Cakephp Auth Component Tutorial Part 3
Loading...
Uploader Comments (andrewperk)
Top Comments
-
@benedictaluan In config/routes.php add a new line using the Router::connect(); The first parameter to the connect method is the string that you want your url to be. The second parameter is an array with key value pairs matching the exact location by controller and action. Router::connect('/add', array('controller'=>'users', 'action'=>'add')); You could easily make this say register instead of add.
1 year ago 3
-
@don9721 You are correct. To fix this security hole you have to use cakephp's Security component. Just enabling this component in your controller or appcontroller for sitewide protection will fix this problem. The security component will prevent form tampering, timeout, and csrf token protection as well. Some other security tips are that you don't have to worry about sql injection as long as you use cake's orm to do your queries. Also all helpers that output automatically escape for xss too.
Video Responses
All Comments (46)
-
can you please add a "forgot password" feature on this tutorial?
-
@andrewperk I found a similar solution to what you suggested. First I created a users_id variable in the app_controller, with value $this->Auth->user('id'). Then I created a hidden field in the add post view, replacing the existing input field with the code: echo $this->Form->hidden('user_id', array('value'=>$users_id)).
-
@andrewperk I found a similar solution to what you suggested. First I created a users_id variable in the app_controller, with value $this->Auth->user('id'). Then I created a hidden field in the add post view with the code: echo $this->Form->hidden('user_id', array('value'=>$users_id)).
-
Hi
do me a fever
Please send the files to my mail box 261129232@qq.com
thx!!!
- 54:38
Cakephp 2.0 Auth Component Tutorialby andrewperk4,752 views
- 12:18
Cakephp Auth Component Tutorial Part 2by andrewperk6,725 views
- 14:02
Cakephp Auth Component Tutorial Part 1by andrewperk12,480 views
- 9:09
Cakephp Blog Tutorial Part 12 - Baking Commentsby andrewperk7,846 views
- 9:23
Cakephp Blog Tutorial Part 13 - Rss Feedby andrewperk5,835 views
- 7:54
Cakephp Blog Tutorial Part 7 - Using the Delete Method and Clean upby andrewperk9,071 views
- 22:47
Cakephp 2.0 Blog Tutorial Updateby andrewperk2,759 views
- 58:33
Cakephp Ajax Tutorial - Using Cakephp's Js Helper and jQueryby andrewperk6,974 views
- 7:54
Ruby on Rails Tutorial Part 7 - CRUD - Update - Update Attributes Methodby andrewperk1,199 views
- 11:57
CakePHP - Tutorial Part 1by sever3d7,031 views
- 9:46
Setup Cakephp on Mac OS Xby ariklewis3,535 views
- 1:37
How to get Beginning CakePHP From Novice to Professional PDFby shadoweye0034,391 views
- 4:50
cakephp scaffoldingby rowlandm19762,853 views
- 5:52
How to CakePHP - following "Simple Acl controlled Application" tutorial (part 3/3)by matarofe2,031 views
- 2:16
Cakephp Tutorial 20 - Simple menu ENGby JARJARMP2,671 views
- 9:36
How to CakePHP - following "Simple Acl controlled Application" tutorial (part 2/3)by matarofe2,938 views
- 2:04
Cakephp Tutorial 18 - Custom css ENGby JARJARMP1,558 views
- 1:17
Cakephp Tutorial 15 - How to use the webroot folder ENGby JARJARMP2,686 views
- 3:47
Chaka Demus amp Pliers She don t let nobody original videoby kingdancehall97268,826 views
- 15:14
PHP Forum // Login and Logoutby lifeg0eson66677,551 views
Andrew, when I edit a user I think the password field's value is hashed and there is no value for the password_confirmation field. Also how would you force the username to be the current user when adding a new post?
tyebillion 5 months ago
@tyebillion You would need to make additional changes to edit a user and their password. The password_confirmation field is empty because there's nothing to pre-populate that field with from the database, there is no password_confirmation field in the DB. so the form field remains empty. The password field would show the hashed password because it does not store a plain password in the DB, it stores the hashed password. You cannot retrieve the user's plain password, nor should you for security.
andrewperk 5 months ago
@andrewperk Thanks. And my other question... how would you force the username... ?
tyebillion 5 months ago
@tyebillion Edit your posts add action, pass in only the logged in user instead of $users using $user = $this->Post->User->read(null, $this->Auth->user('id')); change the set method to user the 'user' variable instead of 'users' in the compact statement. Now in your view change the 'user_id' field to be a hidden field and make its value equal to the $user variable you passed from your controller like so: $this->Form->input('user_id', array('type'=>'hidden', 'value'=>$user['User']['id']));
andrewperk 5 months ago
@tyebillion Everytime you make a new post that post automatically belongs to the logged in user because you pass in the logged in user's id to the form which is then saved with the post in the user_id field. I hope this makes sense.
andrewperk 5 months ago
Andrew, what is the keyboard you are using? I like the sound.
endesigner 6 months ago
@endesigner I use a laptop, so its the standard laptop that comes with the gateway p172s fx series laptop.
andrewperk 6 months ago