AuthComponent-Methoden :: Authentifizierung :: Kern Komponenten :: Das Handbuch

5.2.5 AuthComponent-Methoden

5.2.5.1 action

action (string $action = ':controller/:action')

Wenn man als Teil seiner ACL-Struktur ACOs verwendet, kann man folgendermaßen den Pfad zum ACO-Knoten erhalten, der an ein bestimmtes Controller/Action-Paar geknüpft ist:

    $acoNode = $this->Auth->action('users/delete');

$acoNode = $this->Auth->action('users/delete');

Wenn keine Werte übergeben werden, wird das aktuelle Controller/Action-Paar verwendet.

Sieh dir die Kommentare zu diesem Abschnitt an

5.2.5.2 allow

Es gibt zur Zeit keine Übersetzung für diesen Abschnitt. Bitte hilf mit und übersetze ihn. Mehr Informationen zu Übersetzungen

If you have some actions in your controller that you don't have to authenticate against (such as a user registration action), you can add methods that the AuthComponent should ignore. The following example shows how to allow an action named 'register'.

    function beforeFilter() {
        ...
        $this->Auth->allow('register');
    }

function beforeFilter() {
...
$this->Auth->allow('register');
}

If you wish to allow multiple actions to skip authentication, you supply them as parameters to the allow() method:

    function beforeFilter() {
        ...
        $this->Auth->allow('foo', 'bar', 'baz');
    }

function beforeFilter() {
...
$this->Auth->allow('foo', 'bar', 'baz');
}

Shortcut: you may also allow all the actions in a controller by using '*'.

    function beforeFilter() {
        ...
        $this->Auth->allow('*');
    }

function beforeFilter() {
...
$this->Auth->allow('*');
}

If you are using requestAction in your layout or elements you should allow those actions in order to be able to open login page properly.

The auth component assumes that your actions names follow conventions and are underscored.

Sieh dir die Kommentare zu diesem Abschnitt an

5.2.5.3 deny

Es kann sein, dass du Actions aus der Liste der erlaubten Actions (festgelegt mittels $this->Auth->allow()) entfernen möchtest. Hier ist ein Beispiel:

    function beforeFilter() {
        $this->Auth->authorize = 'controller';
        $this->Auth->allow('delete');
    }

    function isAuthorized() {
        if ($this->Auth->user('role') != 'admin') {
            $this->Auth->deny('delete');
        }

        ...
    }

function beforeFilter() {
$this->Auth->authorize = 'controller';
$this->Auth->allow('delete');
}
function isAuthorized() {
if ($this->Auth->user('role') != 'admin') {
$this->Auth->deny('delete');
}
...
}

Sieh dir die Kommentare zu diesem Abschnitt an

5.2.5.4 hashPasswords

Es gibt zur Zeit keine Übersetzung für diesen Abschnitt. Bitte hilf mit und übersetze ihn. Mehr Informationen zu Übersetzungen

hashPasswords ($data)

This method checks if the $data contains the username and password fields as specified by the variable $fields indexed by the model name as specified by $userModel. If the $data array contains both the username and password, it hashes the password field in the array and returns the data array in the same format. This function should be used prior to insert or update calls of the user when the password field is affected.

    $data['User']['username'] = 'me@me.com';
    $data['User']['password'] = 'changeme';
    $hashedPasswords = $this->Auth->hashPasswords($data);
    pr($hashedPasswords);
    /* returns:
    Array
    (
        [User] => Array
        (
            [username] => me@me.com
            [password] => 8ed3b7e8ced419a679a7df93eff22fae
        )
    )

    */

$data['User']['username'] = 'me@me.com';
$data['User']['password'] = 'changeme';
$hashedPasswords = $this->Auth->hashPasswords($data);
pr($hashedPasswords);
/* returns:
Array
(
[User] => Array
(
[username] => me@me.com
[password] => 8ed3b7e8ced419a679a7df93eff22fae
)
)
*/

The $hashedPasswords['User']['password'] field would now be hashed using the password function of the component.

If your controller uses the Auth component and posted data contains the fields as explained above, it will automatically hash the password field using this function.

Sieh dir die Kommentare zu diesem Abschnitt an

5.2.5.5 mapActions

Es gibt zur Zeit keine Übersetzung für diesen Abschnitt. Bitte hilf mit und übersetze ihn. Mehr Informationen zu Übersetzungen

If you are using Acl in CRUD mode, you may want to assign certain non-default actions to each part of CRUD.

$this->Auth->mapActions(
	array(
		'create' => array('someAction'),
		'read' => array('someAction', 'someAction2'),
		'update' => array('someAction'),
		'delete' => array('someAction')
	)
);

$this->Auth->mapActions(
array(
'create' => array('someAction'),
'read' => array('someAction', 'someAction2'),
'update' => array('someAction'),
'delete' => array('someAction')
)
);

Sieh dir die Kommentare zu diesem Abschnitt an

Es gibt zur Zeit keine Übersetzung für diesen Abschnitt. Bitte hilf mit und übersetze ihn. Mehr Informationen zu Übersetzungen

login($data = null)

If you are doing some sort of Ajax-based login, you can use this method to manually log someone into the system. If you don't pass any value for $data, it will automatically use POST data passed into the controller.

for example, in an application you may wish to assign a user a password and auto log them in after registration. In an over simplified example:

View:

echo $form->create('User',array('action'=>'register'));
echo $form->input('username');
echo $form->end('Register');

echo $form->create('User',array('action'=>'register'));
echo $form->input('username');
echo $form->end('Register');

Controller:

function register() {
    if(!empty($this->data)) {
        $this->User->create();
        $assigned_password = "password";
        $this->data['User']['password'] = $this->Auth->password($assigned_password);
        if($this->User->save($this->data)) {
            // send signup email containing password to the user
            $this->Auth->login($this->data);
            $this->redirect("home");
    }
}

function register() {
if(!empty($this->data)) {
$this->User->create();
$assigned_password = "password";
$this->data['User']['password'] = $this->Auth->password($assigned_password);
if($this->User->save($this->data)) {
// send signup email containing password to the user
$this->Auth->login($this->data);
$this->redirect("home");
}
}

One thing to note is that you must manually redirect the user after login as loginRedirect is not called.

$this->Auth->login($data) returns 1 on successful login, 0 on a failure

Sieh dir die Kommentare zu diesem Abschnitt an

5.2.5.7 logout

Mittels dieser Methode kann ein Nutzer schnell de-authentisiert und auf eine beliebige Seite weitergeleitet werden. Die Methode ist ferner nützlich, falls man einen "Ausloggen"-Link innerhalb eines geschützten Bereichs einer Anwendung bereitstellen möchte.

Beispiel:

$this->redirect($this->Auth->logout());

$this->redirect($this->Auth->logout());

Sieh dir die Kommentare zu diesem Abschnitt an

5.2.5.8 password

Es gibt zur Zeit keine Übersetzung für diesen Abschnitt. Bitte hilf mit und übersetze ihn. Mehr Informationen zu Übersetzungen

password (string $password)

Pass in a string, and you can get what the hashed password would look like. This is an essential functionality if you are creating a user registration screen where you have users enter their password a second time to confirm it.

if ($this->data['User']['password'] ==
    $this->Auth->password($this->data['User']['password2'])) {

    // Passwords match, continue processing
    ...
} else {
    $this->flash('Typed passwords did not match', 'users/register');
}

if ($this->data['User']['password'] ==
$this->Auth->password($this->data['User']['password2'])) {
// Passwords match, continue processing
...
} else {
$this->flash('Typed passwords did not match', 'users/register');
}

The auth component will automatically hash the password field if the username field is also present in the submitted data

Cake appends your password string to a salt value and then hashes it. The hashing function used depends on the one set by the core utility class Security (sha1 by default). You can use the Security::setHash function to change the hashing method. The salt value is used from your application's configuration defined in your core.php

Sieh dir die Kommentare zu diesem Abschnitt an

5.2.5.9 user

Es gibt zur Zeit keine Übersetzung für diesen Abschnitt. Bitte hilf mit und übersetze ihn. Mehr Informationen zu Übersetzungen

user(string $key = null)

This method provides information about the currently authenticated user. The information is taken from the session. For example:

if ($this->Auth->user('role') == 'admin') {
    $this->flash('You have admin access');
}

if ($this->Auth->user('role') == 'admin') {
$this->flash('You have admin access');
}

It can also be used to return the whole user session data like so:

$data['User'] = $this->Auth->user();

$data['User'] = $this->Auth->user();

If this method returns null, the user is not logged in.

In the view you can use the Session helper to retrieve the currently authenticated user's information:

$session->read('Auth.User'); // returns complete user record
$session->read('Auth.User.first_name') //returns particular field value

$session->read('Auth.User'); // returns complete user record
$session->read('Auth.User.first_name') //returns particular field value

The session key can be different depending on which model Auth is configured to use. Eg. If you use model Account instead of User, then the session key would be Auth.Account

Sieh dir die Kommentare zu diesem Abschnitt an

« Ändern der Hash-Funktion | AuthComponent-Variablen »