I am building a site that requires a simple authentication system to sit on top of my site so that only people with the password can access it. This is different to users and the authentication component as it's just to prevent access unless you're supposed to.
The reason is I have a preview site for a client and I only want them to be able to access it but can't use the in-built authentication as they need to see both logged in and logged out states hence using a custom simple authentication (note this doesn't need to be secure).
I have a working system in place and to prevent access I do a check in the AppController so that all requests first check if my session exists:
public function beforeRender()
{
if ($this->Session->check('client') != true)
{
$this->layout = 'client_login';
$this->render = 'pages/client_login';
}
}
The layout bit works fine so it understands the session, but it doesn't show my client login view which has a simple login form on it so it's not doing the render properly. Any ideas why not? And开发者_JS百科 any better ideas to show the layout and view for all actions across the site if that session does not exist.
'render' is a function, not a property. So your code should probably be:
$this->render('pages/client_login');
edit: by the way, this code can't be placed in the beforeRender() callback, because this would lead to an infinite loop (render() raises beforeRender()).
beforeFilter() would certainly be a better place.
function beforeFilter()
{
if ($this->Session->check('client') != true)
{
$this->autoRender = false;
$this->layout = 'client_login';
$this->render('/pages/client_login');
}
}
EDIT
Like explained in my comments, the explicit call to render() in the PagesController->display() method prevents what you want to do to work when you are on an URL that uses the PagesController.
Rethinking a bit about your needs, I see two solutions.
If you need a simple way to fully protect your website temporarely, without modifying your application code, you could use Apache to protect the access through the .htaccess. A basic authentication or maybe a filter on IP or domain could maybe do the trick in your case. See http://httpd.apache.org/docs/2.0/howto/auth.html
If you want to use Cake because you already have your custom authentication system working that fill the Session, you could use the Auth component just to grant or deny access. In your AppController, you could have something like:
function beforeFilter()
{
$this->Auth->loginAction = '/pages/client_login';
if($this->Session->check('client'))
{
$this->Auth->allow('*');
}
}
Try this: Session->read('client')) { //client session exists } else { //client session does not exist }
For this cases, I usually use Basic http Authentication Protecting content with basic authentication
You add the following directives in .htaccess that sits int the directory above your app folder (read 1 for more options)
AuthUserFile /path/to/your/folder/.htpasswd
AuthGroupFile /dev/null
AuthName Administration
AuthType Basic
Create a .htpasswd file in the same directory with login/password couples, use the tool below
http://www.htaccesstools.com/htpasswd-generator/
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论