Hi Luke -
I think you're making this process more difficult than it needs to
be. I haven't used HTTP auth in the Security component, so I can't
offer much insight in that realm. But you may just want to look into
using the Auth component, its pretty straightforward. Check out
Chris's article here:
http://www.littlehart.net/atthekeyboard/2007/09/11/a-hopefully-useful-tutorial-for-using-cakephps-auth-component/
On Nov 1, 7:03 am, luke BAKING barker <[EMAIL PROTECTED]> wrote:
> looking at the HTML of the form I am submitting, I see there is this
> token:
> <form id="MemberAddForm" method="post" action="/admin/members/add"><p
> style="display: none;"><input type="hidden" name="data[__Token][key]"
> value="451ed6fb6ba0df462ad05faad6f0bdaab07b667c" id="Token1063112810" /
>
>
>
> I suppose that is causing a mismatch upon a POST?
>
> regards
>
> luke
>
> On Nov 1, 12:55 pm, luke BAKING barker <[EMAIL PROTECTED]> wrote:
>
> > Hi,
>
> > I am using Cake 1.2 - 14th October nightly build. I have set up my
> > app_controller with admin routing, so that an admin function will ask
> > the user to authenticate with HTTP auth. (I had wanted to do a
> > simple .htaccess, with .htpasswd - so I thought I would try the Cake
> > way).
>
> > I have this working, BUT, when I submit an add form (e.g. submit
> > admin_Add or admin_edit) I get asked to authenticate again, which also
> > doesnt seem to work if correct details are put in. (The latter is to
> > do with my custom blackhole callback I think).
>
> > How can I tell the Security component not to ask for Auth again upon
> > a POST?
>
> > here is my app_controller code:
> > class AppController extends Controller {
>
> > var $helpers = array('Html','Form','Javascript');
>
> > var $components = array("Security");
>
> > function beforeFilter() {
> > if (isset($this->params["admin"])) {
>
> > $this->Security->blackHoleCallback = 'incorrect';
>
> >
> > $this->Security->requireLogin('*',array('type'=>'basic','realm' =>
> > Configure::read('Settings.title')));
>
> > $this->Security->loginUsers = array("admin" =>
> > 'password');
>
> > }
> > }
>
> > // added this callback because without, if a user enters wrong
> > details, auth prompt will not re-display
> > function incorrect () {
>
> > header('WWW-Authenticate: Basic' .'
> > realm="' .
> > Configure::read('Settings.title') . '"');
>
> > header('HTTP/1.1 401 Unauthorized');
>
> > $this->autoRender = false;
> > $this->layout = '';
>
> > die('<h1>HTTP/1.1 401 Unauthorized.</h1>
> > Details incorrect.
> > Please refresh.');
>
> > }
>
> > if I change my callback to this, it will work, but this is insecure,
> > obviously as it simply authenticates any POSTs!
>
> > function incorrect () {
> > if(!$this->RequestHandler->isPost()) {
>
> > header('WWW-Authenticate: Basic' .'
> > realm="' .
> > Configure::read('Settings.title') . '"');
>
> > header('HTTP/1.1 401 Unauthorized');
>
> > $this->autoRender = false;
> > $this->layout = '';
>
> > die('<h1>HTTP/1.1 401 Unauthorized.</h1>
> > Details incorrect.
> > Please refresh.');
> > }
> > else {
> > return true;
> > }
>
> > }
>
> > thank you in advance for any help you can offer.
>
> > Luke aka boobyW
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
