Problems with login CAKEPHP 2.6.1

Question:

I'm having problems with login to the CakePHP site, I'm following the example described on the site, but when entering any user or password, even if it's not registered with the bank, it allows access to the features.

Below is the code:

User.php

<?php       

App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');
App::uses('AppModel', 'Model');



class User extends AppModel{

    public $validate = array(
            'username' => array(
                'required' => array(
                    'rule' => array('notEmpty'),
                    'message' => 'A username is required.'
                )
            ),
            'password' => array(
                'required' => array(
                    'rule' => array('notEmpty'),
                    'message' => 'A password is required.'
                )
            ),
            'role' => array(
                'valid' => array(
                    'rule' => array('inList', array('admin', 'author')),
                    'message' => 'Please enter a valid role',
                    'allowEmpty' => false
                )
            ),

    );

    public function beforeSave($options = array()) {
        if (isset($this->data[$this->alias]['password'])) {
            $passwordHasher = new BlowfishPasswordHasher();
            $this->data[$this->alias]['password'] = $passwordHasher->hash(
                    $this->data[$this->alias]['password']
            );
        }
        return true;
    }

}
?>

UsersController.php

<?php

App::uses('AppController', 'Controller');

class UsersController extends AppController{

    public function beforeFilter(){
        parent::beforeFilter();
        $this->Auth->allow('logout');
    }

    public function index(){
        $this->User->recursive = 0;
        $this->set('users', $this->paginate());
    }

    public function view($id = null){
        $this->User->id = $id;
        if(!$this->User->exists()){
            throw new NotFoundException(__('Invalid User'));
        }
        $this->set('user', $this->User->read(null, $id));
    }

    public function add(){
        if($this->request->is('post')){
            $this->User->create();
            if($this->User->save($this->request->data)){
                $this->Session->setFlash(__('The User has been saved.'));
                $this->redirect(array('action' => 'index'));
            }
            else {
                $this->Session->setFlash(__('The user could not be saved. Please try again.'));
            }
        }

    }

    public function edit($id = null){
        $this->User->id = $id;
        if (!$this->User->exists()){
            throw new NotFoundException(__('Invalid User'));
        }

        if($this->request->is('post') || $this->request->is('put')){
            if($this->User->save($this->request->data)){
                $this->Session->setFlash(__('The user has been saved'));
                $this->redirect(array('action' => 'index'));
            }
            else {
                $this->Session->setFlash(__('The user could not been saved. Please, try again.'));
            }               
        }
        else{
            $this->request->data = $this->User->read(null, $id);
            unset($this->request->data['User']['password']);
        }
    }

    public function delete($id = null){
        $this->request->allowMethod('post');

        $this->User->id = $id;
        if(!$this->User->exists()){
            throw new NotFoundException(__('Invalid User'));
        }

        if($this->User->delete()){
            $this->Session->setFlash(__('User deleted.'));
            return $this->redirect(array('action' => 'index'));
        }
        $this->Session->setFlash(__('User was not deleted.'));
        return $this->redirect(array('action' => 'index'));
    }

    public function login(){
        if ($this->request->is('post')){
            if($this->Auth->login()){
                $this->redirect($this->Auth->redirectUrl());
            }
            else{
                $this->Session->setFlash(__('Invalid username or password, try again'));
            }
        }
    }

    public function logout(){
        return $this->redirect($this->Auth->logout());
    }
}
?>

AppController.php

<?php

App::uses('Controller', 'Controller');

class AppController extends Controller {

    public function beforeFilter(){
        $this->Auth->allow('index', 'view');
    }

    public $components = array(
            'Session',
            'Auth' => array(
                'loginRedirect' => array(
                    'controller' => 'posts',
                    'action'     => 'index' 
                ),
                'logoutRedirect' => array(
                    'controller' => 'pages',
                    'action'     => 'display',
                    'home'
                ),
                'authenticate' => array(
                    'Form' => array(
                            'passwordHasher' => 'Blowfish'
                    )
                )
            )
    );
}

?>

Login.ctp

<div class="users form">
    <?php echo $this->Session->flash('auth'); ?>
    <?php echo $this->Form->create('User'); ?>
    <fieldset>
        <legend>
            <?php echo __('Please enter your username and password'); ?>
        </legend>

        <?php echo $this->Form->input('username'); 
            echo $this->Form->input('password');
        ?>
    </fieldset>     
    <?php echo $this->Form->end(__('Login')); ?>

</div>

I found the Framework very interesting, but for some reason it is not validating the information contained in the database.

Answer:

Remove the line from the AppController that is in the beforeFilter method.

$this->Auth->allow('index', 'view');

And in UserController replace:

$this->Auth->allow('logout');

for:

$this->Auth->allow('logout','login');
Post Views: 11
Scroll to Top