User Profile

User
 ayanray
Location
 Ottawa
Time Zone
 (GMT -5): USA Eastern, Bahamas, Canada Eastern, Colombia, Haiti, Panama
URL
 http://www.ayanray.com
Bio
 Visit my site http://www.ayanray.com/blog/about

Recent Comments

Posted 09/01/2007 11:25pm
in the app_controler.php ->>>>>>
function checkSession($vars = NULL) {
// If the session info hasn't been set...
if (!$this->Session->check('Customer'))
{
$redirect = array('link' => $_SERVER['REQUEST_URI'], 'vars' => $vars);
// Force the user to login
$this->Session->write('redirect',$redirect);
$this->redirect('/customers/login');
}
}


now add anywhere you want to check the session or pass the variables->>>
//Authenticate
$this->checkSession($_POST);


now to read the information when it comes back after login -->>>>>>
$redirect = $this->Session->read('redirect');
$this->set('redirect', $redirect);

if($redirect['vars'] != '' && $redirect['vars']['exampe_number'] != 0){
} else {
// user never sent data through the form (hack)
}
Report this
Posted 06/01/2007 12:09pm
If the user hits immediately while getting to the form(stupid but needs to be detected), the user gets a PHP error that postUser is not set. The solution is outlined below:

###############
AT THE END OF

function attemptLogin($postUser = null,$ip = null)
{
$success = false;
$cleartext = true;
...
if($cleanHost)
{
// Changed from 0.2
if(is_array($postUser) && !empty($postUser) && isset($postUser['User']) &&
isset($postUser['User']['username']) && isset($postUser['User']['password']))

Change this to:
if(!empty($postUser) && isset($postUser['User']) &&
isset($postUser['User']['username']) && isset($postUser['User']['password'])) // note the is_array was removed

At the end of this if block, you must include the } else { statement.

.. which reads:

} else {
$this->error = $this->messages['empty_login'];
} // close post validation
} // close if CleanHost
return $success;
} // close function

Also, add this to the $messages variable:
var $messages = array( ...,
'empty_login' => 'Empty Credentials' );

######################
Changes I have also made in my version of your work (0.2):

1) Group rights, is the user allowed to use this admin/user function?

2) Email as the login information

3) Redirect to login page if you need to be logged in to view a certain page. After successful login, the login page redirects back to the same page.

I will post these 'add-ons' when I update to 0.3 and fix a couple bugs.
Report this