CakePHP simple user authentication case

You have mastered some basic knowledge and can start to implement custom or advanced functions. I suggest integrating the ACL control of Cake is a good start.

Note:Before reading this article, see CakePHP to introduce the database design and User model in the regular expression-based Basic User test.

Three things to be done:

• User authentication method (typically used to verify the user's identity, such as the user name/password combination)
• Method of tracking user access (usually Session)
• Check whether the user has passed the authentication (usually interaction with the Session)

We start with how to verify users who attempt to access the system. The authenticated user information is stored in the PHP Session by the Cake session Component. After obtaining user information from the session, we can determine which operations can be performed by the user.

Logon operation

The first step is to complete the login view and action. This provides users with a login portal and an opportunity to process user information and determine whether the system can be accessed. You can use HTML helper to easily create the Form. The directory is in/app/views/users/login. thtml:

1234567891011121314151617

The login credentials you supplied cocould not be recognized. Please try again.

Corresponding to this simple view, an action (/users/login) is also required, and the directory is in/app/controllers/users_controller.php.

The login view should collect user login information and submit it to the users controller. The users controller should check whether the user is already in the database and check whether the password is correct. If the user has logged on properly, the user name is written into the session and the user is sent to the index operation.

The code is as follows:

1234567891011121314151617181920212223242526272829303132333435363738394041

Functionlogin () {// Don't show the error message if no data has been submitted. $ this-> set ('error', false); // If a user has submitted form data: if (! Empty ($ this-> data) {// First, let's see if there are any users in the database // with the username supplied by the user using the form: $ someone = $ this-> User-> findByUsername ($ this-> data ['username']); // At this point, $ someone is full of user data, or its empty. // Let's compare the form-submitted password with the one in // the database. if (! Empty ($ someone ['user'] ['password']) & $ someone ['user'] ['password'] = $ this-> data ['password']) {// Note: hopefully your password in the DB is hashed, // so your comparison might look more like: // md5 ($ this-> data ['user'] ['password']) =... // This means they were the same. we can now build some basic // session information to remember this user as 'loged '. $ this-> Session-> write ('user', $ someone ['User']); // Now that we have them stored in a session, forward them on // to a landing page for the application. $ this-> redirect ('/users/knownusers');} // Else, they supplied incorrect data: else {// Remember the $ error var in the view? Let's set that to true: $ this-> set ('error', true );}}}

Not bad: If you write concise points, the code should not exceed 20 lines. The result of this action is as follows:
① The user passes authentication and saves the information to the Session and forwards it to the home page of the system.
② If the authentication fails, return to the login page and display the error information.

Tip:

• Use the built-in $ this-> User-> findByUsername ($ your_username_variable_here) to search for users in the database
• Use $ this-> Session-> write ('user', $ your_username_variable_here) to write the user name to the Session.

Now you can access http: // 127.0.0.1/framework/cake_1.2.5/users/login normally.

Access verification

Now we can authenticate users so that the system can kill users who want to access non-public content without logging in.
One way is to add a function to the controller to check the session status.
Create/app/app_controller.php:

123456789101112131415

Session-> check ('user') {// Force the User to login $ this-> redirect ('/users/login '); exit () ;}}?>

Now you have a function that ensures that unlogged users cannot access restricted system content. you can control it at any level. The following are some examples:

①All actions must be authenticated

12345678910111213

CheckSession () ;}}?>

②Authentication is required in a separate action.

1234567891011121314

Functionknownusers () {// But you only want authenticated users to access this action. $ this-> checkSession (); $ this-> set ('knownusers', $ this-> User-> findAll (null, array ('id', 'username ', 'First _ name', 'Last _ name'), 'id DESC '));}

Note:If you have not logged on, the logon page is automatically redirected to http: // 127.0.0.1/framework/cake_1.2.5/users/login.

Logout

The logout operation should delete the user name from the session and forward the user to the login operation.

1234567891011

Functionlogout () {// Redirect users to this action if they click on a Logout button. // All we need to do here is trash the session information: $ this-> Session-> delete ('user'); // And we shoshould probably forward them somewhere, too... $ this-> redirect ('/');}

You have mastered some basic knowledge and can start to implement custom or advanced functions. I suggest integrating the ACL control of Cake is a good start.

Conclusion

In this section, the second tutorial in the CakePHP getting started series -- CakePHP simple user authentication case
Reference: CakePHP Chinese manual
Source code download: CakePHP getting started tutorials source code download -- cakephp-example-for new.rar