Reputation: 644
How can you test whether a user is active in Cakephp 2.0 auth component?
I'm having trouble hashing out how to test whether a user is active using the new Auth component. I have 3 states a user can be in: 0 unactivated (default), 1 activated, 2 deactivated. I'm trying to implement this in the login function so I can return whether they haven't registered or have been banned.
Login:
public function login() {
if ($this->request->is('post')) {
if($this->Auth->login()) {
$results = $this->User->find('all', array(
'conditions' => array('User.email' => $this->Auth->user('email')),
'fields' => array('User.is_active')
));
if ($results['User']['is_active'] == 0) {
// User has not confirmed account
$this->Session->setFlash('Your account has not been activated. Please check your email.');
$this->Auth->logout();
$this->redirect(array('action'=>'login'));
}
// not working atm
else if ($results['User']['is_active'] == 2) {
// User has been deactivated
$this->Session->setFlash('Your account has been deactivated. Contact site admin if you believe this is in error.');
$this->Auth->logout();
$this->redirect(array('action'=>'login'));
}
else if ($results['User']['is_active'] == 1) {
// User is active
$this->redirect($this->Auth->redirect());
}
} else {
$this->Session->setFlash(__('Your email/password combination was incorrect'));
}
}
}
Can't see where I've gone wrong. Users with admin privileges and activated users are still getting the unactivated account error.
Update
Decided to drop the User.is_active field and handle it all in roles. I'm handling it in the AppController and it is almost working now. In the isAuthorized function, it now throws errors if the user is banned or unactivated, but I need it to log them out as well.
public function isAuthorized($user) {
// This isAuthorized determines what logged in users are able to see on ALL controllers. Use controller
// by controller isAuthorized to limit what they can view on each one. Basically, you do not want to allow
// actions on all controllers for users. Only admins can access every controller.
if (isset($user['role']) && $user['role'] === 'admin') {
return true; //Admin can access every action
}
elseif (isset($user['role']) && $user['role'] === 'unactivated') { // Account has not been activated
$this->Session->setFlash("You haven't activated your account yet. Please check your email.");
return false;
}
elseif (isset($user['role']) && $user['role'] === 'banned') { // Your account has been banned
$this->Session->setFlash("You're account has been banned. If you feel this was an error, please contact the site administrator.");
return false;
}
return false; // The rest don't
}
Upvotes: 3
Views: 5338
Answers (2)
Reputation: 5186
Now, in year 2021, for CakePHP 4.x this is the correct approach:
if ( $result->isValid() ) {
if ( $this->getRequest()->getAttribute('identity')->is_active ) {
// The user is active and can log in
} else {
// The user is not active - reject the log in
}
}
Upvotes: 0
Reputation: 609
If they log in, the User model info can be accessed with $this->Auth->user(). So you should be able to do something like this:
if ($this->Auth->login()) {
if ($this->Auth->user('is_active') == 0) {
// User has not confirmed account
} else if ($this->Auth->user('is_active') == 1) {
// User is active
// and so on
You can use debug($this->Auth->user()); after the login() to see why the users keep showing as unactivated.
Upvotes: 8
Related Questions
- How to Check if user is logged in cakephp 4 application using CakeDC users plugin?
- Checking if user is logged in using CakePHP
- CakePHP Auth Component Want to Check User Only Dont Want to Login
- CakePHP Auth Component Check User Before Login
- Cakephp 2.4 Check Auth LoggedIn in every page?
- Cakephp 2 - check if a user is logged in view
- CakePHP Auth Component: How do I check if someone is logged in?
- active/inactive check not working while login cakephp
- Checking user auth in controllers with cakephp
- check auth session in controller