CakePHP and User login function

StackOverflow https://stackoverflow.com/questions/18253831

  •  24-06-2022
  •  | 
  •  

Question

Here is a simple CakePHP login function (example taken from the CakePHP cookbook):

public function login() {
    if ($this->request->is('post')) {
        if ($this->Auth->login()) {
            return $this->redirect($this->Auth->redirectUrl());
        } else {
            $message = 'Username or password is incorrect';
            $this->Session->setFlash(__($message), 'default', array(), 'auth');
        }
    }
}

During testing of this login function I found out that:

if ($this->Auth->login()) {
    // ...
}

It lets a user to login even if authorization was done earlier. For example, if I logged in as User1 and without a call to logout function I'm trying to log in as User2 - I will get the next error:

Notice (8): Undefined index: User [APP/Controller/UsersController.php, line 83]

In this case I can hide a login form from the user. Is it a correct way?

Update: what can you say about the next code snippet:

public function login() {
    if ($this->request->is('post')) {
        if ($this->Auth->loggedIn()) {
            $this->Auth->logout();
        }
        if ($this->Auth->login()) {
            return $this->redirect($this->Auth->redirectUrl());
        } else {
            $message = 'Invalid login or password';
            $this->Session->setFlash(__($message), 'default', array(), 'auth');
        }
    }
}
Was it helpful?

Solution

The tutorial Simple Acl controlled Application - part 2 in the cookbook suggests that you read out the data with SessionComponent.

You can also use the AuthComponent to check whether a user is already logged in or not. Use $this->Auth->user() in your controller. You can also pass a key to the first parameter to get a specific column of your users table or skip it to get all of the user's information. It returns Null if the user is not logged in or the key does not exist.

Your login method could look like the following one (additions marked with a plus + and SessionComponent is used):

public function login() {
+   if ($this->Session->read('Auth.User')) {
+       $this->Session->setFlash('You are logged in!');
+       return $this->redirect($this->Auth->redirectUrl());
+   }
    if ($this->request->is('post')) {
        if ($this->Auth->login()) {
            return $this->redirect($this->Auth->redirectUrl());
        } else {
            $message = 'Username or password is incorrect';
            $this->Session->setFlash(__($message), 'default', array(), 'auth');
        }
    }
}

OTHER TIPS

Well this might be a simple fix- in your login controller function you can check to see if a session variable IsUserLoggedIn is set. Set it if it's not then continue the authentication process, else, redirect to some message page.

public function login() {
    if ($this->request->is('post')) {

        //check to see if user is logged in.
        if(isset($this->Session->read('IsUserLoggedIn'))) {
        ##perform redirection to "Already Logged In" message
        }

        if ($this->Auth->login()) {
            //write the IsLoggedIn variable to the session.
            $this->Session->write('IsUserLoggedIn', true);

            return $this->redirect($this->Auth->redirectUrl());
        } else {
            $this->Session->setFlash(__('Username or password is incorrect'), 'default',  array(), 'auth');
        }
    }
}

And on logout, delete this session variable:

  $this->Session->delete('IsUserLoggedIn');

EDIT: Moved the session write to inside the auth block.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top