looking at the HTML of the form I am submitting, I see there is this
token:
<form id="MemberAddForm" method="post" action="/admin/members/add"><p
style="display: none;"><input type="hidden" name="data[__Token][key]"
value="451ed6fb6ba0df462ad05faad6f0bdaab07b667c" id="Token1063112810" /
>
I suppose that is causing a mismatch upon a POST?
regards
luke
On Nov 1, 12:55 pm, luke BAKING barker <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am using Cake 1.2 - 14th October nightly build. I have set up my
> app_controller with admin routing, so that an admin function will ask
> the user to authenticate with HTTP auth. (I had wanted to do a
> simple .htaccess, with .htpasswd - so I thought I would try the Cake
> way).
>
> I have this working, BUT, when I submit an add form (e.g. submit
> admin_Add or admin_edit) I get asked to authenticate again, which also
> doesnt seem to work if correct details are put in. (The latter is to
> do with my custom blackhole callback I think).
>
> How can I tell the Security component not to ask for Auth again upon
> a POST?
>
> here is my app_controller code:
> class AppController extends Controller {
>
> var $helpers = array('Html','Form','Javascript');
>
> var $components = array("Security");
>
> function beforeFilter() {
> if (isset($this->params["admin"])) {
>
> $this->Security->blackHoleCallback = 'incorrect';
>
>
> $this->Security->requireLogin('*',array('type'=>'basic','realm' =>
> Configure::read('Settings.title')));
>
> $this->Security->loginUsers = array("admin" =>
> 'password');
>
> }
> }
>
> // added this callback because without, if a user enters wrong
> details, auth prompt will not re-display
> function incorrect () {
>
> header('WWW-Authenticate: Basic' .' realm="' .
> Configure::read('Settings.title') . '"');
>
> header('HTTP/1.1 401 Unauthorized');
>
> $this->autoRender = false;
> $this->layout = '';
>
> die('<h1>HTTP/1.1 401 Unauthorized.</h1> Details
> incorrect.
> Please refresh.');
>
> }
>
> if I change my callback to this, it will work, but this is insecure,
> obviously as it simply authenticates any POSTs!
>
> function incorrect () {
> if(!$this->RequestHandler->isPost()) {
>
> header('WWW-Authenticate: Basic' .' realm="' .
> Configure::read('Settings.title') . '"');
>
> header('HTTP/1.1 401 Unauthorized');
>
> $this->autoRender = false;
> $this->layout = '';
>
> die('<h1>HTTP/1.1 401 Unauthorized.</h1> Details
> incorrect.
> Please refresh.');
> }
> else {
> return true;
> }
>
> }
>
> thank you in advance for any help you can offer.
>
> Luke aka boobyW
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
