CakePHP的验证两个表（型号） [英] CakePHP Auth with two tables (models)

问题描述

我在我的数据库中的两个表，一个用于管理员（名为管理员），另一种为普通用户，命名为：utilisateurs（法语）。我知道我必须使用CakePHP的公约，说我必须创建一个名为users表，其中有字段的用户名和密码。但问题是，我有两个表，而不是唯一的一个。每个人都有其特定的领域，所以我真的需要他们留下来分隔。甚至需要登录信息取决于用户是不同的：

I have two tables in my database, one for admins (named Admins) and the other one for normal users, named : utilisateurs (in french). I know i have to use cakePHP's convention which says i must create a table named users, which has the fields username and password. But the problem is that i have two tables and not only one. Each one has its particular fields, so i really need them to stay separated. And even informations required to login are different depending on the user :

• 管理员需要他们的登录密码+

• admins need their login + password

普通用户需要一个特定ID（以身份证）+密码

normal users need a specific id (in their id cards) + password

我想要做什么，是创建两个登录页面，一个用于管理员和其他为普通用户。登录后，用户被重定向到他应该看到的网页。不过不失，如果用户试图尝试禁位置。我希望能够阻止他（beforeFilter + isAuthorized我认为）

What i want to do, is create two login pages, one for admins and the other for normal user. After logging in, the user is redirected to the page he is supposed to see. But yet, if the user tries attempt a forbidden location. I want be able to stop him (beforeFilter + isAuthorized i think)

我怎样才能让所有的工作？

How can i make all this work ?

我不是在CakePHP的初学者，我已经取得了使用验证组件anotehr应用程序的认证系统，但由于只需要一个表的用户，这是一个更容易一些。

I'm not beginner in cakephp, i've already made an authentication system in anotehr app using Auth Component, but it was a little easier because needed only one table for users.

您的帮助将是非常美联社preciated。

Your help would be much appreciated.

推荐答案

假设如下：

• 您有相关的模型2个表用户和管理​​，其中：
  
  
  
  • 用户的 idcard 和密码字段。
  
  
  • 管理​​的登录和 passowrd 字段。
  
  
  • You have 2 tables associated with model User and Admin, where:
    • User has idcard and password fields.
    • Admin has login and passowrd field.

    您登录形式如下创建：

    回声$这个 - >形式 - >创建（NULL，''）;
    回声$这个 - >形式 - >输入（'密码'）;
    回声$这个 - >形式 - >输入（'密码'）;
    回声$这个 - >形式 - >结束（__（'提交'））;

    echo $this->Form->create(null, '') ; echo $this->Form->input('login') ; echo $this->Form->input('password') ; echo $this->Form->end(__('Submit')) ;

    您可以在应用/控制器/组件/认证/ MyAuthenticate.php 创建一个新的身份验证组件：

    You can create a new Authenticate component under App/Controller/Component/Auth/MyAuthenticate.php:

    <?php
    
    App::uses('FormAuthenticate', 'Controller/Component/Auth');
    
    class MyAuthenticate extends FormAuthenticate {
    
        public function authenticate(CakeRequest $request, CakeResponse $response) {
    
            $username = $request->data['login'] ;
            $password = $request->data['password'] ;
    
            App::import('Model', 'User') ;
            $userModel = new User () ;
    
            /* Try to authenticate as a user... */
            $user = $userModel->find('first', array(
                'conditions' => array(
                    'idcard' => $username,
                    'password' => User::hashPassword($password) ;
                )
            )) ;
    
            if ($user) {
                $user = $user['User'] ; // Get only useful info
                $user['type'] = 'user'; // Save user type
                return $user ;
            }
    
            /* Same thing for admin. */
    
            App::import('Model', 'Admin') ;
            $adminModel = new Admin () ;
    
            $user = $adminModel->find('first', array(
                'conditions' => array(
                    'login' => $username,
                    'password' => Admin::hashPassword($password) ;
                )
            )) ;
    
            if ($user) {
                $user = $user['Admin'] ; // Get only useful info
                $user['type'] = 'admin'; // Save user type
                return $user ;
            }
    
            return null ;
    
        }
    
    };
    

    您只需要确保，一个管理员不能被认证为用户，并扭转。

    You just need to be sure that that a admin cannot be authenticated as a user, and reverse.

    在你的 AppController的：

    public $components = array(
        'Auth' => array(
            'authenticate' => array('My'), // The prefix in front of your component
            'loginAction' => array(/* ... */),
            'loginRedirect' => array(/* ... */),
            'logoutRedirect' => array(/* ... */),
            'authError' => "...",
            'authorize' => 'Controller'
        )
    ) ;
    

    您登录操作是一样的，对于普通表：

    Your login action is the same that for normal tables:

    public function login () {
        if ($this->request->is('post')) {
            if ($this->Auth->login()) {
                $this->redirect($this->Auth->redirect());
            } 
            else {
                $this->request->data['password'] = "" ;
                $this->Session->setFlash('Invalid login/id or password.');
            }
        }
    }
    

    然后，在 beforeFilter 或 isAuthorized 您可以检查 $这个 - ＆GT;验证 - ＆gt;用户（类型）; 。例如，在AppController的

    Then, in beforeFilter or isAuthorized you can check $this->Auth->user('type');. For example, in AppController:

    public function isAuthorized () {
        /* Assuming you keep CakePHP convention where action starting with admin_ set admin params. */
        if(isset($this->params['admin'])) {
            return $this->Auth->user('type') == 'admin' ;
        }
        return true ;
    }
    

    或者，如果你想禁用非管理员用户的所有操作的访问在 AdminController ，使用 beforeFilter ：

    class AdminController extends AppController {
    
        public function beforeFilter () {
            if (!$this->Auth->loggedIn()) {
                $this->Session->setFlash('You need to be logged to access this page.');
                $this->redirect(/* Login url. */) ;
                return ;
            }
            if ($this->Auth->user('type') != 'admin') {
                $this->Session->setFlash('You need to be admin to access this page.');
                $this->redirect(/* Somewhere... */) ;
                return ;
            }
            return parent::beforeFilter () ;
        }
    
    }
    

    这篇关于CakePHP的验证两个表（型号）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！