我正在运行2.2.2 CakePHP应用程序,一切都按预期工作。现在我正在为它开发一个Android应用程序,因此需要在这两个应用程序之间创建接口。这就是我需要手动登录用户的原因。所以我创建了一个全新的控制器AndroidController,以便将所有内容捆绑在一个地方。首先要做的是Login-Action。所以我设置了以下控制器:
<?php
App::uses('AppController', 'Controller');
/**
* Android Controller
*
* @package app.Controller
*/
class AndroidController extends AppController {
public $components = array('RequestHandler','Auth');
public $uses = array('User');
public function beforeFilter() {
$this->Auth->allow();
}
public function login() {
//For testing purposes
$postarray = array('_method' => 'POST','data' => array('User' => array('email' => 'user@gmail.com', 'password' => 'THISisDEFINITELYaWRONGpassword')));
$id = $this->tryToGetUserID($postarray['data']['User']['email']);
if($id == 0){
//return Error json, unknown User
$this->set('result', array(
'tag' => 'login',
'success' => 0,
'error' => 1,
'error_msg' => 'Unknown User'
));
}else{
// if ($this->request->is('post')) {
$postarray['data']['User'] = array_merge($postarray['data']['User'], array('id' => $id));
$this->User->id = $id;
if ( $this->Auth->login($postarray['data']['User'])) {
// Login successfull
$this->User->saveField('lastlogin', date(DATE_ATOM));
$user = $this->User->find('all', array(
'recursive' => 0, //int
'conditions' => array('User.id' => $id)
));
$loggedInUser = array(
'tag' => 'login',
'success' => 1,
'error' => 0,
'uid' => '??',
'user' => array(
'name' => $user['0']['User']['forename'].' '.$user['0']['User']['surname'],
'email' => $user['0']['User']['email'],
'created_at' => $user['0']['User']['created'],
'updated_at' => $user['0']['User']['lastlogin']
)
);
$this->set('result', $loggedInUser);
} else {
// Login failed
$this->set('result', array(
'tag' => 'login',
'success' => 0,
'error' => 2,
'error_msg' => 'Incorrect password!'
));
}
// }
}
}
public function tryToGetUserID($email = null) {
$user = $this->User->find('list', array(
'conditions' => array('User.email' => $email)
));
if(!empty($user)){
return array_keys($user)['0'];
}else{
return 0;
}
}
}
您需要知道此方法将被调用为POST请求,但出于测试目的,我手动创建了一个post-array。将来我将使用$ _POST数组。 那么,会发生什么:使用注册用户登录有效,但每次都有效!即使密码错误或丢失!该程序永远不会在代码中出现“登录失败”评论。
我在这里错过了什么......?
谢谢!
答案 0 :(得分:0)
如果你仔细看看documentation,你会注意到AuthComponent :: login()将......
在2.x $ this-&gt; Auth-&gt;登录($ this-&gt; request-&gt; data)将使用所发布的数据记录用户