i’m very new to this cakephp & i got an assignment to fix an issue,we are running a online stores on brandx & brandstores platforms of cakephp.
I have a CakePHP model – User. I store some data on those systems and other data locally, if the user exists in the table then it is allowing to login into the store but if the user does not exist in the table then it has to create that user & the user should be logged into the store instead of creating the user it is displaying the
user with this id is not present in our system please contact admin, I’m trying to create a new user, by passing the username & password in url as mentioned below:
"http://mystorename.domainname.com/pages/index/username:" + username + "/password:" + password);
if i insert a newuser into a table it is sucessfully loggin in but not able to create new user.
I can’t find a way to make this happen. how can i fix this issue can someone tell me how to do this? sorry for my bad english. Thanks in advance..
Here is the code please help in fixing this
if(!empty($user_data)) {
if($user_data[$this->userModel]['active']==2)
{
$this->Session->setFlash('accout disabled');
return false;
}
$user_data_logged = $model->find('first',array('conditions'=>$login_filter));
if(!empty($user_data_logged))
{
$model->save(array( 'id'=>$user_data[$this->userModel]['id'], $this->fields['recent_login']=>date('Y-m-d H:i:s'),
$this->fields['login_attempts']=>0 ) );
$this->Session->write('Auth.'.$this->userModel,$user_data[$this->userModel]);
$status = $this->shout("LOGIN_SUCCESS",$points);
$this->authRedirect();
return true;
}
else
{
$login_attempts_made = $user_data[$this->userModel][$this->fields['login_attempts']];
$model->save(array( 'id'=>$user_data[$this->userModel]['id'],
$this->fields['login_attempts']=>$login_attempts_made+1 ) );
if($user_data[$this->userModel][$this->fields['login_attempts']]>=$this->max_login_attempts)
{
$model->save(array( 'id'=>$user_data[$this->userModel]['id'], 'active'=>2 ) ); $this->Session->setFlash($this->max_login_attempts.'
login attempts over... accout disabled');
return false;
}
}
} else {
$employee_id = $data[$this->fields['username']];
$user_data = $model->create('first',array('conditions'=>array($this->fields['username']=>$data[$this->fields['username']],$this->fields['password']=>$data[$this->fields['password']])));
$model->save(array($this->fields['username']=>$data[$this->fields['username']],$this->fields['password']=>$data[$this->fields['password']]));
//$this->Session->setFlash("$employee_id User with this employee id is not available in our system. for more details & registration
contact admin@domain.com");
//$status =$this->shout("LOGIN_FAIL",$employee_id);
//return false;
}
Doing this:
"http://mystorename.domainname.com/pages/index/username:" + username + "/password:" + password);is EXTREMELY unsafe. You shouldn’t be passing people’s passwords unprotected in a URL like that.Someone else could just visit their browser history (or even use javascript to) and see their password.
You want to remember the user’s cart, and then direct the user to the registration page.
Once the user has finished registering, save their cart to them.
Then they can return to checking out any time they want with their previous items.