, I don’t allow users to change their username and their password only gets changed if they enter a value. (Most of these rules were inspired by the rules that WordPress has for users ) The code is below
<!-- app/View/Users/add.ctp -->
<div class="users form">
<?php echo $this->Form->create('User'); ?>
<fieldset>
<legend><?php echo __('Edit User'); ?></legend>
<?php
echo $this->Form->hidden('id', array('value' => $this->data['User']['id']));
echo $this->Form->input('username', array( 'readonly' => 'readonly', 'label' => 'Usernames cannot be changed!'));
echo $this->Form->input('email');
echo $this->Form->input('password_update', array( 'label' => 'New Password (leave empty if you do not want to change)', 'maxLength' => 255, 'type'=>'password','required' => 0));
echo $this->Form->input('password_confirm_update', array('label' => 'Confirm New Password *', 'maxLength' => 255, 'title' => 'Confirm New password', 'type'=>'password','required' => 0));
echo $this->Form->input('role', array(
'options' => array( 'king' => 'King', 'queen' => 'Queen', 'rook' => 'Rook', 'bishop' => 'Bishop', 'knight' => 'Knight', 'pawn' => 'Pawn')
));
echo $this->Form->submit('Edit User', array('class' => 'form-submit', 'title' => 'Click here to add the user') );
?>
</fieldset>
<?php echo $this->Form->end(); ?>
</div>
<?php
echo $this->Html->link( "Return to Dashboard", array('action'=>'index') );
?>
<br/>
<?php
echo $this->Html->link( "Logout", array('action'=>'logout') );
?>
Here is a screenshot:
Download it all
That concludes the tutorial. You can download the entire tutorial in zip format here.
thanks it is very usefull, i try the cake offical tutorial too but dont work for me
in fact i get to renamme my database table “utilisateurs” to “users” to get it work
( i try many thinks to force to use my “utilisateurs” table but dont work)
Bonjour alain,
Hopefully, this tutorial works out for ya 😉
Mifty i need to add reset password to my authentication could you help me?
hi, reset password should be a method handled in the users controller. If you wanted to setup a simple implementation, you could create a route called reset_password(). This route would simple reset the user’s password to a new value and send the unencrypted version to the user and store the encrypted version in the DB. You can use the Authcomponent to encrypt the password before saving it.
can you send it me by my email mifty? thankyou.
Thanks good post
[…] http://dailysyntax.com/20-collection-cakephp-tutorials-you-should-know/ http://miftyisbored.com/a-complete-login-and-authentication-application-tutorial-for-cakephp-2-3/ http://my-cakephp.blogspot.in/2009/11/cakephp-tutorial.html […]
how to run it on the localhost…
Before testing on my development server, I developed and tested the code using WAMP so it is quite easy to test on a localhost. If you plan on running the server on a localhost, then your client must also run on the same localhost.
Hi Mifty,
Upzipped on ubuntu , gave a blank page.
hi shashank. unfortunately, i have not tried this code in ubuntu and do not know what could be the cause of your blank page. Have you tried debuging by turning the debug level to 2?
[…] releasing my tutorial for a complete login and authentication system using CakePHP, I have received a lot of positive comments and private emails. I have also received quite a few […]
[…] releasing my tutorial for a complete login and authentication system using CakePHP, I have received a lot of positive comments and private emails. I have also received quite a few […]
Muy interesante y muy práctico. Muchas gracias.
Hi, I’m new to CakePHP. But I’m interested in learning this. I downloaded and worked with your files. In your table the passwords are stored using some encryption method. I want to know how the password gets encrypted. Can you please explain?
Thanks.
I mean which encrypt method is used here?
Hi Franklin,
CakePHP’s Auth component handles encryption of the password fields. As I’m sure every good programmer knows, we should NEVER store passwords in a database!. So in the case of CakePHP, we let Cake’s AuthComponent take care of hasing the passwords for us. You’ll notice that in the beforeSave() method of the Users model, I call the method AuthComponent::password(). This method is used to hash the passwords of the users. The hash keys are based on the values that you set inside your config.php file’s Security values. That’s why its super important to change the values of Security.salt and Security.cipherSeed for any of your CakePHP applications.
It hashes by using Cake’s default password hashing method since I have not set a specific hasher. CakePHP’s Auth component also allows you to choose your password hashing method. You can learn more about CakePHP password hashing here: http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#hashing-passwords
Hi Mifty,
Thanks a lot for your response. You cleared my queries. So I got a clear idea now. Once again thank you so much.
It uses the Cakephp Predefined utility of BlowfishPasswordHasher , or any other Hash Algorithm defined in cakephp like (Bcrypt) etc. You just need to include the plugin to start using it.
Thanks Mifty! You cleared some stuff for me and described details which cake’s documentation lacks in some cases. I will look at your other posts as this has proven quite helpful! Regards
glad i could help…
where there is the encriptation of the password when do you do login? because i have a error just here, but after this is amazing
encryption of the password happens at the beforeSave() method of the Users model, I call the method AuthComponent::password() which encrypts the password of the user.
Hi,
I have downloaded ur code and i have put it in my server like this xampp/htdocs/cake-2_3-user-auth. I want to know how to run in browser. I have run like this localhost/cake-2_3-user-auth but it s not opening the login screen. Can u pls tell me how to open login screen?
I have run in browser like this http://localhost/cake-2_3-user-auth/users/login
But it is showing error like Object not found!
The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster.
Error 404
localhost
20/02/14 12:29:22 PM
Apache/2.2.17 (Win32) mod_ssl/2.2.17 OpenSSL/0.9.8o PHP/5.3.4 mod_perl/2.0.4 Perl/v5.10.1
“INVALID USERNAME AND PASSWORD my user and my password are correct but I cannot entry
Thanks Mifty! it is very usefull post.
What does it mean by “$this->Auth->login()” on line# 25 UsersController.php page?
That is the line responsible for actually doing the login. Remember that we are using the Auth component to login the users. So we need to use its login() function to authenticate the user. As the CakePHP documentation states:
Yes that’s i understood but whenever i do login, i am just getting only one error “INVALID USERNAME AND PASSWORD” even though that username and password are exist in database. have i need to encrypt my password in db? or when i goes to add a new user, cakephp stores the passwords as a plain text without any kinds of encryption…why it is?? Thank you.
Edit User fail. Lost password when edit mail and password leave empty .(If password not empty, not fail)
try using $this->Auth->login($this->request->data));
I need to divide two, i.e user and admin . User access some pages and Admin access some pages how to set the sessions and how authenticate each page, That page access user Or admin. how to setup admin access pages and user access pages. Please give replay.
Advance Thanks.
Very well explained tutorial! Thank you
But i am getting this error whenever I use the Auth component, and don’t know how to fix it
AuthHelper cannot be found. (internal error)
Any idea why this is happening? Any help would be appreciated
Hi natasia. You need to make sure that you are using the Auth component in your controller. In the AppController fle, you will see that I specify all the components that I am using and one of them is the Auth component:
public $components = array( 'DebugKit.Toolbar', 'Session', 'Auth' => array( 'loginRedirect' => array('controller' => 'users', 'action' => 'index'), 'logoutRedirect' => array('controller' => 'users', 'action' => 'login'), 'authError' => 'You must be logged in to view this page.', 'loginError' => 'Invalid Username or Password entered, please try again.' ));If you dont do this, the Auth component is not loaded and things will fail.
Hi
I just play the phpcake and did tried your login tutorial posted.
When I try running it in localhost, i receive some errors and search the solution.
So I found your post as suggested, so I implemented the Auth component.
But then didn’t work. Here’s what it looks;
http://postimg.org/image/4toq41f67/
Hope I still have hopes for my practice.
Sir,
I really appreciate this guide, as it has helped me greatly. I am interested in “roles” and the function isAuthorized. Can you give a short example and explanation of the isAuthorized function? Limiting certain users to edit/create new users ect.
Thanks!!
Hady
isAuthorized is a mechanism to restrict certain controllers to specific users. For example, I can define a user to have a role of ‘admin’ and then use the isAuthorized function to restrict access to the edit() controller only to admin users. Here is a simple example taken from the CakePHP cookbook:
public function isAuthorized($user) { // Admin can access every action if (isset($user['role']) && $user['role'] === 'admin') { return true; } // Default deny return false; }Hola. tengo una duda sobre donde utilizar la funcion isAuthorized(). Lo valido en el AppControler o en el UserController? Actualmente defini 3 roles a mi sistema y quiero que solo el usuario que tenga rol administrador pueda agregar, editar y desactivar. Con respecto a la desactivacion y activacion de usuarios queria preguntar como valido la desactivacion , ya que aunque desactive un usuario y quede en estatus cero el mismo se loguea de la misma manera que cuando se encuentra activo.
Sorry Oreana! I’d love to help but I dont speak spanish 🙁
jjejeje . Hello. I have a question about where to use the IsAuthorized () function. I earned in the AppController or UserController? Currently definitive three roles to my system and I want only the user with the administrator role can add, edit and disable. With respect to activation and deactivation of users wanted to ask deactivation as valid as though a user off and stay in the same zero status is logged in the same way that when it is active.
Hi,
isAuthorized() is used by the Auth Component to grant access to a controller function or not. It does not check permissions at all. On the other hand, the roles allow you to check permissions. So, for example you can decide that the edit() function is only available when you are logged-in, then you would use the isAuthorized() function. However if you decide that once logged-in, only administrators can delete() users, then you would use the role field. I hope this helps 🙂
How will I customize it.
If I am using auth with user model
where I have make these changes
Hi Sudhir,
what do you mean by customize it?
Hi, this is great thanks. Is there a way to show different content depending on user? For example a use with King, could that be classed as an admin login, so they see additional features ?
Thanks,
Mark
Thank you very much for sharing! I was able to copy the code to run successfully, but do not know the principle, for example, I now demand the use of plug-in requires the user to log in to build CRUD management background, how to do it?
I’m not quite sure what that means. could you give an example? Then I will see if it is inside the scope of this tutorial…
[…] (O conteúdo original deste artigo pode ser acompanhado aqui) […]
Thank you …
Thank You…
Well appriciated, bless you for the work
Very useful plugin Mifty it allowed me to actually get the login and sign up functions for my site working. What I would love though is a short instruction on how we can get persons to edit or replace their password if they ever forgot it via a link sent to their email… yes a basic password recovery option.
Also: how can I set the default role in the form and then hide the option to select the role.
Thanks in advance.
Hi Horace. What you are asking for is a great idea. I will create a tutorial on this topic very soon.
Great I will continue to watch for the update
THANK YOU SO MUCH!
Thanks!!!!!!!!
Thanks a lot man..This post really help me..