注销后cake php的行为非常奇怪
好的,这是一个场景:注销后cake php的行为非常奇怪,php,cakephp,web-applications,Php,Cakephp,Web Applications,好的,这是一个场景: 管理员登录 管理员注销 普通用户登录 重定向到管理页面 如果我在以普通用户身份登录之前删除了存储的cookie,则登录将按预期工作。我注意到的另一件奇怪的事情是,当普通用户登录时,我的登录函数中的管理员重定向实际上并没有运行,所以他们被重定向到其他地方 下面是一些代码: 用户控制器: <?php public function login() { if ($this->request->is('post') || $this-&
- 管理员登录
- 管理员注销
- 普通用户登录
- 重定向到管理页面李>
<?php
public function login() {
if ($this->request->is('post') || $this->request->is('put')) {
if ($this->Auth->login()) {
//if login successful update logged in User as login does not use recursive find
$this->User->id = $this->Auth->user('id');
$this->User->read();
$this->Auth->login($this->User->data);
if($this->Login->isRole($this->Auth->user(), 'Admin')) {
//redirect admins to admin page, not ran when error occurs!!
$this->redirect(array('controller' => 'users', 'action' => 'index', 'admin' => true));
} else {
//isAuthorised in AppController takes care of redirect to registration page if required
$this->redirect($this->Auth->redirect());
}
} else {
//if login unsuccessful
$this->Session->setFlash(
__('Invalid username or password, please try again.'),
'alert',
array(
'plugin' => 'TwitterBootstrap',
'class' => 'alert-error'
)
);
}
}
//set layout
$this->layout = 'not_logged_in';
//set title
$this->set('title_for_layout', 'Login');
}
public function logout() {
//logout
$this->redirect($this->Auth->logout());
}
public function isAuthorized($user) {
if(parent::isAuthorized($user)) {
//call parent method for redirect and admin permission
return true;
}
switch ($this->action) {
case 'add':
case 'resetPassword':
case 'login':
//logged in users cannot access registration, login or password reset pages
return false;
break;
case 'add_role':
//check user is finshing registration or has a role request accepted
return (!$this->Login->isRegistrationComplete($user) || $this->Login->isRoleRequestAccepted($user));
break;
default:
//all loogged in users can access the rest of User controller
return true;
break;
}
}
php?>
<?php
public $components = array(
'Session',
'Auth' => array(
'className' => 'UserAuth',
'loginRedirect' => array('controller' => 'users', 'action' => 'view'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'authorize' => array('Controller'),
'authenticate' => array('Blowfish'),
'authError' => 'Please login.',
'loginError' => 'Invalid Username or Password entered, please try again.',
),
'Login'
);
public function isAuthorized($user) {
//set values needed for all logged in pages
$this->set('loggedIn', $user);
$this->set('role', $user['User']['role']);
if($this->Login->isAccessing($this, 'users', 'logout')) {
//never prevent user from logging out
return true;
}
if($this->Login->isRole($user, 'Admin')) {
//admin can access every action
return true;
} elseif ($this->request->prefix === 'admin') {
//only admins allowed on admin pages
throw new Exception('You do not have permission to access this page.', 1);
}
//get user role and requested role
$roles = $this->Login->getRolesCurrentAndNew($user);
if($this->Login->isRoleRequestAccepted($user)) {
//user has an accepted role request
$controller = 'users';
$action = 'add_role';
if($this->Login->isRedirectRequired($this, $controller, $action)) {
//if user is already accessing registration this check prevents redirect loops
if ($this->Login->isRegistrationComplete($user)) {
//display flash based on registration status
$this->Session->setFlash(
__('Your request for the role of '. strtolower($roles['new']) . ' has been accepted, please enter additional details.'),
'alert',
array(
'plugin' => 'TwitterBootstrap',
'class' => 'alert-success'
)
);
} else {
$this->Session->setFlash(
__('Please complete your registration.'),
'alert',
array(
'plugin' => 'TwitterBootstrap',
'class' => 'alert-success'
)
);
}
$this->redirect(array('controller' => $controller, 'action' => $action));
}
} elseif (!$this->Login->isRegistrationComplete($user)) {
//user has not registered yet and role request is not accepted
if(!$this->Login->isRegistrationComplete($user)) {
//user has not completed registration yet, awaiting approval
throw new Exception('Your registration request is awaiting approval from a member of the admin team.', 1);
}
}
return false;
}
?>
我最终意识到,当您在同一台机器上注销和登录时,无论您是否以其他用户身份登录,CakePHP都会自动将您带到您正在查看的最后一个页面。来自文档: 属性AuthComponent::$logoutRedirect
默认操作为 用户注销后重定向到。而AuthComponent 不处理注销后重定向,将返回重定向URL 来自AuthComponent::logout()。 默认为AuthComponent::$loginAction 意思是:
$this->Auth->logout()
将返回一个字符串url。没别的了。
使用重定向将其包装以重定向到此url:
public function logout() {
$this->redirect($this->Auth->logout());
}
因此,不会,Cake只会将您重定向到通过“LoginDirect”设置指定的特定操作。
在您的情况下,您的登录视图。我尝试了以下方法,似乎对我有效
public function logout() {
$logout_redirect = $this->Auth->logout();
$this->Auth->redirectUrl($this->Auth->redirect());
return $this->redirect($logout_redirect);
}
什么是
$this->Auth->login($this->User->data)代码>东西?为什么您要在登录后覆盖会话数据(已经覆盖了)?对我来说没有意义。请注意,您可以使用contain
来包含更多数据(最终与使用递归相同)。还要注意,您的语句是不正确的,因为您需要一个平面用户数组来传递(请参阅文档!),因为$this->Auth->login()不尊重我的用户模型的递归属性。在上面的注释中,你的代码仍然只能生成Auth.User.User.id等,这并不能使它变得更好。您还应该始终包括您正在使用的当前cakephp版本,因为这对于正确回答至关重要。我必须将recursive设置为2才能这样做。Auth->login()只存储我不想要的用户。你读过关于“包含”的部分了吗如果你真的还想手动登录,你需要正确地使用它:(注意没有用户键的平面1-dim阵列)嗨,你能标记一个接受的答案吗?或者你需要一个解决方案来避免这种“automagic”?我想要一个解决方案,但是如果这种行为是正常的,而不是我做过的,那么我愿意接受。”如果成功地将用户重定向到他们访问的最后一个页面,或者从中获取AuthComponent:$LoginDirect
public function logout() {
$logout_redirect = $this->Auth->logout();
$this->Auth->redirectUrl($this->Auth->redirect());
return $this->redirect($logout_redirect);
}