When you specify the "login" you are telling the component that you
will handle the authentication in that method. To make a login fail
from that method you must "black-hole" the request. Return values
below do nothing but they should imho.
$this->Security->loginOptions = array(
'type'=>'basic',
'login'=>'_logged_in', // <-- method name of where you want to do
authentication
'realm'=>'My_Ream'
);
function _logged_in($user) {
if ( $user['username'] == 'something' ) {
return true;
} else {
$this->Security->blackHole($this, 'login'); // <-- this is
important. Need to blackhole a bad login
return false;
}
}
On Feb 23, 8:49 pm, kazooka <[email protected]> wrote:
> Can someone please explain some things about the security component
> for me? I've used cake before but not with the security component and
> now I'm having trouble understanding some code that was written by
> somebody else involving the loginRequired() method....
>
> It's a pretty simple app with only a couple of controllers. Here's an
> example of what the app controller looks like ...
>
> class AppController extends Controller {
>
> var $components = array('Security');
>
> function beforeFilter() {
> $this->Security->requireLogin(
> 'admin_index',
> 'admin_edit',
> 'admin_add',
> 'admin_delete',
> 'admin_landing',
> array('type' => 'basic',
> 'users' => array('admin'=>'password'),
> 'login' => '_logged_in'
> )
> );
> }
>
> function _logged_in($user) {
> $this->Session->write('admin', true);
> }
>
> }
>
> Now... when I try to go to mysite/mycontroler/admin/index, I get the
> HTTP Authentication dialog alright, but it allows me to authenticate
> with any username. I can enter 'blah blah' for the username, leave the
> password field blank, and it still authenticates.
>
> So I dug into cake/libs/controllers/components/security.php and
> noticed that in SecurityComponent::loginCredentials(), it will return
> whatever was entered into the dialog, regardless of if it matches the
> values specified in the data member SecurityComponent::loginUsers
> (which stores the array of username=>password pairs specified in the
> call to SecurityCompoenent::requireLogin() inside of
> AppController::befireFilter().
>
> I also returning false in the callback, AppController::_logged_in()
> but no luck there either.
>
> Any ideas?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
