CakePHP 2.0 Account validation

Question

I'm trying to create a simply login page. I want validation on that page so that when a user clicks login the site checks that in the users database activated is set to 1, if not they can't login. I'm still very new to cakephp and am trying to pick up quickly so I'm sorry if this is a simple beginner question.

here is the validation in my User model

public $checkActive = array(
    'activated'=>array(
            'rule'=>array('equalTo', '0'),
            'message'=>'The account must be activated, please check your email.'
        ));

here is the login function in my usersController

 public function login() {

    $this->set('title_for_layout', 'Individual Registration');
    $this->set('stylesheet_used', 'style');
    $this->set('image_used', 'eBOXLogo.jpg');


    if ($this->request->is('post')){
    if ($this->request->data['User']['password'] == 'qazwsx'){
    if ($this->Auth->login()){
     if (0 === $this->User->find('count',array('conditions'=>array('enabled'=>1,'login'=> $username)))) {
         $this->Session->setFlash('Sorry, your account is not validated yet.');
    }

        $this->Auth->user('id');
        $this->redirect($this->Auth->redirect('eboxs/home')); 
        }   
    } 
    else {

        $this->Session->setFlash('Username or password is incorrect');
    }
    }else{
    $this->Session->setFlash('Welcome, please login');
    }


}

here is my beforeLogin function in the usersController

 public function beforeLogin(){

    if(isset($this->data['User']['password'])){
        $this->data['User']['password'] = AuthComponent::password($this->data['User']['password']);
        }
        return true;
    }

app controller

class AppController extends Controller {

    public $components = array(
        'DebugKit.Toolbar',
        'Session', 
        'Auth'=>array(
            'loginRedirect'=>array('controller'=>'users', 'action'=>'login'),
            'logoutRedirect'=>array('controller'=>'users', 'action'=>'login'),
            'authError'=>"You can't access this page",
            'authorize'=>array('Controller')
        )
    );

    public function isAuthorized($user){
        return true;
    }

    public function beforeFilter(){
    $this->Auth->allow('index','view');
    $this->set('logged_in', $this->Auth->loggedIn());
    $this->set('current_user',$this->Auth->user());

    }

I realize that there is no call in my controller to the validation but with my other validation such as username is unique, I haven't had to call it.

in short at the moment anyone can log into my page, I'm trying to make it so only those who have 1 in the activated field in the users table can login.

Answer 1

One option would be to check account validation right after login like this :

<?php
if ($this->request->is('post')){
if ($this->request->data['User']['password'] == 'qazwsx'){
if ($this->Auth->login()) {

    // login ok, but check if activated
    $username = $this->request->data['User']['username'];
    if (0 === $this->User->find('count',array('conditions'=>array('activated'=>1,'username'=> $username)))) {
         $this->Session->setFlash('Sorry, your account is not validated yet.');
         $this->redirec($this->referer());
    }

    $this->Auth->user('id');
    $this->redirect($this->Auth->redirect('eboxs/home')); 
    }   
} 

Answer 2

Add a scope option to your auth setup:

'Auth'=>array(
        'loginRedirect'=>array('controller'=>'users', 'action'=>'login'),
        'logoutRedirect'=>array('controller'=>'users', 'action'=>'login'),
        'authError'=>"You can't access this page",
        'authorize'=>array('Controller'),
        'scope' => array('User.activated' => 1)
    )

This will prevent the user from logging in if they do not have User.activated = 1.

Also, look into your auth setup and re-read the manual page for CakePHP 2.0, you config looks like 1.3. There should be no need to check the password yourself, and you definitely don't need a beforeLogin method for such a simple setup.