Home/ Questions/Q 6533605
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T10:08:54+00:00

I am building a site that requires a simple authentication system to sit on

  • 0

I am building a site that requires a simple authentication system to sit on top of my site so that only people with the password can access it. This is different to users and the authentication component as it’s just to prevent access unless you’re supposed to.

The reason is I have a preview site for a client and I only want them to be able to access it but can’t use the in-built authentication as they need to see both logged in and logged out states hence using a custom simple authentication (note this doesn’t need to be secure).

I have a working system in place and to prevent access I do a check in the AppController so that all requests first check if my session exists:

public function beforeRender()
{
    if ($this->Session->check('client') != true)
    {
        $this->layout = 'client_login'; 
        $this->render = 'pages/client_login';
    }
}

The layout bit works fine so it understands the session, but it doesn’t show my client login view which has a simple login form on it so it’s not doing the render properly. Any ideas why not? And any better ideas to show the layout and view for all actions across the site if that session does not exist.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    ‘render’ is a function, not a property. So your code should probably be:

    $this->render('pages/client_login');

    edit: by the way, this code can’t be placed in the beforeRender() callback, because this would lead to an infinite loop (render() raises beforeRender()).

    beforeFilter() would certainly be a better place.

    function beforeFilter()
{
    if ($this->Session->check('client') != true)
    {
        $this->autoRender = false;
        $this->layout = 'client_login';
        $this->render('/pages/client_login');
    }
}

    EDIT

    Like explained in my comments, the explicit call to render() in the PagesController->display() method prevents what you want to do to work when you are on an URL that uses the PagesController.

    Rethinking a bit about your needs, I see two solutions.

    If you need a simple way to fully protect your website temporarely, without modifying your application code, you could use Apache to protect the access through the .htaccess. A basic authentication or maybe a filter on IP or domain could maybe do the trick in your case. See http://httpd.apache.org/docs/2.0/howto/auth.html

    If you want to use Cake because you already have your custom authentication system working that fill the Session, you could use the Auth component just to grant or deny access. In your AppController, you could have something like:

    function beforeFilter()
{
    $this->Auth->loginAction = '/pages/client_login';

    if($this->Session->check('client'))
    {
        $this->Auth->allow('*');
    }
}
    • 0