Have a 3rd field in cakePHP login

StackOverflow https://stackoverflow.com/questions/22088632

Domanda

I have created many Authentication apps with CakePHP fairly easily. However, it's always the same: Username and Password.

I want to create a login for a user to select a company as well, and if authentication to that company fails, it returns back to the login page without having him logged on.

Reason for this is, we work in a 'Parent' company that has many children. All the administration for these children companies comes through the parent company. But now, since not all employees in the Parent company has access to all children companies, we need to check if, when they log into a certain company, they have access to that specific company. The trick is that it's a one to many relationship. One user, can have access to one company or 2 or 3 or all of them.

I have the basics of authentication down, thanks to the guide on the cakePHP site, but what would I need to change from here, to do the extra Authentication check?

È stato utile?

Soluzione

You have to create your own Authenticate component

you have to implement a function that checks if your user can log in and return an array of his data if so or false otherwise.

something like

\Controller\Component\Auth\CompanyAuthenticate.php

App::uses('FormAuthenticate', 'Controller/Component/Auth');

class CompanyAuthenticate extends FormAuthenticate
{
    public function authenticate(CakeRequest $request, CakeResponse $response)
    {
        $user = parent::authenticate($request, $response);
        if(!$user) 
            return false;
        else
        {
             //check company
             // if company is ok return $user
             // else return false
        }
    }

}

Edit:

Of course you have to tell your application you are using this kind of authentication

So in your AppController you have to do:

public $components = array(
    'Auth' => array(
        'authenticate' => array('Company'),
         // ... other options
        ),
    // ... other components you wish to load
);

Altri suggerimenti

A note of caution using this method:

I inherited a CMS that did something like this. It was set up with a company name, company password, username, and user password. The one instance of the CMS would then administer many websites, choosing which one based on the credentials entered.

This turned out to be the most confusing mess for the users. They would constantly call up trying to figure out their company username and company password. This might have been OK back in the days of arbitrary usernames, but these days when most people use the email address as the username it's not required.

I can't see a valid reason for doing this at all, based on my experience. If companies like google, paypal, facebook etc can figure it out with just a username and password, then I'm sure you'll be able to sort it out.

Just my $0.02, and as it looks like you're just starting the development for the system I hope you investigate other possibilities :-)

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top