>
> Url:
> localhost/server/users/login/username:name/password:pass
That looks like all sorts of insecure.
> Controller:
> <?php
> class UsersController extends AppController
> {
> var $name = 'User';
>
>
> function beforeFilter()
> {
> $this->Auth->allow('*');
>
> if(isSet($this->passedArgs['username']))
> {
> $this->data['User']['username'] = $this->passedArgs['username'];
> }
> if(isSet($this->passedArgs['password']))
> {
> $this->data['User']['password'] = $this->passedArgs['password'];
> }
> }
I think beforeFilter() is too late for the way that Auth handles
submitted passwords. It's been quite awhile since I dove into the guts
of Auth, though, so I could be wrong. The upshot of it is that Auth
picks it up well at the beginning of the request, then hashes it.
Have a look at its startup() method.
http://api.cakephp.org/class/auth-component
> View:
> <h1>Log in</h1>
> <?=$form->create('User',array('action'=>'login'));?>
> <?=$form->input('username');?>
> <?=$form->input('password', array('type'=>'password'));?>
> <?=$form->end('login');?>
Why do you have a login form view if you're trying to pass the
credentials in the URL? Mind, I have no idea what Qooxdoo is, so
perhaps this all makes perfect sense.
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
No comments:
Post a Comment