Home » CakePHP, PHP/MySQL, Programming Techniques » CakePHP – Auth Login Redirect Problem with Plugins

5

The Auth Component in CakePHP redirects the user to the log-in page when a user tries to access any protected pages in the application. The default log-in page is set by defining the loginAction variable in the beforeFilter function in your UsersController or AppController.

But if you have used plug-ins in your application, and if a user tries to access a controller action of a plug-in the user is redirected to an invalid page like this.

http://domain.com/plugin_name/users/login

This is because, CakePHP assumes the user controller to be a a part of the Plug-in.

Normally, your beforeFilter function could look like this.

function beforeFilter() {
	Security::setHash('md5');
	$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
	$this->Auth->loginRedirect = array('controller' => 'home', 'action' => 'index');
	$this->Auth->loginError = 'Invalid Username or Password.';
	$this->Auth->authError = "You are not authorized to access.";
	$this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
}

The redirection problem can be avoided by defining the loginAction in the above function like this:

$this->Auth->loginAction = array(‘controller’ => ‘users’, ‘action’ => ‘login’, ‘plugin’ => null);

This tells CakePHP that the user controller is a global controller.

The same problem occurs when you use $html->link or $html->url to generate links to global contoller actions from a plugin view. If you didn’t define the parameter ‘plugin’=>true in $html->link or $html->url, CakePHP will assume the controller to be a part of the current plugin and will try to access a controller within the plugin instead of redirecting the user to the global controller.

5 Comments

  1. Razorit - Web Development Company says:

    I found that this broken redirect can occur in another instance as well. But its a bit harder to find. In your plugin, if you’re using the beforeFilter method and don’t use “parent::beforeFilter();” in the method, then your beforeFilter is overwriting the app_controller beforeFilter and so Auth goes back to using the defaults “users/login”. So make sure you put “parent::beforeFilter(); ” in your plugin beforeFilter’s. Or restate your auth plugin/null defaults.

    Not sure why they just don’t make plugin => null part of the default though :-)

  2. Aneeska says:

    You got it! :-) I never thought about mentioning it.
    Your comment was caught by the Spam Filter and didn’t get published.

    Thanks,
    Anees

  3. Jesper says:

    This little tips helped me sort it out! Big thanks!

    But now I have a different issue.
    I wish to configure a plugin specific login view but that still uses the main app auth system. Any clues on how I would do that would be greatly appreciated! Being a newbie on Cake I fumble in the dark on matters like these.

  4. SEO Company Jaipur says:

    wish to configure a plugin specific login view but that still uses the main app auth system. Any clues on how I would do that would be greatly appreciated! Being a newbie on Cake I fumble in the dark on matters like these.

Leave a Reply

Page optimized by WP Minify WordPress Plugin