Cake provides a very good tutorial on how to use the Auth component here, but its not complete. So, I spent a couple hours setting up a complete tutorial that you can download and check out a live demo. Here is what we will be creating: A web application that uses CakePHP’s Auth component to login and logout as well as bar access to certain pages if the user is not authorized. Once a user is logged-in, they will be able to go the dashboard and edit users. (Please note that I am not changing the default CakePHP theme. So below is what the login screen looks like:)
Edit: July 2014 Updates
Thanks to various reader inputs, I have updated the .zip file to fix some minor issues that were noticed. I also have a live demo that you can play with here. Fixes include:
- fixed: deleted members can no longer login
- fixed: error when you try to use an existing username or email again for a new user
Users Database Table
Let’s start by creating the users database table. The users table contains a user’s username, password and role. Additional fields are meta fields such as created and modified dates as well as a status field. (I never actually delete records, just turn their status to 0.) Here is what the final users table looks like:
CREATE TABLE users (
`id` INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
`username` VARCHAR(128),
`password` VARCHAR(128),
`email` VARCHAR(128),
`role` VARCHAR(64),
`created` DATETIME DEFAULT NULL,
`modified` DATETIME DEFAULT NULL,
`status` tinyint(1) NOT NULL DEFAULT '1'
);
Routes.php
Now, lets modify the core components of CakePHP to support our login module. First, we need to modify routes.php so that we can have a custom link for login, logout and the dashboard. This step is not required but I do it so that the URLs look clean..
Router::connect('/dashboard', array('controller' => 'users', 'action' => 'index'));
Router::connect('/login', array('controller' => 'users', 'action' => 'login'));
Router::connect('/logout', array('controller' => 'users', 'action' => 'logout'));
We also need to modify the home page so that it now points to our login action.
Router::connect('/', array('controller' => 'users', 'action' => 'login'));
User.php
Next, we need to create a file called User.php in the app\Model folder. This is our users model where all of our validation logic will be. To accomplish this, I used some of Cake’s buil-in validation rules as well as my own custom validation rules. My rules are pretty simple: Usernames must be unique, non-empty, alphanumeric and be between 5 and 15 characters. Passwords must have a minimum length of 6 and must match the confirmation password. Emails must be unique and be at least 6 characters in length. Finally, roles must be in the list of accepted roles that I have selected, which include: ‘king’, ‘queen’, ‘bishop’, ‘rook’, ‘knight’ and ‘pawn’. Some of the custom validation functions I created include isUniqueUsername() to determine if a username is unique, isUniqueEmail() to determine if an email is unique, alphaNumericDashUnderscore() to only allow alphanumeric values, equaltofield() to check if a value is equal to another value. You can learn more about CakePHP’s custom validation rules here. Finally, I had to alter the beforeSave() function so that I hash the passwords that I get before saving them. For security reasons, you should never store unencrypted passwords in your Database. Below is the full code for User.php
App::uses('AuthComponent', 'Controller/Component');
class User extends AppModel {
public $avatarUploadDir = 'img/avatars';
public $validate = array(
'username' => array(
'nonEmpty' => array(
'rule' => array('notEmpty'),
'message' => 'A username is required',
'allowEmpty' => false
),
'between' => array(
'rule' => array('between', 5, 15),
'required' => true,
'message' => 'Usernames must be between 5 to 15 characters'
),
'unique' => array(
'rule' => array('isUniqueUsername'),
'message' => 'This username is already in use'
),
'alphaNumericDashUnderscore' => array(
'rule' => array('alphaNumericDashUnderscore'),
'message' => 'Username can only be letters, numbers and underscores'
),
),
'password' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'A password is required'
),
'min_length' => array(
'rule' => array('minLength', '6'),
'message' => 'Password must have a mimimum of 6 characters'
)
),
'password_confirm' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'Please confirm your password'
),
'equaltofield' => array(
'rule' => array('equaltofield','password'),
'message' => 'Both passwords must match.'
)
),
'email' => array(
'required' => array(
'rule' => array('email', true),
'message' => 'Please provide a valid email address.'
),
'unique' => array(
'rule' => array('isUniqueEmail'),
'message' => 'This email is already in use',
),
'between' => array(
'rule' => array('between', 6, 60),
'message' => 'Usernames must be between 6 to 60 characters'
)
),
'role' => array(
'valid' => array(
'rule' => array('inList', array('king', 'queen', 'bishop', 'rook', 'knight', 'pawn')),
'message' => 'Please enter a valid role',
'allowEmpty' => false
)
),
'password_update' => array(
'min_length' => array(
'rule' => array('minLength', '6'),
'message' => 'Password must have a mimimum of 6 characters',
'allowEmpty' => true,
'required' => false
)
),
'password_confirm_update' => array(
'equaltofield' => array(
'rule' => array('equaltofield','password_update'),
'message' => 'Both passwords must match.',
'required' => false,
)
)
);
/**
* Before isUniqueUsername
* @param array $options
* @return boolean
*/
function isUniqueUsername($check) {
$username = $this->find(
'first',
array(
'fields' => array(
'User.id',
'User.username'
),
'conditions' => array(
'User.username' => $check['username']
)
)
);
if(!empty($username)){
if($this->data[$this->alias]['id'] == $username['User']['id']){
return true;
}else{
return false;
}
}else{
return true;
}
}
/**
* Before isUniqueEmail
* @param array $options
* @return boolean
*/
function isUniqueEmail($check) {
$email = $this->find(
'first',
array(
'fields' => array(
'User.id'
),
'conditions' => array(
'User.email' => $check['email']
)
)
);
if(!empty($email)){
if($this->data[$this->alias]['id'] == $email['User']['id']){
return true;
}else{
return false;
}
}else{
return true;
}
}
public function alphaNumericDashUnderscore($check) {
// $data array is passed using the form field name as the key
// have to extract the value to make the function generic
$value = array_values($check);
$value = $value[0];
return preg_match('/^[a-zA-Z0-9_ \-]*$/', $value);
}
public function equaltofield($check,$otherfield)
{
//get name of field
$fname = '';
foreach ($check as $key => $value){
$fname = $key;
break;
}
return $this->data[$this->name][$otherfield] === $this->data[$this->name][$fname];
}
/**
* Before Save
* @param array $options
* @return boolean
*/
public function beforeSave($options = array()) {
// hash our password
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
}
// if we get a new password, hash it
if (isset($this->data[$this->alias]['password_update']) && !empty($this->data[$this->alias]['password_update'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password_update']);
}
// fallback to our parent
return parent::beforeSave($options);
}
}
AppController.php
Next, AppController needs to be modified so that it uses Cake’s Auth component. This is where we tell the Auth component to redirect users to the index page after a successful login and to the login page after they logout. Once we do so, we need to update the beforeFilter() function to only allow the login action to be authorized in any controller. All other actions will only be accessible after the user is logged-in. I’ve also setup an isAuthorized() function that could be used to manage access to various pages. (The isAuthorized() function is not covered in this post, but its quite easy to setup one..)
public $components = array(
'DebugKit.Toolbar',
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'authError' => 'You must be logged in to view this page.',
'loginError' => 'Invalid Username or Password entered, please try again.'
));
// only allow the login controllers only
public function beforeFilter() {
$this->Auth->allow('login');
}
public function isAuthorized($user) {
// Here is where we should verify the role and give access based on role
return true;
}
UsersController.php
At this point, we can create our Users controller by creating a file called UsersController.php in app/Controller. This controler contains functions for login, logout, edit, index, add, edit and delete. There is also a function called activate, which is used to turn a user’s status back to active after they have been deleted. (remember that I don’t actually delete users. I just change their status flag). One important thing to note is that I override the beforeFilter() function defined in AppController so that I now allow login() and add() functions to be visible without requiring authorization. If we don’t do this, we will never be able to add users to our application. The rest of the controller is pretty straightforward and the full code is presented below:
class UsersController extends AppController {
public $paginate = array(
'limit' => 25,
'conditions' => array('status' => '1'),
'order' => array('User.username' => 'asc' )
);
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('login','add');
}
public function login() {
//if already logged-in, redirect
if($this->Session->check('Auth.User')){
$this->redirect(array('action' => 'index'));
}
// if we get the post information, try to authenticate
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->Session->setFlash(__('Welcome, '. $this->Auth->user('username')));
$this->redirect($this->Auth->redirectUrl());
} else {
$this->Session->setFlash(__('Invalid username or password'));
}
}
}
public function logout() {
$this->redirect($this->Auth->logout());
}
public function index() {
$this->paginate = array(
'limit' => 6,
'order' => array('User.username' => 'asc' )
);
$users = $this->paginate('User');
$this->set(compact('users'));
}
public function add() {
if ($this->request->is('post')) {
$this->User->create();
if ($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user has been created'));
$this->redirect(array('action' => 'index'));
} else {
$this->Session->setFlash(__('The user could not be created. Please, try again.'));
}
}
}
public function edit($id = null) {
if (!$id) {
$this->Session->setFlash('Please provide a user id');
$this->redirect(array('action'=>'index'));
}
$user = $this->User->findById($id);
if (!$user) {
$this->Session->setFlash('Invalid User ID Provided');
$this->redirect(array('action'=>'index'));
}
if ($this->request->is('post') || $this->request->is('put')) {
$this->User->id = $id;
if ($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user has been updated'));
$this->redirect(array('action' => 'edit', $id));
}else{
$this->Session->setFlash(__('Unable to update your user.'));
}
}
if (!$this->request->data) {
$this->request->data = $user;
}
}
public function delete($id = null) {
if (!$id) {
$this->Session->setFlash('Please provide a user id');
$this->redirect(array('action'=>'index'));
}
$this->User->id = $id;
if (!$this->User->exists()) {
$this->Session->setFlash('Invalid user id provided');
$this->redirect(array('action'=>'index'));
}
if ($this->User->saveField('status', 0)) {
$this->Session->setFlash(__('User deleted'));
$this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('User was not deleted'));
$this->redirect(array('action' => 'index'));
}
public function activate($id = null) {
if (!$id) {
$this->Session->setFlash('Please provide a user id');
$this->redirect(array('action'=>'index'));
}
$this->User->id = $id;
if (!$this->User->exists()) {
$this->Session->setFlash('Invalid user id provided');
$this->redirect(array('action'=>'index'));
}
if ($this->User->saveField('status', 1)) {
$this->Session->setFlash(__('User re-activated'));
$this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('User was not re-activated'));
$this->redirect(array('action' => 'index'));
}
}
All that remains is creating our ctp files that match the actions in our controller. Here they are:
login.ctp
This is the main page that is used to login to the system. It requires a valid username and password combination.
<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
<fieldset>
<legend><?php echo __('Please enter your username and password'); ?></legend>
<?php echo $this->Form->input('username');
echo $this->Form->input('password');
?>
</fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>
<?php
echo $this->Html->link( "Add A New User", array('action'=>'add') );
?>
add.ctp
This is the page that allows you to add new users to the system. It is available when you are logged-in and when you are logged-out. The password is required twice, like in any professional website and validation rules, set in Users.php are enforced
<!-- app/View/Users/add.ctp -->
<div class="users form">
<?php echo $this->Form->create('User');?>
<fieldset>
<legend><?php echo __('Add User'); ?></legend>
<?php echo $this->Form->input('username');
echo $this->Form->input('email');
echo $this->Form->input('password');
echo $this->Form->input('password_confirm', array('label' => 'Confirm Password *', 'maxLength' => 255, 'title' => 'Confirm password', 'type'=>'password'));
echo $this->Form->input('role', array(
'options' => array( 'king' => 'King', 'queen' => 'Queen', 'rook' => 'Rook', 'bishop' => 'Bishop', 'knight' => 'Knight', 'pawn' => 'Pawn')
));
echo $this->Form->submit('Add User', array('class' => 'form-submit', 'title' => 'Click here to add the user') );
?>
</fieldset>
<?php echo $this->Form->end(); ?>
</div>
<?php
if($this->Session->check('Auth.User')){
echo $this->Html->link( "Return to Dashboard", array('action'=>'index') );
echo "<br>";
echo $this->Html->link( "Logout", array('action'=>'logout') );
}else{
echo $this->Html->link( "Return to Login Screen", array('action'=>'login') );
}
?>
which produces this form if the user is logged-in:
and this form if the user is logged-out:
index.ctp
Index.ctp acts as my dashboard and can only be accessed when a user is logged-in. This is where the list of users is displayed. It also uses Cake’s paginator to display the data.
<div class="users form">
<h1>Users</h1>
<table>
<thead>
<tr>
<th><?php echo $this->Form->checkbox('all', array('name' => 'CheckAll', 'id' => 'CheckAll')); ?></th>
<th><?php echo $this->Paginator->sort('username', 'Username');?> </th>
<th><?php echo $this->Paginator->sort('email', 'E-Mail');?></th>
<th><?php echo $this->Paginator->sort('created', 'Created');?></th>
<th><?php echo $this->Paginator->sort('modified','Last Update');?></th>
<th><?php echo $this->Paginator->sort('role','Role');?></th>
<th><?php echo $this->Paginator->sort('status','Status');?></th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php $count=0; ?>
<?php foreach($users as $user): ?>
<?php $count ++;?>
<?php if($count % 2): echo '<tr>'; else: echo '<tr class="zebra">' ?>
<?php endif; ?>
<td><?php echo $this->Form->checkbox('User.id.'.$user['User']['id']); ?></td>
<td><?php echo $this->Html->link( $user['User']['username'] , array('action'=>'edit', $user['User']['id']),array('escape' => false) );?></td>
<td style="text-align: center;"><?php echo $user['User']['email']; ?></td>
<td style="text-align: center;"><?php echo $this->Time->niceShort($user['User']['created']); ?></td>
<td style="text-align: center;"><?php echo $this->Time->niceShort($user['User']['modified']); ?></td>
<td style="text-align: center;"><?php echo $user['User']['role']; ?></td>
<td style="text-align: center;"><?php echo $user['User']['status']; ?></td>
<td >
<?php echo $this->Html->link( "Edit", array('action'=>'edit', $user['User']['id']) ); ?> |
<?php
if( $user['User']['status'] != 0){
echo $this->Html->link( "Delete", array('action'=>'delete', $user['User']['id']));}else{
echo $this->Html->link( "Re-Activate", array('action'=>'activate', $user['User']['id']));
}
?>
</td>
</tr>
<?php endforeach; ?>
<?php unset($user); ?>
</tbody>
</table>
<?php echo $this->Paginator->prev('<< ' . __('previous', true), array(), null, array('class'=>'disabled'));?>
<?php echo $this->Paginator->numbers(array( 'class' => 'numbers' ));?>
<?php echo $this->Paginator->next(__('next', true) . ' >>', array(), null, array('class' => 'disabled'));?>
</div>
<?php echo $this->Html->link( "Add A New User.", array('action'=>'add'),array('escape' => false) ); ?>
<br/>
<?php
echo $this->Html->link( "Logout", array('action'=>'logout') );
?>
It produces this form:
Edit.ctp
Edit allows you to edit data about a given user. In my case, I don’t allow users to change their username and their password only gets changed if they enter a value. (Most of these rules were inspired by the rules that WordPress has for users ) The code is below
<!-- app/View/Users/add.ctp -->
<div class="users form">
<?php echo $this->Form->create('User'); ?>
<fieldset>
<legend><?php echo __('Edit User'); ?></legend>
<?php
echo $this->Form->hidden('id', array('value' => $this->data['User']['id']));
echo $this->Form->input('username', array( 'readonly' => 'readonly', 'label' => 'Usernames cannot be changed!'));
echo $this->Form->input('email');
echo $this->Form->input('password_update', array( 'label' => 'New Password (leave empty if you do not want to change)', 'maxLength' => 255, 'type'=>'password','required' => 0));
echo $this->Form->input('password_confirm_update', array('label' => 'Confirm New Password *', 'maxLength' => 255, 'title' => 'Confirm New password', 'type'=>'password','required' => 0));
echo $this->Form->input('role', array(
'options' => array( 'king' => 'King', 'queen' => 'Queen', 'rook' => 'Rook', 'bishop' => 'Bishop', 'knight' => 'Knight', 'pawn' => 'Pawn')
));
echo $this->Form->submit('Edit User', array('class' => 'form-submit', 'title' => 'Click here to add the user') );
?>
</fieldset>
<?php echo $this->Form->end(); ?>
</div>
<?php
echo $this->Html->link( "Return to Dashboard", array('action'=>'index') );
?>
<br/>
<?php
echo $this->Html->link( "Logout", array('action'=>'logout') );
?>
Here is a screenshot:
Download it all
That concludes the tutorial. You can download the entire tutorial in zip format here.
Useful post..Good jobs…Thanks
its not working it says view for login.ctp not created
Edit User fail. Lost password when edit mail and password leave empty .(If password not empty, not fail)
Hi Hector, Keep in mind that this is a simple tutorial. So it is quite possible that certain conditions fail. You will need to add additional code to make this production-ready.
Do you have idea how resolve it?
Please! (I am starintg cake)
mifty can i get authenthication git hub code with reset password that function like your complete auth.code?
Thanks very much. Generally CakePHP for me has been horrendous, coming from more Laravel work prior to Cake, and the entire Auth in Cake seems much more complicated but still, great tutorial, thankyou.
Great Work Mifty 🙂
Good tutorial..but in my case data storing without any validation or password encryption methods used in User model..my user class breaks because of the function used in there. Can you explain why..
Very nice article. I am new to CakePHP and this has helped me out a lot
Fine way of telling, aand fastidious piece of writing to obtain information regarding my presentation focus, which
i am going to deliver in institution of higher education.
hi thank you for your tutorial ….it’s very interesting…..but i can’t adding authorization to the application
public function isAuthorized($user) {
if (isset($user[‘role’]) && $user[‘role’] === ‘king’) {
return true;
}
i follow book.cakephp i replace PostController with other Controller (ClientController) but doesn’t work i didn’t know why ?
i downloaded ur tutorial and i installed it on xamp.. i am using ubuntu OS. . but i got these errors.
Warning: include(Cake/bootstrap.php): failed to open stream: No such file or directory in /opt/lampp/htdocs/login/app/webroot/index.php on line 93
Warning: include(): Failed opening ‘Cake/bootstrap.php’ for inclusion (include_path=’/opt/lampp/htdocs/login/lib:.:/opt/lampp/lib/php’) in /opt/lampp/htdocs/login/app/webroot/index.php on line 93
Fatal error: CakePHP core could not be found. Check the value of CAKE_CORE_INCLUDE_PATH in APP/webroot/index.php. It should point to the directory containing your /cake core directory and your /vendors root directory. in /opt/lampp/htdocs/login/app/webroot/index.php on line 102
Plz solve dis .
Awesome work, but shouldn’t the model file name for users be User.php instead of Users.php?
Good catch Hussam. I just checked the CakePHP cookbook and you are right, It should be User.php not Users.php Sorry for that. For anybody interested, the CakePHP convention can be seen at http://book.cakephp.org/2.0/en/getting-started/cakephp-conventions.html#model-and-database-conventions
No problem bro. Thanks for the tutorial.
No problem bro. Thanks for the tutorial!
I updated the post so that it now says User.php instead of Users.php. I wrote the wrong name in the article but the code had User,php in it.
Great tutorial Mifty . Saved a lot of time. Thank You 🙂
You’re welcome, ANoop
Hey Mifty…i need a bit more help of yours. Cal u please explain more about the session and Auth you used in this tutorial
Great one,love you man….thanks you
Una vez mas lo repito… Vida eterna para la gente como vos! Gracias!!! Un saludo desde Argentina.
Hi Mifty,
I am a beginner in Cakephp and you have written a great tutorial for people like us.
I have a query. In the edit functionality we have kept username readonly.
In this case also the username will be posted again and will be validated according to the conditions specified in the User model. In case somebody changes the username is browser by disabling the the readonly attribute then it will get saved to database.
Can we do it in some way like we can restrict the validation and saving of some fields like ‘username’?
In CI we can set validation rules for edit separately. Can we do something like that here as well?
Not sure if i am correctly understanding the implementation. Please let me know incase i am wrong.
Thanks
Hi Radhika, CakePHP’s validatoin rules are pretty flexible. You can actually specify if you want the validation to only happen on create, on edit or in both cases. Remember that the validation happens on the server side, so it is impossible for users to change the username on the browser and for cakephp to accept it.
am getting Call to a member function login() on a non-object error in userscontroller.php can any body tell me how to rectify it
super awesome mifty
you do awesome stuff when u are bored
thumbs up!!
thanks for the wonderful comment. what can i say, boredom is my inspiration…
Hi Mifty
I wanted to extend your application in a way so that it can have multiple user tables
Say I have one table for admins, one for moderators and one for users
Now I want to make them all login through a single login form but wist to redirect them to their respective controllers based on their username(I mean according to the table in which their username is found)
Their usernames should be checked in all three tables one by one and in which ever table their username is found, they should be redirected to that very controller
Also they should not be allowed to see each others scree, as in if I logged in as admin, I should not be able go to moderator’s links and see the screen, instead should be redirected to my own screen
I have searched almost entire internet for it and have tried many things, but could not get anything
Any help would be appreciated
Thanks
Hey Gmalik,
If you wanted to this, you are better off having roles for the users. Therefore, you should have one user table with a field called role. The role of the user could be admin, moderator or other user. This way all these type of users would share the same login and you would only to do one single check as opposed to the three checks that you would have to do with your solution.
Hi Mifty,
thank’s for that most complete turorial it was so helpful!
You really saved my day 🙂
Best wishes from Germany.
Coastcrawler
Glad i could help, coastcrawler.
Undefined index: id [APP\Model\User.php, line 114] error if i entered same user name which exists in database
Hello !
To resolve the same user name bug,
Replace the isUniqueUsername function by this function:
($this->data[$this->alias][‘id’] is replaced with $this->id)
/**
* Before isUniqueUsername
* @param array $options
* @return boolean
*/
function isUniqueUsername($check) {
$username = $this->find(
‘first’,
array(
‘fields’ => array(
‘User.id’,
‘User.username’
),
‘conditions’ => array(
‘User.username’ => $check[‘username’]
)
)
);
if(!empty($username)){
if($this->id == $username[‘User’][‘id’]){
return true;
}else{
return false;
}
}else{
return true;
}
}
You can apply the same logic to email verificaion function 🙂
Hey Mifty
Thank you very much for the idea. What I did was, made 3 controllers, views and models & then they could login only if they were in that table, also I had put a check in all the methods if the user is in the right controller, if not they were redirected to the ones
But the idea that you gave for the master table is even better, it will help me solve my one login screen issue, and then users can be redirected to the views based on their controllers, but in any case I will have to make 3 tables separately for all of them, as in admin can add both users and moderators, moderators can add only users & moderators table will have an admin id field signifying the admin who had added them and user table will have fields for both moderator and admin id, so that their relationship can be uniquely identified as well.
Anyways thank you very much for your reply, but I was stuck with another problem
I had one more cakephp application on which I wanted to integrate the login(the one with 3 M, V & C), which I created with your help
Can you guide me how to merge the two, it already has a login, but it is not that effective and not that structured. How should I merge the two codes?
Can you please tell me what are the possible places the Auth is worked with & where the session is created so that i can remove default session from there and put your code over there so that it works with the login created by us!
Thanks
Thanks for sharing!
Hey, nice tutorial! Great sharing Mifty.
Could you help me to solve the issues related to login. When i delete the account (de-activate) and i try to login using the de-activate account. it seem like the system still allowed the de-activated users to login. Any solution? Thanks in advance 🙂
Hi mifty, nevermind, found a solution and share here:
if ($this->request->is(‘post’)) {
if ($this->Auth->login()) {
$status = $this->Auth->user(‘status’);
if($status != 0){
$this->Session->setFlash(__(‘Welcome, ‘. $this->Auth->user(‘username’)));
Good catch Joe! Thanks for sharing the solution with everyone. I cant believe that I forgot to do that check…
Hi. I thought I’d share the full code to get the status based login working properly. The code Joe shared doesn’t actually prevent you from being logged in. The way I’ve done it also allows for if you have more than one status (e.g. 1=active, 0=deleted, 2=unverified)…
if ($this->request->is(‘post’)) {
if ($this->Auth->login()) {
$status = $this->Auth->user(‘status’);
if ($status != 1){
$this->Session->setFlash(__(‘Your account is not active.’));
$this->redirect($this->Auth->logout());
}
$this->Session->setFlash(__(‘Welcome, ‘. $this->Auth->user(‘fullname’)));
$this->redirect($this->Auth->redirectUrl());
}
} else {
$this->Session->setFlash(__(‘Invalid username or password’));
}
Sorry, I made a slight error in my code! I put a bracket in the wrong place. It should be…
if ($this->request->is(‘post’)) {
if ($this->Auth->login()) {
$status = $this->Auth->user(‘status’);
if ($status != 1){
$this->Session->setFlash(__(‘Your account is not active.’));
$this->redirect($this->Auth->logout());
}
$this->Session->setFlash(__(‘Welcome, ‘. $this->Auth->user(‘fullname’)));
$this->redirect($this->Auth->redirectUrl());
} else {
$this->Session->setFlash(__(‘Invalid username or password’));
}
}
Nice tutorial ! Thanks you very much !
But i’ve the same bug as Raj,
If you edit, and make a mistake (detected by validation rules)
The form is showed up with and additional error:
Notice (8): Undefined index: id [APP\View\Users\edit.ctp, line 5]
Thanks if someone have a solution 🙂