ansaurus

Question

How to make some pages not available when a user is logged in

Answer 1

A:

EDIT:

Wasn't aware that CakePHP used a different syntax.

You can then use the following to set the Session variable:

$this->Session->write('user_id', '<some_user_name>');

Then use this to redirect the user if they are logged in:

if ($this->Session->check('user_id'))
{
    $this->redirect('http://google.com');
}

And then to destroy a Session use:

$this->Session->destroy()

More information about CakePHP Sessions

Thanks

mlevit 2009-08-07 04:04:34

This question is about cakePHP not PHP in general.

linead 2009-08-07 04:16:28

Hi mlevit thank you for your reply ... yes I certainly can use session to achieve what I want to do ... but I just thought that there must be something in CakePHP Auth that allows me to do that ... just like what I can do with Auth->allow().

2009-08-07 04:17:25

Fixed the syntax for CakePHP. You can use `$this->Auth->deny()` the same way as you use `allow` I'm fairly sure.

mlevit 2009-08-07 04:34:36

I would expect that's the case too ... but I have tried it and it does not do it. isAuthorized() is called if we load the page that needs user to be logged in... and then we can list pages that we want to be un-accessible using Auth->deny().

2009-08-07 04:59:03

Saving the user id in the session is not only unnecessary, the session exists independently of the user being logged in. You'll have to put extra checks in place to make sure the session data is in sync with the actual login status of the user. `destroy()`ing the whole session is also overkill for "logging the user out" and/or may have unintended side effects.

deceze 2009-08-07 06:12:00

Answer 2

+1 A:

There are no complex rules like that built into Cake Auth. You'll have to manually check for conditions like this. It's very simple though:

// Controller
function register() {
    if ($this->Auth->user()) {
        $this->redirect(/* somewhere else */);
    }
}

Contrary to mlevits answer, you don't need to store anything in the Session, the info is readily available from the AuthComponent itself. http://book.cakephp.org/view/387/user

There's also an example how to do it by dynamically using deny(), but that's not as clear in a simple case like this IMHO. http://book.cakephp.org/view/383/deny
Also, deny() produces an error message ("You're not authorized to access this location"), which is probably not what you want for the user experience in this case.

deceze 2009-08-07 04:37:07

The thing is ... my finding suggested that isAuthorized() is not even called when viewing pages that is in allow list.But, thanks anyway to confirm that it may not be doable through cake Auth.

2009-08-07 05:00:38

`isAuthorized()` calculates whether a user is authorized by what you specify as denied or allowed, so you got it backwards. `deny()` denies the action to everybody, so it only makes sense to use it dynamically. What you want is to deny (or redirect) if the user is simply logged in. To do that, use my code above.

deceze 2009-08-07 05:05:51

Read the description of `isAuthorized()`, it's very different from "is logged in": http://api.cakephp.org/class/auth-component#method-AuthComponentisAuthorized

deceze 2009-08-07 05:07:18

Answer 3

A:

You can check it in method beforeFilter in AppController to allow aplication-wide check. For example:

<?php
class AppContoller extends Controller {
    var $components = array('Session', 'Auth');

    function beforeFilter(){
        $this->Auth->allow('register', 'home');
        // Check if current action allowed to access without authorization and User has login
        if(array_key_exists($this->params['action'], $this->Auth->allowedActions) && $this->Auth->user()){
            $this->redirect(/* somewhere else */);
        }
    }
}
?>

Of course you can also implements it in some controller instead of AppController.

Jamal Aziz 2010-08-27 08:47:53

ansaurus

tags:

views:

answers:

How to make some pages not available when a user is logged in

related questions