CakePHP AuthComponent::login always return false

0
votes

I can't login in my just new dev website base on CakePHP 2.5.

I use default identification, with AuthComponent::password, but every time, the function AuthAuthComponent::login return false, even if put right credentials in the form.

AppController.php

public $components = array(
    "DebugKit.Toolbar",
    "Session",
    "Auth" => array(
        "loginAction" => array(
            "controller" => "users",
            "action" => "login"
        ),
        "authError" => "Accès refusé"
    )
);

UsersController.php

public function manager_login() {
    $this->layout = "manager_login";

    // The user tries to connect
    if($this->request->is("post")) {
        if($this->Auth->login()) {
            return $this->redirect("/manager/");
        }
    }
}

User.php (Model) the beforeSave() function

public function beforeSave($options = array()) {
    $this->data["User"]["password"] = AuthComponent::password($this->data["User"]["password"]);
}

manager_login.ctp (the view with the form)

<?php echo $this->form->create("User", array("inputDefaults" => array("div" => false, "label" => false))); ?>
    <div class="login-box-header bg-dark-blue">
        <h3 class="login-box-title">Administration</h3>
    </div>
    <div class="login-box-content bg-light-white">
        <?php echo $this->form->input("User.username"); ?>
        <?php echo $this->form->input("User.password"); ?>
        <?php echo $this->form->checkbox("User.remember"); ?>
        <?php echo $this->form->label("User.remember", "Se souvenir de moi"); ?>
    </div>
    <div class="login-box-footer" style="background-color: #fff">
        <button type="submit" class="tiny expand">Se connecter</button>
    </div>
<?php echo $this->form->end(); ?>

In fact, I think there is a problem with the SQL query because I don't see the WHERE condition in the following query :

SELECT `User`.`id`, `User`.`username`, `User`.`password`, `User`.`email`,  
       `User`.`avatar`, `User`.`skype`, `User`.`twitter`, `User`.`created`, 
       `User`.`updated` 
FROM `leboncube`.`lbc_users` AS `User` 
WHERE `User`.`username` = 'Mike Hell' 
LIMIT 1

I hash the passwords on the users registration in the function beforeSave ; I compared the hash generated in the controller with $this->Auth->password and the hash in the database : they are strictly the same.

1
phpcakephpauthenticationcomponents
And the question is ... ?bancer
Is the above code all you have in your controllers or ther are other methods you override? Maybe you wrote your own isAuthorized method?arilia
The question is WHY AuthComponent::login always return false ?Mathieu Bour
No, there is no other method which are overridden.Mathieu Bour
Probably because you are already logged in. Don't ever call login() for an already logged in user. And your beforeSave() function is flawed. This way your passwords get flushed with empty strings hashed on each save.. Bad idea. See working-with-passwords-in-cakephp. Also note that $this->form != $this->Form (the latter is what you should use). Mind your casing for developing.mark

1 Answers

0
votes

I found the problem !
It was because I forgot to add the function isAuthorized() to my controller.

Thanks for your answers !