I have a strange issue going on as I try to learn and program website using CakePHP 2.0. I have worked in the past with version 1.3 but never seen this problem before. I am running the Simple Authentication and Authorization Application tutorial from the Cookbook (p.638) and I have checked and doubled checked to make sure it is the same.
The issue I am having is that when I call /users/login and fill out the form with bogus info or simply leave it empty. Auth logs it in and if I do if($this->Auth->user()) I will receive true.
I have given up trying to understand why that is happening. It is strange….
/users/login
public function login(){
if($this->request->is('post')){
if($this->Auth->login($this->request->data)){
$this->redirect($this->Auth->redirect());
}else{
$this->Session->setFlash('Wrong login credentials!', 'default', array('class' => 'notification error closeable'));
}
}
}
// Appcontroller.php —- Auth configuration
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
),
'logoutRedirect' => array('controller' => 'pages', 'action' => 'home'),
'authorize' => array('Controller')
)
);
public function isAuthorized($user){
if(isset($user['role']) && $user['role'] === 'admin'){
return true;
}
return false;
}
Ok.Seems like i know what the problem is. Try doing:
instead of passing it CakeRequest object.
The reason is:
In 2.0
$this->Auth->login($this->request->data)will log the user in with whatever data is posted, whereas in 1.3$this->Auth->login($this->data)would try to identify the user first and only log in when successful. Maybe thats why you are able to log in without any data.