CakePHP Authentication (login / logout) not working

0
votes

I was trying to implement basic Sign In / Sign Out functionality following the documentation : http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html

But Auth->login() function always returning false instead of providing right username password & I am getting "Invalid username or password, try again" error message. Here is my code:

User.php

App::uses('AppModel', 'Model');
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');

class User extends AppModel    {
    public $validate = array(
        'username' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'A username is required'
            )                
        ),
        'password' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'A password is required'
            )                
        ),            
        'confirmpassword' => array(
            'compare' => array(
                'rule' => array('match_password'),
                'message'   => 'The confirm password you entered do not match with password.',
            )
        ),
        'first_name' => array(
            'rule' => 'notEmpty'
        ),
        'last_name' => array(
            'rule' => 'notEmpty'
        ),
        'email' => array(
            'rule' => 'notEmpty'
        ),
        'role' => array(
            'valid' => array(
                'rule' => array('inList', array('admin', 'user')),
                'message' => 'Please enter a valid role',
                'allowEmpty' => false
            )
        )
    );

   public function match_password(){
        return $this->data[$this->alias]['password'] === $this->data[$this->alias]['confirmpassword'];
    }

    public function beforeSave($options = array()) {
        if (isset($this->data[$this->alias]['password'])) {
            $passwordHasher = new BlowfishPasswordHasher();
            $this->data[$this->alias]['password'] = $passwordHasher->hash(
                $this->data[$this->alias]['password']
            );
        }
        return true;
    }
}

UsersController.php

App::uses('AppController', 'Controller');

class UsersController extends AppController {
    public $components = array('Session', 'Auth');

    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('signup', 'logout');
        //$this->Auth->allow('signup');     
    }

    public function index() {
        $this->set('users', $this->User->find('all'));
    }

    public function view($id = null) {
        $this->User->id = $id;
        if (!$this->User->exists()) {
            throw new NotFoundException(__('Invalid user'));
        }
        $this->set('user', $this->User->read(null, $id));
    }

    public function signup() {
        if($this->request->is('post')){
            $this->User->create();
            if($this->User->save($this->request->data)){
                $this->Session->setFlash(__('User added', 'default', array('class' => 'notice success')));
                return $this->redirect(array('action' => 'index'));
            }
        }
    }

    public function edit($id = null) {
        $this->User->id = $id;
        if (!$this->User->exists()) {
        throw new NotFoundException(__('Invalid user'));
        }
        if ($this->request->is('post') || $this->request->is('put')) {
        if ($this->User->save($this->request->data)) {
            $this->Session->setFlash(__('The user has been saved'));
            return $this->redirect(array('action' => 'index'));
        }
        $this->Session->setFlash(
            __('The user could not be saved. Please, try again.')
        );
        } else {
        $this->request->data = $this->User->read(null, $id);
        unset($this->request->data['User']['password']);
        }
    }

    public function delete($id = null) {
        $this->request->onlyAllow('post');

        $this->User->id = $id;
        if (!$this->User->exists()) {
        throw new NotFoundException(__('Invalid user'));
        }
        if ($this->User->delete()) {
        $this->Session->setFlash(__('User deleted'));
        return $this->redirect(array('action' => 'index'));
        }
        $this->Session->setFlash(__('User was not deleted'));
        return $this->redirect(array('action' => 'index'));
    }

    public function login() {
        if ($this->request->is('post')) {
            //debug($this->Auth->login()); die();
            if ($this->Auth->login()) { 
                return $this->redirect($this->Auth->redirect());
            }   
            $this->Session->setFlash(__('Invalid username or password, try again'));
        }
    }

    public function logout() {
        return $this->redirect($this->Auth->logout());
    }



}

AppController.php

App::uses('Controller', 'Controller');

class AppController extends Controller {

    public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array(
                'controller' => 'posts',
                'action' => 'index'
            ),
            'logoutRedirect' => array(
                'controller' => 'posts',
                'action' => 'indexs',                
            ),
            'authenticate' => array(
                'Form' => array(
                    'passwordHasher' => 'Blowfish'
                )
            )
        )
    );

    public function beforeFilter() {
        $this->Auth->allow('index', 'view');
    }
}

login.ctp:

<div>
    <?php
    echo $this->Session->flash('auth');
    echo $this->Session->flash();
    ?>
    <br />
    <h1>User Registration : - </h1>

    <legend>
        <?php echo __('Please enter your username and password'); ?>
    </legend>
    <div id="registerform">
        <?php
            echo $this->Form->create('User');
            echo $this->Form->input('username');   
            echo $this->Form->input('password');
            echo $this->Form->end('Login'); 
        ?>
    </div>
</div>

Can anyone please help me identifying the issue? I am really stuck with this for whole day & can't find a solution.

Any help is much appreciated.

Thanks, Susmita

1
phpcakephp
Can you post the login action from the controller as well. Also where do you allow the user to access the login action; - gmponos
User can access login action in Sign In page (URL : users/login). Following is the code for my login action: <?php public function login() { if ($this->request->is('post')) { //debug($this->Auth->login()); die(); if ($this->Auth->login()) { return $this->redirect($this->Auth->redirect()); } $this->Session->setFlash(__('Invalid username or password, try again')); } } ?> - user25562
Can you add this to your AppController array('Form' => array('fields' => array('username' => 'username','password' => 'password'))); - gmponos
Yes, I tried adding the same. Still it's not working. - user25562
Are you hashing the password? - Colonel Mustard

1 Answers

0
votes

There have two reasons for this types of problem.

First one, If you change your security salt and Security cipherSeed after add user.

second one, if you make a user without hashing.

Solution : At first use allow method.

$this->Auth->allow('add');

Then go your browser and write on your URL 

localhost/yourprojectName/ControllerName/add

Then make a new user.Then try to login again.It should work now.