CakePHP的验证:问题 [英] CakePhp Auth : Questions
问题描述
我已经做出CakePHP的鉴别,我想用验证的组成部分。我想,看它是否满足我的要求:
I've to make a cakePhp authentification, and I wish to use the "Auth" component. I'm trying to see if it fill my requirement:
-
我需要与他们的电子邮件或他们的客户ID来验证用户身份,(当然的加密码)。我找不到它是否可能有两个字段(或多个),其上的认证可以做到
I need to authenticate users with their email OR their customerId, (with an addition password of course). I can't find if it is possible to have two fields(or more) on which the authentication can be done
我已经将我需要验证几个部分。但我需要的粒度型动物:
I've several parts on which I need to be authenticated. But I need differents granularity:
- 对于一些事情,这是整个控制器,它不应该访问(如果可能的异常(例如,所有的用户控制,除登录/注册动作)其他我真的需要它的整个控制器(如购物车控制器)
- 有时候,我需要的,只有一些动作不可用而不被记录
- 有时候,我需要的,只有视图的一部分不显示(不显示例如登录元素)
非常感谢你的帮助。
推荐答案
简短的回答是,是的,你可以做这些事情,但在我看来,ACL的可能是矫枉过正满足您的需要(但我也倾向于避免了ACL,如果有在所有任何开口这样做)。为了你的观点:
The short answer is that yes, you can do these things, but it seems to me that the ACL might be overkill for your needs (but I also tend to avoid the ACL if there's any opening at all to do so). To your points:
-
由于伊沃建议,你需要一个自定义的
UsersController ::登录()
方法,通过多个字段进行身份验证(如果你的权威性模型并不用户
,然后使用适当的控制器)。如果验证组件的登录方法失败,则控制传递给您的自定义登录()
方法。下面是从一个项目,我一直工作在一个片段:
As Ivo suggests, you'll need a custom
UsersController::login()
method to authenticate by multiple fields (If your auth model isn'tUser
, then use the appropriate controller). If the Auth component's login method fails, it passes control to your customlogin()
method. Here's a snippet from a project I've been working on:
function login() {
# Allow login by either username (legacy) or email.
# If no authenticated user exists at this point then the Auth
# component's login() method has failed and control has been passed
# here for any further handling. Since the expected credentials
# (email and password) have failed we're going to check for
# username and password.
$user = $this->Auth->user();
if( empty( $user ) && !empty( $this->Auth->data['User']['email'] ) && !empty( $this->Auth->data['User']['password'] ) ) {
$user = $this->User->find(
'first',
array(
'recursive' => -1,
'conditions' => array(
'User.username' => $this->Auth->data['User']['email'],
'User.password' => $this->Auth->data['User']['password'],
)
)
);
if( empty( $user ) || !$this->Auth->login( $user ) ) {
# Set the configured flash message b/c login failed after both checks.
$this->Session->setFlash( $this->Auth->loginError, null, array(), 'auth' );
}
}
$this->redirect( $this->Auth->redirect(), null, true );
}
有关行动访问,只需要使用 $这个 - > Auth->允许()
和 $这个 - > Auth->否认()
在每个相关负责人的 beforeFilter()
回调方法。例如,在 UsersController
,您可能需要做这样的事情:
For action access, just use the $this->Auth->allow()
and $this->Auth->deny()
methods in each relevant controller's beforeFilter()
callback. For example, in the UsersController
, you may want to do something like this:
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->deny('*');
$this->Auth->allow( 'login', 'logout' );
}
在景色,那里确定用户是否通过测试 Auth.User
值验证,以确定哪些显示来自匿名/认证/隐藏:
In views, just determine whether the user is authenticated by testing the Auth.User
value to determine what to display/hide from anonymous/authenticated:
if( $this->Session->check( 'Auth.User' ) ) { ... }
如果密码更改,可以透明地通过调用重新验证用户 $这个 - > Auth->登录($ USER_DATA)
。我这样做,例如,当用户寄存器。我不想让他/她不得不然后去登录,所以我就自动登录。
If the password changes, you can re-authenticate the user transparently by calling $this->Auth->login( $user_data )
. I do this, for example, when a user registers. I don't want him/her to have to then go login, so I just login automatically.
这篇关于CakePHP的验证:问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!