
I am implementing authentication in Cakephp App.

In that App, I started implementing auth by following this tutorial: Simple Authentication and Authorization Application but this tutorial needs verification email to be sent, not sure why. here is my code:

User Model:

App::uses('AppModel', 'Model');
App::uses('AuthComponent', 'Controller/Component');
 * User Model
class User extends AppModel {

 * Display field
 * @var string
    public $displayField = 'username';

 * Validation rules
 * @var array
    public $validate = array(
        'username' => array(
            'notempty' => array(
                'rule' => array('notempty'),
                //'message' => 'Your custom message here',
                //'allowEmpty' => false,
                //'required' => false,
                //'last' => false, // Stop validation after this rule
                //'on' => 'create', // Limit validation to 'create' or 'update' operations
        'password' => array(
            'notempty' => array(
                'rule' => array('notempty'),
                //'message' => 'Your custom message here',
                //'allowEmpty' => false,
                //'required' => false,
                //'last' => false, // Stop validation after this rule
                //'on' => 'create', // Limit validation to 'create' or 'update' operations

    public function beforeSave($options = array()) {
        if (isset($this->data[$this->alias]['password'])) {
            $this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
        return true;


class AppController extends Controller {
    public $layout = 'bootstrap';

    public $helpers = array(
            'Html' => array('className' => 'TwitterBootstrap.BootstrapHtml'),
            'Form' => array('className' => 'TwitterBootstrap.BootstrapForm'),
            'Paginator' => array('className' => 'TwitterBootstrap.BootstrapPaginator'),

    public $components = array(
        'Auth' => array(
            'loginRedirect' => array('controller' => 'reports', 'action' => 'index'),
            'logoutRedirect' => array('controller' => 'pages', 'action' => 'display', 'home')



App::uses('AppController', 'Controller');
 * Users Controller
 * @property User $User
class UsersController extends AppController {

 *  Layout
 * @var string
    public $layout = 'bootstrap';

 * Helpers
 * @var array
    public $helpers = array('TwitterBootstrap.BootstrapHtml', 'TwitterBootstrap.BootstrapForm', 'TwitterBootstrap.BootstrapPaginator');
 * Components
 * @var array
    public $components = array('Session');

    public function beforeFilter() {
        $this->Auth->allow('add', 'logout');

        public function login() {
            if ($this->request->is('post')) {
            if ($this->Auth->login()) {
            } else {
                $this->Session->setFlash(__('Invalid username or password, try again'));

public function logout() {
 * index method
 * @return void
    public function index() {
        $this->User->recursive = 0;
        $this->set('users', $this->paginate());

 * view method
 * @param string $id
 * @return void
    public function view($id = null) {
        $this->User->id = $id;
        if (!$this->User->exists()) {
            throw new NotFoundException(__('Invalid %s', __('user')));
        $this->set('user', $this->User->read(null, $id));

 * add method
 * @return void
    public function add() {
        if ($this->request->is('post')) {
            if ($this->User->save($this->request->data)) {
                    __('The %s has been saved', __('user')),
                        'plugin' => 'TwitterBootstrap',
                        'class' => 'alert-success'
                $this->redirect(array('action' => 'index'));
            } else {
                    __('The %s could not be saved. Please, try again.', __('user')),
                        'plugin' => 'TwitterBootstrap',
                        'class' => 'alert-error'

 * edit method
 * @param string $id
 * @return void
    public function edit($id = null) {
        $this->User->id = $id;
        if (!$this->User->exists()) {
            throw new NotFoundException(__('Invalid %s', __('user')));
        if ($this->request->is('post') || $this->request->is('put')) {
            if ($this->User->save($this->request->data)) {
                    __('The %s has been saved', __('user')),
                        'plugin' => 'TwitterBootstrap',
                        'class' => 'alert-success'
                $this->redirect(array('action' => 'index'));
            } else {
                    __('The %s could not be saved. Please, try again.', __('user')),
                        'plugin' => 'TwitterBootstrap',
                        'class' => 'alert-error'
        } else {
            $this->request->data = $this->User->read(null, $id);

 * delete method
 * @param string $id
 * @return void
    public function delete($id = null) {
        if (!$this->request->is('post')) {
            throw new MethodNotAllowedException();
        $this->User->id = $id;
        if (!$this->User->exists()) {
            throw new NotFoundException(__('Invalid %s', __('user')));
        if ($this->User->delete()) {
                __('The %s deleted', __('user')),
                    'plugin' => 'TwitterBootstrap',
                    'class' => 'alert-success'
            $this->redirect(array('action' => 'index'));
            __('The %s was not deleted', __('user')),
                'plugin' => 'TwitterBootstrap',
                'class' => 'alert-error'
        $this->redirect(array('action' => 'index'));

Table Structure:

id          int(10)
username    varchar(50)
password    varchar(50)
email           varchar(60) 
email_verified  varchar(70
email_token_expires     date
slug            varchar(40)
created     datetime
modified    datetime

This solution need email verification but I would like to disable email verification. How? Basically, what all changes I need to make to above code to have a simple auth system with following features:

  • No Access Control required
  • All controllers & all actions require Auth
  • Auth via username/password.
  • Login/Logout/Remember Me.

I figured what I was doing wrong. I have users plugin lying in Plugins directory & that that probably got loaded with CakePlugin::loadAll() which is the reason of this funny behavior. Deleted that plugin & now it works as expected.

Moral of story: If cake doesn't behavior the way it should, its would because of Plugins