Andrew, when I edit a user I think the password field's value is hashed and there is no value for the password_confirmation field. Also how would you force the username to be the current user when adding a new post?
@tyebillion You would need to make additional changes to edit a user and their password. The password_confirmation field is empty because there's nothing to pre-populate that field with from the database, there is no password_confirmation field in the DB. so the form field remains empty. The password field would show the hashed password because it does not store a plain password in the DB, it stores the hashed password. You cannot retrieve the user's plain password, nor should you for security.
@tyebillion Edit your posts add action, pass in only the logged in user instead of $users using $user = $this->Post->User->read(null, $this->Auth->user('id')); change the set method to user the 'user' variable instead of 'users' in the compact statement. Now in your view change the 'user_id' field to be a hidden field and make its value equal to the $user variable you passed from your controller like so: $this->Form->input('user_id', array('type'=>'hidden', 'value'=>$user['User']['id']));
@andrewperk I found a similar solution to what you suggested. First I created a users_id variable in the app_controller, with value $this->Auth->user('id'). Then I created a hidden field in the add post view with the code: echo $this->Form->hidden('user_id', array('value'=>$users_id)).
@andrewperk I found a similar solution to what you suggested. First I created a users_id variable in the app_controller, with value $this->Auth->user('id'). Then I created a hidden field in the add post view, replacing the existing input field with the code: echo $this->Form->hidden('user_id', array('value'=>$users_id)).
@tyebillion Everytime you make a new post that post automatically belongs to the logged in user because you pass in the logged in user's id to the form which is then saved with the post in the user_id field. I hope this makes sense.
"The user could not be saved. Please, try again." in my session flash.
I've traced this error to the user_controller add action where we are checking for if($this->User->save($this->data)) and I guess its returning false. Why would this problem happen? The save method is part of the core model.php class and I didn't modify it nor could I find why my data would return false.
@ryantuosto Hello, your sign in form should not be submitting to your users add action. It should be submitting to your users login action. Only your register/sign up form should submit to your users add action. If you're submitting your login form data to the add action it will return false.
@ryantuosto Oh I see. Are you getting any validation errors on the form? If not, most likely you might have an error some where in the process of rewriting the hashPasswords method. Double check over that whole process again including the controller part in the beforeFilter where we set authenticate to use the User model for hashing. If that doesn't work disable all of the hashPasswords rewriting and just let Auth save users normally and see if it works then, just to troubleshoot. Good luck.
@taqman001 The auth component takes care of the logging in code. You only need to define the login function but it doesn't need an implementation. Make sure you are using the auth component in your appcontroller or at least in your userscontroller if you dont have an appcontroller. If you've followed the tutorial from part 1 everything should work.
I am new to the cakePHP framework, I have a few questions that I'm not to sure of.
I understand the it's not supposed to be a complete working example, but this type of design actually worries me.
Would you be able to pass any data to the model manually by posting them yourself, that is if you know the field names, and they would just go straight in the database? As a result make yourself an admin just by registering?
@don9721 You are correct. To fix this security hole you have to use cakephp's Security component. Just enabling this component in your controller or appcontroller for sitewide protection will fix this problem. The security component will prevent form tampering, timeout, and csrf token protection as well. Some other security tips are that you don't have to worry about sql injection as long as you use cake's orm to do your queries. Also all helpers that output automatically escape for xss too.
I really enjoyed your training videos. I was wondering if you have plans to do a video, or set of videos on adding a search of some kind. A cakephp powered site is great... but when you start having several hundred entries... it can be a bit weighty, unless you can search for a few key words. It would be awesome if you do decide to to the tutorial that you can have a single search look through several fields at once.
Anyway, thanks again for you hard work and I hope to see more!
man you rock i spent hours goign through all of your videos... it all worked so far
tmrw ill do testing and make sure everything works perfect, then ill start adding more checks for other than admins... any more videos coming on anything?
@benedictaluan In config/routes.php add a new line using the Router::connect(); The first parameter to the connect method is the string that you want your url to be. The second parameter is an array with key value pairs matching the exact location by controller and action. Router::connect('/add', array('controller'=>'users', 'action'=>'add')); You could easily make this say register instead of add.
i have a question. i believed i followed everything on your video yet everytime i try to login it always gives me a incorrect/password error. even though it the right combinations. thanks..:)
@levticus0506 Double check your users controller for telling it to authenticate with the User model. Double check the overwrite of the hashPasswords method to make sure you did the Security::hash method properly. And make sure you are calling the hashPasswords method in your beforeSave filter and that you're passing it NULL, and TRUE. Also check that you're returning true after the hashPasswords call. If any of these return $data, return TRUE, TRUE, etc gets skipped, the password wont work.
@andrewperk I have a question btw. All of your vids worked on my localhost, now I'm doing it on a remote server. I did everything the same and also succesfully connected to the database on that remote server.
However I get the following error: Database table posts for model Post was not found.
But the table IS there and the database IS connected with the remote server. So I'm kinda stuck and have been googling here and there but still can't find anything.
@dandandaniboy Hi, I don't know what the problem would be. I've never had that problem myself. Common problems when first hosting are that modrewrite's don't work, .htaccess's dont point to the proper place, etc.. But I've never had it not be able to find the table. Does the exact same code work locally but not remotely? You coded it locally, tested it, then uploaded the tested code? If not then It sounds like a naming convention mistake.
@andrewperk yeah, I fully tested it locally and it works. Also worked out the mod_rewrite and .htaccess. And all was fine.
After some research and contacting the host, I've found the problem:
My host gives me limited access to my PHPmyadmin account. So when I log into my PHPmyadmin, I get "no privileges" on my page. Which means I'm not a root user.
And my host doesn't provide that. They themselves only want to be the root user. Which means I cant use Cake on my remote server:(
@carlosvmurillo Most likely I would use ACL and Auth together to do the roles which would create ACO and ARO tables to hold the relationships between roles and or groups. But doing that was beyond the scope of teaching someone the fundamentals of Cakephp's Auth component. Being able to add a roles field to the users table is a very simple way to do role based authentication without ACL or having to deal with any relationships. But you are right, there are better ways of doing this.
can you please add a "forgot password" feature on this tutorial?
6thmercury 1 week ago
Andrew, when I edit a user I think the password field's value is hashed and there is no value for the password_confirmation field. Also how would you force the username to be the current user when adding a new post?
tyebillion 5 months ago
@tyebillion You would need to make additional changes to edit a user and their password. The password_confirmation field is empty because there's nothing to pre-populate that field with from the database, there is no password_confirmation field in the DB. so the form field remains empty. The password field would show the hashed password because it does not store a plain password in the DB, it stores the hashed password. You cannot retrieve the user's plain password, nor should you for security.
andrewperk 5 months ago
@andrewperk Thanks. And my other question... how would you force the username... ?
tyebillion 5 months ago
@tyebillion Edit your posts add action, pass in only the logged in user instead of $users using $user = $this->Post->User->read(null, $this->Auth->user('id')); change the set method to user the 'user' variable instead of 'users' in the compact statement. Now in your view change the 'user_id' field to be a hidden field and make its value equal to the $user variable you passed from your controller like so: $this->Form->input('user_id', array('type'=>'hidden', 'value'=>$user['User']['id']));
andrewperk 5 months ago
@andrewperk I found a similar solution to what you suggested. First I created a users_id variable in the app_controller, with value $this->Auth->user('id'). Then I created a hidden field in the add post view with the code: echo $this->Form->hidden('user_id', array('value'=>$users_id)).
tyebillion 4 months ago
@andrewperk I found a similar solution to what you suggested. First I created a users_id variable in the app_controller, with value $this->Auth->user('id'). Then I created a hidden field in the add post view, replacing the existing input field with the code: echo $this->Form->hidden('user_id', array('value'=>$users_id)).
tyebillion 4 months ago
@tyebillion Everytime you make a new post that post automatically belongs to the logged in user because you pass in the logged in user's id to the form which is then saved with the post in the user_id field. I hope this makes sense.
andrewperk 5 months ago
Hi
do me a fever
Please send the files to my mail box 261129232@qq.com
thx!!!
ysh5159 5 months ago
Andrew, what is the keyboard you are using? I like the sound.
endesigner 6 months ago
@endesigner I use a laptop, so its the standard laptop that comes with the gateway p172s fx series laptop.
andrewperk 6 months ago
Could you make a tutorial on how to set up jEdit like you have it?
winfr34k 7 months ago
Hi, when I try to sign in, I get
"The user could not be saved. Please, try again." in my session flash.
I've traced this error to the user_controller add action where we are checking for if($this->User->save($this->data)) and I guess its returning false. Why would this problem happen? The save method is part of the core model.php class and I didn't modify it nor could I find why my data would return false.
ryantuosto 7 months ago
@ryantuosto Hello, your sign in form should not be submitting to your users add action. It should be submitting to your users login action. Only your register/sign up form should submit to your users add action. If you're submitting your login form data to the add action it will return false.
andrewperk 7 months ago
@andrewperk I actually mistyped, I meant to say I get that error when I try to register. So the users add action is appropriate.
ryantuosto 7 months ago
@ryantuosto Oh I see. Are you getting any validation errors on the form? If not, most likely you might have an error some where in the process of rewriting the hashPasswords method. Double check over that whole process again including the controller part in the beforeFilter where we set authenticate to use the User model for hashing. If that doesn't work disable all of the hashPasswords rewriting and just let Auth save users normally and see if it works then, just to troubleshoot. Good luck.
andrewperk 7 months ago
Comment removed
ryantuosto 7 months ago
I got probem in register page
when i use auth component
can you see and help to fix it
i make video to tell probelem this link
oɹu5ʍnɹʍ3ʍz=ʌ¿ɥɔʇɐʍ/ɯoɔ˙ǝqnʇnoʎ˙ʍʍʍ//:dʇʇɥ
taqman001 9 months ago
hi andraw
i got action login not found
and in the video i see you did not do anything in function login
taqman001 9 months ago
@taqman001 The auth component takes care of the logging in code. You only need to define the login function but it doesn't need an implementation. Make sure you are using the auth component in your appcontroller or at least in your userscontroller if you dont have an appcontroller. If you've followed the tutorial from part 1 everything should work.
andrewperk 9 months ago
First, I want to say it is a great tutorial.
I am new to the cakePHP framework, I have a few questions that I'm not to sure of.
I understand the it's not supposed to be a complete working example, but this type of design actually worries me.
Would you be able to pass any data to the model manually by posting them yourself, that is if you know the field names, and they would just go straight in the database? As a result make yourself an admin just by registering?
don9721 10 months ago
@don9721 You are correct. To fix this security hole you have to use cakephp's Security component. Just enabling this component in your controller or appcontroller for sitewide protection will fix this problem. The security component will prevent form tampering, timeout, and csrf token protection as well. Some other security tips are that you don't have to worry about sql injection as long as you use cake's orm to do your queries. Also all helpers that output automatically escape for xss too.
andrewperk 10 months ago
Hello Andrew,
I really enjoyed your training videos. I was wondering if you have plans to do a video, or set of videos on adding a search of some kind. A cakephp powered site is great... but when you start having several hundred entries... it can be a bit weighty, unless you can search for a few key words. It would be awesome if you do decide to to the tutorial that you can have a single search look through several fields at once.
Anyway, thanks again for you hard work and I hope to see more!
kazigmal 1 year ago
Thanks Andrew. It was excellent and really helped me
rajender0121 1 year ago
man you rock i spent hours goign through all of your videos... it all worked so far
tmrw ill do testing and make sure everything works perfect, then ill start adding more checks for other than admins... any more videos coming on anything?
AllegJDM 1 year ago
nice man.. it helps a lot to me and I finished my first touch of cakephp.. thanks..
romelemperado1 1 year ago
thanks andrewperk ... u really made it very easy!!
abcd321839955 1 year ago
Hi Andrew, I have one question. How can you make the url of your 'cakeauth/users/add' to 'cakeauth/add'?
benedictaluan 1 year ago
@benedictaluan In config/routes.php add a new line using the Router::connect(); The first parameter to the connect method is the string that you want your url to be. The second parameter is an array with key value pairs matching the exact location by controller and action. Router::connect('/add', array('controller'=>'users', 'action'=>'add')); You could easily make this say register instead of add.
andrewperk 1 year ago 3
@andrewperk Thanks Andrew. I have another question. Do you know a site where I can find great implementations of CakePHP?
benedictaluan 1 year ago
@andrewperk Thanks Andrew. One more thing. Do you know a site where I can find great implementations of CakePHP framework?
benedictaluan 1 year ago
i have a question. i believed i followed everything on your video yet everytime i try to login it always gives me a incorrect/password error. even though it the right combinations. thanks..:)
levticus0506 1 year ago
@levticus0506 Double check your users controller for telling it to authenticate with the User model. Double check the overwrite of the hashPasswords method to make sure you did the Security::hash method properly. And make sure you are calling the hashPasswords method in your beforeSave filter and that you're passing it NULL, and TRUE. Also check that you're returning true after the hashPasswords call. If any of these return $data, return TRUE, TRUE, etc gets skipped, the password wont work.
andrewperk 1 year ago
thx Andrew .. you are awesome :)
reconhungary 1 year ago
just completed all ur 17 vids. very helpful indeed! we have to use cakePHP for our school project and this has helped us so much. thanks a lot!!
are you planning to do more?
dandandaniboy 1 year ago
@dandandaniboy Thats great. I'm happy it helped you guys out. I do plan on doing more but I'm not sure when I will do so.
andrewperk 1 year ago
@andrewperk I have a question btw. All of your vids worked on my localhost, now I'm doing it on a remote server. I did everything the same and also succesfully connected to the database on that remote server.
However I get the following error: Database table posts for model Post was not found.
But the table IS there and the database IS connected with the remote server. So I'm kinda stuck and have been googling here and there but still can't find anything.
Any ideas?
dandandaniboy 1 year ago
@dandandaniboy PS, the most common solution on google was to empty the cache. But this didn't work out for me:(
dandandaniboy 1 year ago
@dandandaniboy Hi, I don't know what the problem would be. I've never had that problem myself. Common problems when first hosting are that modrewrite's don't work, .htaccess's dont point to the proper place, etc.. But I've never had it not be able to find the table. Does the exact same code work locally but not remotely? You coded it locally, tested it, then uploaded the tested code? If not then It sounds like a naming convention mistake.
andrewperk 1 year ago
@andrewperk yeah, I fully tested it locally and it works. Also worked out the mod_rewrite and .htaccess. And all was fine.
After some research and contacting the host, I've found the problem:
My host gives me limited access to my PHPmyadmin account. So when I log into my PHPmyadmin, I get "no privileges" on my page. Which means I'm not a root user.
And my host doesn't provide that. They themselves only want to be the root user. Which means I cant use Cake on my remote server:(
dandandaniboy 1 year ago
Comment removed
dandandaniboy 1 year ago
you big brain
so very very thank s
playgoods 1 year ago
Hi, Andrew.
These videos are really good.
In real world an app should be three tables for this example. First one for users, another for roles and one last for join both, isn't?
I know that a fundamental part of development is a good database normalization.
Thank you for sharing.
carlosvmurillo 1 year ago
@carlosvmurillo Most likely I would use ACL and Auth together to do the roles which would create ACO and ARO tables to hold the relationships between roles and or groups. But doing that was beyond the scope of teaching someone the fundamentals of Cakephp's Auth component. Being able to add a roles field to the users table is a very simple way to do role based authentication without ACL or having to deal with any relationships. But you are right, there are better ways of doing this.
andrewperk 1 year ago
Great videos! It would be nice to do a jquery with cake php video in the future too.
konteu 1 year ago
Good job! You combine all knowledge I have in 3 videos.Thanks
ucha19871 1 year ago