我无法使用新的Auth组件测试如何测试用户是否处于活动状态。我有3个状态,用户可以进入:0未激活(默认),1激活,2激活。我正在尝试在登录功能中实现这一点,所以我可以返回他们是否已经注册或被禁止。
登录:
public function login() {
if ($this->request->is('post')) {
if($this->Auth->login()) {
$results = $this->User->find('all', array(
'conditions' => array('User.email' => $this->Auth->user('email')),
'fields' => array('User.is_active')
));
if ($results['User']['is_active'] == 0) {
// User has not confirmed account
$this->Session->setFlash('Your account has not been activated. Please check your email.');
$this->Auth->logout();
$this->redirect(array('action'=>'login'));
}
// not working atm
else if ($results['User']['is_active'] == 2) {
// User has been deactivated
$this->Session->setFlash('Your account has been deactivated. Contact site admin if you believe this is in error.');
$this->Auth->logout();
$this->redirect(array('action'=>'login'));
}
else if ($results['User']['is_active'] == 1) {
// User is active
$this->redirect($this->Auth->redirect());
}
} else {
$this->Session->setFlash(__('Your email/password combination was incorrect'));
}
}
}
看不出我出错的地方。具有管理员权限和激活用户的用户仍然会收到未激活的帐户错误。
更新
决定删除User.is_active字段并将其全部处理为角色。我正在AppController中处理它,它现在几乎正在工作。在isAuthorized函数中,如果用户被禁止或未激活,它现在会抛出错误,但我也需要它来注销它们。
public function isAuthorized($user) {
// This isAuthorized determines what logged in users are able to see on ALL controllers. Use controller
// by controller isAuthorized to limit what they can view on each one. Basically, you do not want to allow
// actions on all controllers for users. Only admins can access every controller.
if (isset($user['role']) && $user['role'] === 'admin') {
return true; //Admin can access every action
}
elseif (isset($user['role']) && $user['role'] === 'unactivated') { // Account has not been activated
$this->Session->setFlash("You haven't activated your account yet. Please check your email.");
return false;
}
elseif (isset($user['role']) && $user['role'] === 'banned') { // Your account has been banned
$this->Session->setFlash("You're account has been banned. If you feel this was an error, please contact the site administrator.");
return false;
}
return false; // The rest don't
}
答案 0 :(得分:8)
如果他们登录,则可以使用$this->Auth->user()
访问用户模型信息。所以你应该能够做到这样的事情:
if ($this->Auth->login()) {
if ($this->Auth->user('is_active') == 0) {
// User has not confirmed account
} else if ($this->Auth->user('is_active') == 1) {
// User is active
// and so on
您可以在debug($this->Auth->user());
之后使用login()
来查看用户继续显示为未激活的原因。
答案 1 :(得分:1)
现在,在 2021 年,对于 CakePHP 4.x,这是正确的方法:
if ( $result->isValid() ) {
if ( $this->getRequest()->getAttribute('identity')->is_active ) {
// The user is active and can log in
} else {
// The user is not active - reject the log in
}
}