CakePHP + admin routes + .htaccess + production mode
https://stackoverflow.com/questions/1607422
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
The following site shows a (kinda hack-ish) way to protect an admin route with .htaccess:
http://snook.ca/archives/servers/password_protect_admin/
If I understand it correctly, it only works because CakePHP runs a check for the 'real' file presence before it processes its own URL logic. So, when you request yoursite.com/admin, it checks for the default document in the (real, since we've created it) /admin dir, and this check triggers the authentication.
My issue is: the 'hack' works OK if I set my debug level to '1' or higher. If I set it to Production Mode ('0'), I just get a cake-interpreted HTTP 401 (Access Denied) error.
So, my question is: is there any way to make this 'hack' work with the debug level set to zero?
Solution
Check out the SecurityComponent which lets you set up basic HTTP Authentication with a few lines of code in your beforeFilter. Should be a lot more robust than this hack.
I do agree though that the AuthComponent is terrifically easy to set up. You just copy and paste the snippets for the UserController and login form, run the table creation script, try to log in, take the encoded password from the SQL log, put it in the database and add Auth to the component list in your controller. Takes less than 3 minutes and makes a better impression to the client (in case anybody cares ;)).
