CakePHP Authentication

After last weeks Auth component, it is now time to go into the full Authentication of a user. In order to use the full power of the Auth component, the table should be named “users”. In the table I created, there were a few different things put in, but for the sake of this, I will limit those.

	`user_id` int(11) NOT NULL auto_increment,
	`username` varchar(25) NOT NULL,
	`password` varchar(250) NOT NULL,
	`full_name` varchar(250) NOT NULL,
	`email` varchar(250) NOT NULL,
	`remote_address` varchar(16) NOT NULL,
	`last_login` datetime default NULL,
	`last_login_ip` varchar(16) default NULL,
	`created` datetime NOT NULL,
	`modified` datetime default NULL,
	PRIMARY KEY  (`user_id`),
	UNIQUE KEY `username` (`username`)

In this table, there is a lot you really do not need, but here is the breakdown: ‘user_id’ is needed for my purposes, ‘username’ and ‘password’ are named as such to be able to use the Auth component methods. The other fields are for personalization (full_name and email). The next three are just for simplistic CYA that should always be good practice, grap the registered IP address, date the user last logged in and the IP they logged in from. Is this a foolproof way of CYA? No. But it starts you out on the right track. The last two I always put in all of my tables, as CakePHP updates those automatically, so this also helps to track when created and when changed.

Now that the table is done, we need to provide some quick validation for registration and such. In the model, the code should look similar to this:

var $name = 'User';
var $primaryKey = 'user_id';
var $validate = array(
	'username' => array(
		'alphaNumeric' => array(
			'rule'		=> 'alphaNumeric',
			'required'	=> true,
			'on'		=> 'create',
			'message'	=> 'Username must be only letters and numbers, no special characters'
		'between' => array(
			'rule' 		=> array('between', 5, 20),
			'on'		=> 'create',
			'message'	=> 'Username must be between 5 and 20 characters',
		'isUnique' => array(
			'rule'		=> 'isUnique',
			'on'		=> 'create',
			'message'	=> 'This username is already taken. Please choose a different one.'
	'email' => array(
		'rule'		=> array('email', true),
		'required'	=> true,
		'message'	=> 'Please provide a valid email address'

Continue reading CakePHP Authentication

CakePHP 1.2

I am not sure if this is the new Web 2.0 thing or not, but this version of Cake really ought to be a whole version step instead of an increment. I have been using CakePHP 1.1.x for a few different projects, and now have been messing around with 1.2.0.x for a little while now. A lot has changed in it. The Command Line Interface (CLI) is different than before, so when I first loaded it in then went to the shell to start baking, I was met by errors and messages. I expected to see similar things since this was an “incremental step from 1.1.x to 1.2.x, but there was a huge change from 1.1.x to RC2.

However, I got past the whole CLI and Baking, and started to continue through the other steps. Some of the ideas I like, and have started to explore are the Auth functionality. Not that this changes around the ACLs or replaces them, but a way to enhance the use of ACLs. In this application, I did not need any ACLs, but this Auth component helps out a lot. In the previous version of Cake, I wrote my own quick Auth component and tied it in with the AppController.php. Now, I just add in the Auth component in the AppController and then in the different controllers I create, I extend it and allow certain actions to be accessed based on login/no login. It does help, but there is still alot to do.


class AppController extends Controller {	
	var $components = array('Auth');	
    . . . 


class UsersController extends AppController {
function beforeFilter() {
		// Set User allowed actions.
		$this->Auth->autoRedirect = false;
		$this->Auth->authorize = 'controller';
		$this->set('my_id', $this->Auth->user('user_id'));	
	function isAuthorized() {		
		return true; 

In the AppController.php I set up the Auth to be used. In the individual controllers, I need to check the allowed actions in the Before Filter function. (I also have some actions in the Before Filter of the parent AppController for sub links, which is why it is inheriting the parent in the users controller. Maybe another post for those?)

In the users controller, I can allow certain actions by using the $this->Auth->allow() function. In this example, I only want people who have not logged in to access the register page. Auth also automatically allows everyone to access login, so there is no need to declare it. I could allow all actions by


But I want to prevent people who have not logged in from seeing the user profile pages.

The next line is to stop the Auth redirect. Once authentication happens, it automatically redirects. I did not want this, so I stopped it by setting it to false. Next, I needed to allow for further checks when authentication happens against the ‘user’ model. Because I set this to ‘controller’, I needed to add the function ‘isAuthorized()’. Right now I have this returning true, which really is pointless as it does no additional checks, as of yet. But I needed to build this on for development when I get the profile model up. When it is up, there will be additional validation taking place.

Last, I am setting a variable based on the current user who has logged in. If there is a log in, then Auth will capture that in


NOTE: the ‘user_id’ is the name of the field for the user identifier. In my model/user table, I called it user_id.
This will now set the variable for use in other functions, and when I need to pull data based on this id. It may be a shortcut, it may not be, either way, it is real helpful to be able to call that in the before filter.

This is just one thing I liked about the new version. It may have been in the older version, but I never saw it or used it. But there are other things I really like as well.

Finally back up

After a few years of deliberating and going thru different iterations of site code, I have returned to the WordPress world and will write at the very least, the weekly entry in the blog. This will definitely have some issues as I see, as I am still deciding on the correct theme. But that will all be settled some time soon.

I have set up a few categories as of right now, and may add some more, but may not have to add any at all.

Current projects I am working on includes my full time job working with Fox Entertainment building online applications in PHP. Working with other side projects that include CakePHP for a local non profit organization, developing applications for the iPhone/iPod and another project to develop the plugin applications for those mobile apps on the Mac.

If there are any questions, then let me know.