Auth component not responding

2
votes

In my case Auth component not responding properly. when i am login with wrong mail address it shows error but when i am login with right email address but wrong password it does not show error and redirect to authentic inner page.

AppController.php

public $components = array(
    'Session',
    'Auth' => array(
        'authenticate' => array(
            'Form' => array(
                'fields' => array(
                    'username' => 'email'
                    )
                ),
                'loginRedirect' => array(
                    'controller' => 'users',
                    'action' => 'index',
                )
            ),
    );

UsersController.php

public function login() {
        $this->layout = 'login';
        if ($this->request->is('post')) {
            if ($this->Auth->login($this->data)) {
                if (!empty($this->request->data)) {
                    $access_controll = $this->{$this->modelClass}->find('first', array('conditions'=>array('email'=>$this->request->data['User']['email'])));
                    if (!empty($access_controll)) {
                    $role_id = $access_controll['User']['role_id'];
                    if( ($role_id == 1) OR ($role_id == 2) ) {
                        return $this->redirect(array('controller' => 'dashboards'));
                    } else {
                        die('You are not authenticate person.');
                        //$this->Session->setFlash(__('You are not authenticate person.'), 'message', array('class' => 'danger'), 'auth');
                    }
                } else {
                    die ('Something is wrong email id or password.');
                    //$this->Session->setFlash(__('You are not a register user still.'), 'message', array('class' => 'danger'), 'auth');
                }
                }
            } else {
                $this->Session->setFlash(__('invalidLoginDetails'), 'message', array('class' => 'danger'), 'auth');
            }
        }

login.ctp

<?php echo $this->Form->create('User',array('novalidate'=>'true','inputDefaults' => array('div' => false))); ?>
<?php echo $this->Form->input('email', array('type'=>'email', 'class'=>'form-control', 'placeholder'=>'Email', 'label'=>false)); ?>
<?php echo $this->Form->input('password', array('type'=>'password', 'class'=>'form-control', 'placeholder'=>'Password', 'label'=>false)); ?>
<?php echo $this->Form->end(__('Login'), array('class'=>'btn btn-default btn-block btn-clean'));?>
2
phpcakephp
cakephp 2.x , use $this->Auth->login() , Use login() without arguments - JOE LEE

2 Answers

0
votes

There's a bad call to AuthComponent::login

As written the Auth::login method does not check the password:

If a $user is provided that data will be stored as the logged in user.

I.e. irrespective of what $this->data is, if it is truthy, this method call will always return true.

Note the difference to the documentation example:

public function login() {
    if ($this->request->is('post')) {
        // Important: Use login() without arguments! See warning below.
        if ($this->Auth->login()) {

This is a change in behavior from 1.x (assumed you're using 2.x) where the same code would try to identify the user from the request data.

0
votes

This makes a headache but finally resolved. It was not any other thing there when i clear cookies and cache of my browser window it works properly then i make a logout function to clear cache and it works.

logout() :

public function logout() {
    return $this->redirect($this->Auth->logout());
}

But i can't understand that problem was also occurring in private window but private window not stores cookie then why this problem was occurring in private window..

Thanks for your suggestion & support @AD7six