CakePHP login without use of password, ONLY username

Question

After reading the post: logging without password

I made a personal attempt:

AppController:

function beforeFilter(){
$this->Auth->loginError = "This message shows up when the wrong credentials are 
 used";       
 //$this->Auth->authError = "This error shows up with the user tries to access a part
 of the website that is protected."; 
    //$this->Auth->authError = "";
    $this->Auth->fields = array(
        'username' => 'username',
        'password' =>   null 
   );

UsersController, inside add() :

// Save new user
   if ($this->User->save(array('username' => $this->request->data['User']['username'],
          'password' => $this->Auth->password(null),
          'name' => $this->request->data['User']['name'],
          'surname' => $this->request->data['User']['surname'],
          'chosenLayout' => $this->request->data['User']['chosenLayout'],
          'dateCreated' => $this->request->data['User']['dateCreated'],
          'dateModified' => $this->request->data['User']['dateModified'],
          'role_id' =>$this->request->data['User']['role_id']        
   ))) {

    $this->Session->setFlash(__('message_success_user_added', 
    array($this->request->data['User']['username'])), 'default', array(), 'success');
    $this->redirect(array('action' => 'index'));
   } 
   else {
    // Validation error
 $this->Session->setFlash(__('message_fail_validation'), 'default', array(), 'fail');
   }

Then entered as admin and created some dummy users with null or random password. Checking the database encrypted passwords were all the same ( a hashed null string) which means the modification in add() function worked...

Inside UsersController login() :

// Login User
public function login() {

    // Check if the user is already logged in
    if ($this->Session->check('Auth.User.id')){ 

        // Redirect to login page
        $this->redirect($this->Auth->loginRedirect); 
    }
    else{
        // If the user is not logged in

        session_set_cookie_params(0); 

        // If the request is a POST request
        if ($this->request->is('post')) { 
            //get credentials
            $this->username = $this->request->data['User']['username'];
            $this->password = $this->request->data['User']['password'];
            $this->domain = $this->request->data['User']['domain'];
            //debug($this->username);
            debug($this->domain) ;
            //Check if username exists in local DB 
            //debug($this->User->findByUsername( $this->username ));
            if ($this->Auth->login(
                          array(
                           'username'=> $this->username,
                            'password'=> null)

                         )){

                //   debug($this->Auth->login(array(
                  //          'username'=> $this->username,
                    //        'password'=> null
                        // )));

    // Successful login
    // Get all the user information and store in Session
    //debug($this->Auth);
$this->User->id = $this->Auth->user('id');
    debug($this->User->id);
    debug($this->User);
$this->User->contain(array('User', 'Role' => array('Ui', 'Action.name')));
    $this->Session->write('User', $this->User->read());

        $actions = array();
foreach ($this->Session->read('User.Role.Action') as $key => $value){
array_push($actions, $value['name']);
}
$this->Session->write('User.Role.Action', $actions);
debug($actions);

// Render different layout depending on user type

   if($this->Session->read('User.Role.Ui.name') == Configure::read('usertype.msp')){

   $this->Session->write('SessionValues.ui', Configure::read('usertype.msp'));
$this->Auth->loginRedirect = array('controller' => 'PortStats', 'action' => 
   'index');
    }
else if($this->Session->read('User.Role.Ui.name') == 
    Configure::read('usertype.tsc')){

    $this->Session->write('SessionValues.ui', Configure::read('usertype.tsc'));
$this->Auth->loginRedirect = array('controller' => 'PortStats', 'action' => 
    'index');
                        }
else if($this->Session->read('User.Role.Ui.name') == 
    Configure::read('usertype.superAdminUserType')){
$this->Auth->loginRedirect = array('controller' => 'Uis', 'action' => 'index');
                        }

                    // Redirect to main login page
                $this->redirect($this->Auth->loginRedirect);

                    }
                    else {
                    // Failed login user
                    session_destroy();
                    $this->Session->setFlash(__('Login failed: 
          access not granted'), 'default', array(), 'fail');

                    }

                }
    }
}

Then I try to login with my new users.I get the failed login message. Which means $this->Auth->login returns false .

It must be as easy as that but something is going wrong.

In the meantime my debug trace:

Warning (2): Invalid argument supplied for foreach() [APP\\Controller\\UsersController.php, line 85]

Answer 1

Simplify it. It is not a login, but a registration process, so don't confuse those two totally different things.

You just

• create the user including proper validation
• on success use Auth->login($user['User']) to set the auth session manually
• only then redirect manually to where you want the user to go after a registration here

For a live example see https://github.com/dereuromark/cakefest/blob/master/Controller/AccountController.php#L166