Authentication



How to setup authentication using cakePHP to secure your website. 

# 1 > AppController

Add the following function to the AppController.php below and then call it from the beforeFilter() { 
     $this->setupAuth();
}

function setupAuth() {
$this->Auth->allow(); //we will use prefixes to secure the pages
$this->Auth->fields = array(
'username' => 'email', 'password' => 'password'
);
$this->Auth->loginAction = array(
'user' => false,
'plugin' => false,
'controller' => 'users',
'action' => 'login'
);
$goingTo = $this->Session->read('goingTo');
if (!empty($goingTo)) {
$this->Auth->loginRedirect = $goingTo;
} else {
$this->Auth->loginRedirect = array(
'plugin' => false,
'user' => true,
'controller' => 'Pages', 'action' => 'home'
);
}
$userInfo = $this->Auth->user();
$this->set('userInfo', $userInfo); //available from the view
}

 


# 2 > AppController - Component

Add to your component the following

var $components = array(
//'System.Offline',
'Auth' => array(
'authError' => 'Sorry you cannot see this',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
),
'loginRedirect' => array(
'store' => true,
'plugin' => NULL,
'controller' => 'Pages', 'action' => 'dashboard'
)
),
'Session', 'Cookie'
);

# 3 > Activate prefixes

Open the file app/Config/core.php
-> and ensure this line exists

Configure::write('Routing.prefixes', array('admin', 'user'));

NOTE: You can add other prefixes per the requirements of your application to create different user type roles / access


# 4 > UsersController

Add the action 'login()' within the file app/Controller/UsersController.php

function login() {

if ($this->request->is('post')) {

if ($this->Auth->login()) {

$redirect = $this->Session->read('goingTo');

if (empty($redirect)) {
//let's go to our dasbboard
$this->redirect(array('store' => true, 'controller' => 'Pages','action' => 'dashboard'));

}

return $this->redirect($redirect);
exit;
// Prior to 2.3 use
// `return $this->redirect($this->Auth->redirect());`
} else {

$this->log('user / pass incorrect');
$this->Session->setFlash(
__('Username or password is incorrect'),
'default',
array(),
'auth'
);
}
} else {
// before login /register. create random number for human check



}
}

# 5 > Users login view

Add the file app/Views/login.ctp with the following

<?php if ($this->Session->check('Message.auth')) echo $this->Session->flash('auth'); ?>
<?= $this->Form->create('User'); ?>
<?php echo $this->Form->input('User.email', array('class'=>'form-control')); ?>
<?php echo $this->Form->input('User.password', array('class'=>'form-control')); ?>
<?php echo $this->Form->button(__('Login', true),array('class'=>'fr form-control')); ?>
<?php echo $this->Html->link(__('Reset password?', true), '/forgot');?>
<?= $this->Form->end(); ?>

# 6 > Create users database

Create a table within your database called 'users'

Login to PHPmyAdmin and switch to your database then use SQL to create the table with the following 

-- phpMyAdmin SQL Dump
-- version 4.6.5.2
-- https://www.phpmyadmin.net/
--
-- Host: localhost:3306
-- Generation Time: Sep 30, 2017 at 11:01 PM
-- Server version: 5.6.35
-- PHP Version: 5.6.30

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";

--
-- Database: `test_simucheck`
--

-- --------------------------------------------------------

--
-- Table structure for table `users`
--

CREATE TABLE `users` (
`id` int(11) NOT NULL,
`name` varchar(250) NOT NULL,
`email` varchar(250) NOT NULL,
`password` varchar(250) NOT NULL,
`user_type_id` int(11) NOT NULL,
`created` datetime NOT NULL,
`modified` datetime NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- Dumping data for table `users`
--

INSERT INTO `users` (`id`, `name`, `email`, `password`, `user_type_id`, `created`, `modified`) VALUES
(1, 'Admin', '', '', 0, '2017-08-29 10:01:00', '2017-08-29 10:01:00'),
(2, 'user', '', '', 0, '2017-08-29 15:37:00', '2017-08-29 15:37:00');

--
-- Indexes for dumped tables
--

--
-- Indexes for table `users`
--
ALTER TABLE `users`
ADD PRIMARY KEY (`id`);

--
-- AUTO_INCREMENT for dumped tables
--

--
-- AUTO_INCREMENT for table `users`
--
ALTER TABLE `users`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=3;

# 7 > Initiate password

All passwords are 'hashed' meaning it is not possible to reverse the hash into the original password. 
-> Therefor you must create the hash with the following function 

Add the following line to your BeforeFilter in AppController.php

function BeforeFilter() {
     echo $this->Auth->password('password123'); exit;

Now refresh your website and you will ONLY see the hash, copy this hash and paste it into the password box on your users table


# 9 > logout

->Add the following in Users controller

function logout()
{
$this->Session->write('goingTo', false);
return $this->redirect($this->Auth->logout());

} 


Other Instructions

Below are many other instructions that show you how to use your UpdateCase application