phpcakephpcakephp-2.1

CakePHP and User login function

Here is a simple CakePHP login function (example taken from the CakePHP cookbook):

public function login() {
    if ($this->request->is('post')) {
        if ($this->Auth->login()) {
            return $this->redirect($this->Auth->redirectUrl());
        } else {
            $message = 'Username or password is incorrect';
            $this->Session->setFlash(__($message), 'default', array(), 'auth');
        }
    }
}

During testing of this login function I found out that:

if ($this->Auth->login()) {
    // ...
}

It lets a user to login even if authorization was done earlier. For example, if I logged in as User1 and without a call to logout function I'm trying to log in as User2 - I will get the next error:

Notice (8): Undefined index: User [APP/Controller/UsersController.php, line 83]

In this case I can hide a login form from the user. Is it a correct way?

Update: what can you say about the next code snippet:

public function login() {
    if ($this->request->is('post')) {
        if ($this->Auth->loggedIn()) {
            $this->Auth->logout();
        }
        if ($this->Auth->login()) {
            return $this->redirect($this->Auth->redirectUrl());
        } else {
            $message = 'Invalid login or password';
            $this->Session->setFlash(__($message), 'default', array(), 'auth');
        }
    }
}
Solution

  • The tutorial Simple Acl controlled Application - part 2 in the cookbook suggests that you read out the data with SessionComponent.

    You can also use the AuthComponent to check whether a user is already logged in or not. Use $this->Auth->user() in your controller. You can also pass a key to the first parameter to get a specific column of your users table or skip it to get all of the user's information. It returns Null if the user is not logged in or the key does not exist.

    Your login method could look like the following one (additions marked with a plus + and SessionComponent is used):

    public function login() {
+   if ($this->Session->read('Auth.User')) {
+       $this->Session->setFlash('You are logged in!');
+       return $this->redirect($this->Auth->redirectUrl());
+   }
    if ($this->request->is('post')) {
        if ($this->Auth->login()) {
            return $this->redirect($this->Auth->redirectUrl());
        } else {
            $message = 'Username or password is incorrect';
            $this->Session->setFlash(__($message), 'default', array(), 'auth');
        }
    }
}