I am developing an application using cakePHP v 1.3 on windows (XAMPP).
Most of the controllers are baked with the admin routing enabled. I want to secure the admin actions of every controller with a login page. How can I do this without repeating much ? One solution to the problem is that "I check for login information in the admin_index action of every controller" and then show the login screen accord开发者_如何学运维ingly. Is there any better way of doing this ? The detault URL to admin (http://localhost/app/admin) is pointing to the index_admin action of users controller (created a new route for this in routes.php file)Use the Authentication component. You can set it up just for admin routes with something like this:
// AppController::beforeFilter
function beforeFilter() {
if (isset($this->params['prefix']) && $this->params['prefix'] == 'admin') {
$this->Auth->deny('*');
...
}
}
Checking only in the index
actions is pointless, that's just obscurity, not security. The AuthComponent will check permissions for every single page load.
精彩评论