如何测试用户在Cakephp 2.0 auth组件中是否处于活动状态?

时间:2012-01-22 16:26:22

标签: cakephp authentication cakephp-2.0

我无法使用新的Auth组件测试如何测试用户是否处于活动状态。我有3个状态,用户可以进入:0未激活(默认),1激活,2激活。我正在尝试在登录功能中实现这一点,所以我可以返回他们是否已经注册或被禁止。

登录

        public function login() {
        if ($this->request->is('post')) {
            if($this->Auth->login()) {                   
                $results = $this->User->find('all', array(
                    'conditions' => array('User.email' => $this->Auth->user('email')),
                    'fields' => array('User.is_active')
                ));
                if ($results['User']['is_active'] == 0) {
                    // User has not confirmed account
                    $this->Session->setFlash('Your account has not been activated. Please check your email.');
                    $this->Auth->logout();
                    $this->redirect(array('action'=>'login'));
                }
               // not working atm
                else if ($results['User']['is_active'] == 2) {
                    // User has been deactivated
                    $this->Session->setFlash('Your account has been deactivated. Contact site admin if you believe this is in error.');
                    $this->Auth->logout();
                    $this->redirect(array('action'=>'login'));
                }
                else if ($results['User']['is_active'] == 1) {
                    // User is active
                      $this->redirect($this->Auth->redirect());
                    }
            } else {
                $this->Session->setFlash(__('Your email/password combination was incorrect'));
            }
        }
    }

看不出我出错的地方。具有管理员权限和激活用户的用户仍然会收到未激活的帐户错误。

更新

决定删除User.is_active字段并将其全部处理为角色。我正在AppController中处理它,它现在几乎正在工作。在isAuthorized函数中,如果用户被禁止或未激活,它现在会抛出错误,但我也需要它来注销它们。

    public function isAuthorized($user) {
    // This isAuthorized determines what logged in users are able to see on ALL controllers. Use controller
    // by controller isAuthorized to limit what they can view on each one. Basically, you do not want to allow
    // actions on all controllers for users. Only admins can access every controller.
    if (isset($user['role']) && $user['role'] === 'admin') {
        return true; //Admin can access every action
    }
    elseif (isset($user['role']) && $user['role'] === 'unactivated') { // Account has not been activated
        $this->Session->setFlash("You haven't activated your account yet. Please check your email.");
        return false; 
    }
    elseif (isset($user['role']) && $user['role'] === 'banned') { // Your account has been banned
        $this->Session->setFlash("You're account has been banned. If you feel this was an error, please contact the site administrator.");
        return false;
    }
    return false; // The rest don't
}

2 个答案:

答案 0 :(得分:8)

如果他们登录,则可以使用$this->Auth->user()访问用户模型信息。所以你应该能够做到这样的事情:

if ($this->Auth->login()) {
    if ($this->Auth->user('is_active') == 0) {
        // User has not confirmed account
    } else if ($this->Auth->user('is_active') == 1) {
        // User is active

    // and so on

您可以在debug($this->Auth->user());之后使用login()来查看用户继续显示为未激活的原因。

答案 1 :(得分:1)

现在,在 2021 年,对于 CakePHP 4.x,这是正确的方法:

if ( $result->isValid() ) {

   if ( $this->getRequest()->getAttribute('identity')->is_active ) {
      // The user is active and can log in
   } else {
      // The user is not active - reject the log in
   }
}