Skip to content

Instantly share code, notes, and snippets.

@ansidev

ansidev/AppController.php

Created November 7, 2014 04:47
Show Gist options
  • Save ansidev/953653464899835fff4c to your computer and use it in GitHub Desktop.
Save ansidev/953653464899835fff4c to your computer and use it in GitHub Desktop.
Download ZIP
Login CakePHP 2.5.5
Raw
AppController.php
<?php
/**
* Application level Controller
*
* This file is application-wide controller file. You can put all
* application-wide controller-related methods here.
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package app.Controller
* @since CakePHP(tm) v 0.2.9
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('Controller', 'Controller');
/**
* Application Controller
*
* Add your application-wide methods in the class below, your controllers
* will inherit them.
*
* @package app.Controller
* @link http://book.cakephp.org/2.0/en/controllers.html#the-app-controller
*/
class AppController extends Controller {
public $components = array(
'DebugKit.Toolbar',
'Session',
// 'Security',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'users',
'action' => 'index'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login',
'index'
),
'authenticate' => array(
'Form' => array(
'userModel' => 'User',
'passwordHasher' => 'Blowfish',
'fields' => array(
'user_email' => 'email',
'user_pass' => 'password'
),
)
),
'authorize' => array('Controller')
),
);
public function beforeFilter() {
$this->Auth->allow('index', 'view');
Security::setHash('blowfish');
}
public function isAuthorized($user) {
//Any registered user can access public functions
if(empty($this->request->params['admin'])) {
return true;
}
//Only admin can access admin function
if(isset($this->request->params['admin'])) {
return (bool)($user['user_role'] === 'admin');
}
//Default deny
return false;
}
}
Raw
login.ctp
<!-- login.ctp -->
<?php pr(Debugger::trace()); ?>
<div class="container">
<?php echo $this->Session->flash('auth'); ?>
<?php
echo $this->Form->create(
'User',
array(
'role' => 'form'
)
);
?>
<fieldset>
<legend>
<?php echo __('Please enter your username and password!'); ?>
</legend>
<?php
echo $this->Form->input(
'user_login',
array(
'class' => 'form-control',
'label' => 'Username',
'div' => array(
'class' => 'form-group'
)
)
);
echo $this->Form->input(
'user_pass',
array(
'class' => 'form-control',
'label' => 'Password',
'type' => 'password',
'div' => array(
'class' => 'form-group'
)
)
);
echo $this->Form->submit(
__('Login'),
array(
'class' => 'btn btn-primary'
)
);
?>
</fieldset>
</div>
Raw
register.ctp
<div class="container">
<h1>Register</h1>
<?php
echo $this->Form->create(
'User',
array(
'role' => 'form' //role="form"
)
);
//User email input
echo $this->Form->input(
'user_email',
array(
'class' => 'form-control',
'label' => 'Email *',
'type' => 'email',
'placeholder' => 'Enter your email',
'div' => array(
'class' => 'form-group'
)
)
);
//Username input
echo $this->Form->input(
'user_login',
array(
'class' => 'form-control',
'label' => 'Username *',
'type' => 'text',
'placeholder' => 'Enter your username',
'div' => array(
'class' => 'form-group'
)
)
);
//Password input
echo $this->Form->input(
'user_pass',
array(
'class' => 'form-control',
'label' => 'Password *',
'type' => 'password',
'placeholder' => 'Enter your password',
'div' => array(
'class' => 'form-group'
)
)
);
//Confirm password
echo $this->Form->input(
'user_pass',
array(
'class' => 'form-control',
'label' => 'Confirm Password *',
'type' => 'password',
'placeholder' => 'Retype your password',
'div' => array(
'class' => 'form-group'
)
)
);
echo $this->Form->submit(
'Register',
array(
'class' => 'btn btn-primary'
)
);
?>
</div>
Raw
User.php
<?php
App::uses('AppModel', 'Model');
//App::import('Vendor', 'CustomPasswordHasher');
class User extends AppModel {
public $validate = array(
'user_email' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'An email is required.'
)
),
'user_login' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'A username is required.'
)
),
'user_pass' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'A password is required.'
)
),
'user_role' => array(
'valid' => array(
'rule' => array('inList', array('admin','user')),
'message' => 'Please enter a valid role',
'allowEmpty' => false
)
),
);
public function beforeSave($option = array()) {
if(isset($this->data[$this->alias]['user_pass'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data[$this->alias]['user_pass'] = $passwordHasher->hash($this->data[$this->alias]['user_pass']);
// debug($this->data[$this->alias]['user_pass']);
}
return true;
}
}
?>
Raw
UsersController.php
<?php
App::uses('AppController', 'Controller');
class UsersController extends AppController {
public $name = 'Users';
// public $scaffold;
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('register', 'logout');
if(!$this->Auth->login()) {
$this->Auth->authError = false;
}
else $this->Auth->authError = true;
}
public function index() {
$this->User->recursive = 0;
$this->set('users', $this->paginate());
// $this->helpers['Paginator'] = array('ajax' => 'CustomJS');
}
public function view($id = null) {
if(!$id) {
throw new NotFoundException(__('User ID is invalid!'));
}
$this->User->id = $id;
if(!$this->User->exists()) {
throw new NotFoundException(__('User is not exist!'));
}
$this->set('user', $this->User->read(null, $id));
}
public function edit($id = null) {
if(!$id) {
throw new NotFoundException(__('User ID is invalid!'));
}
$this->User->id = $id;
if(!$this->User->exists()) {
throw new NotFoundException(__('User is not exist!'));
}
if($this->request->is('post') || $this->request->is('put')) {
if($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user info has been updated!'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('Unable to update the user info. Please try again!'));
} else {
$this->request->data = $this->User->read(null, $id);
unset($this->request->data['User']['user_pass']);
}
}
public function delete($id = null) {
$this->request->allowMethod('post');
$this->User->id = $id;
if(!$this->User->exists()) {
throw new NotFoundException('User is not exist!');
}
if($this->User->delete()) {
$this->Session->setFlash(__('The user info has been deleted!'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('Unable to delete user %s. Please try again', h($this->request->data['User']['user_login'])));
return $this->redirect(array('action' => 'index'));
}
public function register() {
if($this->request->is('post')) {
$this->User->create();
if($this->User->save($this->request->data)) {
$id = $this->User->id;
$this->request->data['User'] = array_merge(
$this->request->data['User'],
array('id' => $id)
);
$this->Auth->login($this->request->data['User']);
// $this->Session->setFlash(__('The user %s has been added!', h($this->request->data['User']['user_login'])));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('Unable to add new user. Please try again!'));
}
}
public function login() {
if($this->Session->check('Auth.user')) {
$this->redirect(array('action' => 'index'));
}
if($this->request->is('post')) {
// debug($this->Auth->user());
// debug($this->Auth->login());
if($this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
}
$this->Session->setFlash(
__('Invalid username or password, try again!'),
array(),
'auth'
);
}
}
public function logout() {
return $this->redirect($this->Auth->logout());
}
public function isAuthorized($user) {
// All registered user can create new notes
if($this->action === 'add') {
return true;
}
//Only admin can edit or delete
if(in_array($this->action, array('edit', 'delete'))) {
$noteId = (int) $this->request->params['pass']['0'];
if($this->Note->isOwnedBy($noteId, $user['id'])) {
return true;
}
}
return parent::isAuthorized($user);
}
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment