I'm in the process of creating a XML-RPC that interacts with Vbulletin from Cakephp. I currently have the functionality to hit the end point, log a user in, and retrieve the data set, as well as the cookies, etc.
Now, the calls come from Cakephp, I have a users table, which I only store, the usersname from vbulletin, the vbulletin users ID, and their avatar. I'd like to implement some type of auth. I'm not entirely sure if this is possible or not. The only reason I have a users table is to store a minimal set of information. When the user logs in on the Cakephp side, it's actually sending a xml-rpc client call to the vbulletin api, and logging the user in using the api.
So, with all of this known, is it possible to restrict access to various views, etc within cake? I'd like to use some of the basic auth components, such as:
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('add');
}
I'm guessing, if this is not possible, I'll have to manually write the session cookies received from Vbulletin in Cake, but how would I restrict access to the various views and methods within the controllers in doing so?
Update: I ended up using the below to accomplish this.
Since I am storing the vbulletin users id in the users table, I was able to:
$user = $this->User->findByVbulletinid($userid);
$user = $user['User'];
$this->Auth->login($user);
Link to Cakephp manual login not initiating session
Update1: We'll, I thought this was working, until I removed the Debug Kit. Now, after I login, I'm automatically logged out, Really odd.
If I want to call $this->Auth->login($loginData), shouldn't I be able to supply $loginData, which in my case, would look like this:
Array
(
[User] => Array
(
[username] => testuser
[password] => hashedpasswordhere
)
)
Basically, the login method in the Users controller, I cannot simply call $this->Auth->login() because I need to first, take the credentials from the form, and log the user in via the API for vbulletin.
Any thoughts here?