CakePHP Auth组件在登录前检查用户

Question

I want to prevent banned users from logging in to the site and give them a message that they are banned. I tried to use isAuthorized() for this but it allows the user to login and only after that denies him permission to the unauthorized actions.

So, basically I want to know where to put the condition that would check if the user table as banned = true, before the login process takes place. Right now my login function is empty as its being automatically controlled by the Auth Component.

Answer 1

Finally, I found a solution by going through the API. I wonder if anyone has used this ever, cause nobody pointed me to this, or maybe I wasn't clear enough. Anyways, to add a condition to the login process you just have put it in the variable $this->Auth->userScope

So, to check if a user is banned I just added this line to the beforeFilter() in my AppController,

$this->Auth->userScope = array('User.banned'=>0);

Hope this helps someone.

Answer 2

Alternatively to: $this->Auth->userScope = array('User.banned'=>0);

This can be done when you include your Auth Component. This probably saves some tiny amount of overhead as $this->Auth->userScope isn't called every time a controller is parsed.

public $components = array(
    'Auth' => array(
        'authenticate' => array(
            'Form' => array(
                'passwordHasher' => 'Blowfish',
                'scope' => array('User.banned' => 0)
            )
        ),
        'authorize' => array('Controller')
    )
);

Answer 3

If you have the whole Auth system already up and running, why don't you just follow the KISS principle and revoke their password or alter there username? If they are not longer able to authenticate with your system as they could earlier they should be able to deduce that they are banned.

If that doesn't suffice, then additionally you could add the code below.

function login() {
  if ($this->Session->read('Auth.User')) {
    $this->Session->setFlash('You are alreadylogged in!~~~~~~~~~~~');   
  }
  $this->Session->setFlash('You have been banned!');    
  $this->redirect(array('controller'=>'users','action'=>'index'));
}

Edit 1: For a more dynamically approach like you pointed out in your comment, you could check the is_banned column of the user record under concern in your UsersController::beforeFilter() and set your flash message accordingly. Also make a redirect based on the outcome of $this->Session->read('Auth.User.is_banned') . Maybe you want to have a look at the output of <?php debug $this->Session->read('Auth.User) ?> before attacking your problem.

Edit 2: My fault. You could store the is_banned somewhere in the Session via $this->Session->write(...) . After you read an is_banned = true you can log the user out.

Answer 4

you have to use:

/** Function is executed after the login*/
function isAuthorized() {
return true;
}

where you can check if the user is banned or no. ie

/** Function is executed after the login*/
function isAuthorized() {
if($this->Auth->user('banned') == 1){ //column banned should be in the users table
       $this->Session->setFlash('You have been banned!');    
       return false;
    }
    return true;
}

I believe this is the correct way.

Answer 5

Having read your last comment on Nik's way, I think that you could just refine your original solution by logging the user out manually via $this->Auth->logout() at the appropriate place in your code (followed by a redirect). This way it should look like he/she never logged in.