7

I'm trying to get a simple login form to work using CakePHP 2.0... just Auth, no ACLs for now.

I'm able to see the form and enter the email and password as they are in the database, but I just get returned to the form and the flash error message is displayed. Here is my code:

AppController:

 class AppController extends Controller
 {
     function beforeFilter()
     {
         $this->Auth->userModel = 'Users';
         $this->Auth->fields = array('username' => 'email', 'password' => 'password'); //have to put both, even if we're just changing one
         $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
         $this->Auth->loginRedirect = array('controller' => 'hotels', 'action' => 'dashboard');
         $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
     }
 }

login.ctp:

<?php
         echo $this->Form->create('User', array('action' => 'login'));
         echo $this->Form->input('email');
         echo $this->Form->input('password');
         echo $this->Form->end('Login');
     ?>

UsersController: 

 class UsersController extends AppController
 {
     var $name = 'Users';
     var $helpers = array('Html','Form');
     var $components = array('Auth','Session');

     function beforeFilter()
     {
         $this->Auth->allow("logout");
         parent::beforeFilter();
     }

     function index() { } //Redirects to login()

     function login()
     {
         if ($this->Auth->login())
         {
             $this->redirect($this->Auth->redirect());
         } else
         {
             $this->Session->setFlash(__('Invalid username or password, try again'));
         }
     }

     function logout()
     {
         $this->redirect($this->Auth->logout());
     }
 }
 ?>

I appreciate any help with this. Thanks!

Sandy
  • 2,572
  • 7
  • 40
  • 61
  • Did you ever get a simple Auth login to work? I'd like to see a working CakePHP 2.x simple system working. Your code snippets are much more concise than the Cakebook documentation. – drug_user841417 Jan 13 '13 at 01:21

7 Answers7

9

The "Invalid username or password, try again" error is displayed after you hit login?

There are a few things you should check:

• Is the output of $this->Auth->login() identical to the information in your database? Put debug($this->Auth->login()) to see the output in your login method after the form is submitted.

• Are the passwords correctly hashed in the database?

• Try making the AuthComponent available to all your controllers not just the UsersController.

• Not sure if this makes a difference, but call parent::beforeFilter(); before anything else in your controller's beforeFilter method.

EDIT:

Is see that you're trying to validate based on email and password. As a default AuthComponent expects a username and password. You have to explicitly state that you want the email and password to be validated by $this->Auth->login(). This comes from the 2.0 documentation:

public $components = array(
    'Auth'=> array(
        'authenticate' => array(
            'Form' => array(
                'fields' => array('username' => 'email')
            )
        )
    )
);

The fact that you're not seeing any SQL output is to be expected, I believe.

mensch
  • 4,411
  • 3
  • 28
  • 49
  • 1
    As an addition to this, temporary allow everything $this->Auth->allow("*"); and create a new user. A fast way is to turn on scaffold for a moment by setting 'var $scaffold;' then you go to the /users/add and create a new user there. See if you can log in with the user you created. Assuming the login credentials are the problem – Kevin Vandenborne Nov 06 '11 at 15:58
  • 1
    I allowed all pages, and using the built-in scaffolding I added a user, which is visible in the DB (password is not hashed). I added "debug($this->Auth->login())" at the beginning of the login method, and I get a yellow strip with nothing but "app\Controller\UsersController.php (line 45)" when I submit the login form. I added the Auth component to the AppController so all controllers would use it, and changed the order of parent::beforeFilter(); but still no luck. Ideas? As a note, I see no queries as normally shown in the default layout, is this normal for Auth? Thanks again. – Sandy Nov 06 '11 at 16:16
  • I've updated my answer based on the code of your login.ctp. Cake, by default, expects a username and password, not email and password. – mensch Nov 07 '11 at 10:39
  • This worked by adding your edit to the AppController, and removing my own "$this->Auth->fields = array('username' => 'email', 'password' => 'password');" from the beforeFilter() method of the AppController. Awesome, thanks! – Sandy Nov 08 '11 at 01:33
6

Also you must check if your field "password" in database is set to VARCHAR 50.

It happens to me that I was truncating the hashed password in DB and Auth never happened.

Dropial
  • 163
  • 1
  • 6
  • Gosh!! Thanks for pointing me in this direction. I used Blowfish password hasher and had VARCHAR 50 in DB (which is insufficient for Blowfish hash), so, the hash was being truncated while saving. I hope this comment helps someone in future. @Dropial: Please edit your answer to include that for Blowfish hasher, the size of column should usually be 61 (because VARCHAR only uses as much space as really required, setting field length to 100 chars would be a safe choice). – Fr0zenFyr Jul 09 '15 at 12:47
2

if you are not using defalut "username", "password" to auth, you cant get login e.g., you use "email"

you should edit component declaration in your controller containing your login function:

$component = array('Auth' => array(
  'authenticate' => array(
    'Form' => array(
      'fields' => array('username' => 'email', 'password' => 'mot_de_passe')
    )
  )
));
Quan
  • 27
  • 1
1

Becareful with cakephp's conventions. You should change this "$this->Auth->userModel = 'Users';" to "$this->Auth->userModel = 'User';" because User without plural is the Model's convention in cake. That worked for me and also becareful with the capital letters. it almost drived me crazy. Good luck.

reyo
  • 11
  • 1
0
public $components = array(
    'Session',
    'Auth' => array(
        'loginRedirect' => array(
            'controller' => 'Events',
            'action' => 'index'
        ),
        'logoutRedirect' => array(
            'controller' => 'Users',
            'action' => 'login',
            'home'
        ),
        'authenticate' => array(
        'Form' => array(
            'fields' => array('username' => 'username','password' => 'password')
        )
    )
    )
);
Mohamed ALOUANE
  • 5,349
  • 6
  • 29
  • 60
0

Editing the component declaration in AppController did the trick for me. If you have the fields named other than "username" and "password" you should always specify them. In your case it would be

public $components = array(
    'Auth' => array(
        'authenticate' => array(
            'Form' => array(
                'passwordHasher' => 'Blowfish',
                'fields' => array('username' => 'email','password' => 'password')
            )
        )
    )
);
JohnyWind
  • 55
  • 6
-2

There is a bug in the cakephp tutorial. $this->Auth->login() should be changed to $this->Auth->login($this->request->data)

ajay Sharavat
  • 46
  • 4
  • He deserves to be downvoted for lack of reading. See https://github.com/cakephp/docs/issues/2157#issuecomment-67941835 why this answer is totally wrong and needs to be removed here. – mark Dec 23 '14 at 11:19
  • Bad answer. This will lead to a security flaw, because Cake will actually auth the user if this info is passed as an argument. – timstermatic Aug 05 '15 at 18:09