CakePHP 3.6: protect inner page with existin login form












0















I have used this tutorial to create a login screen for my application. But I want to protect with the same login form another inner page. So a user can login and use the application but if he/she wishes to open a specific page in the application he/she has to reenter the password for security reasons. How I can achieve that?



This is my initialize function in AppController.php:



$this->loadComponent('Auth', [

                'authenticate' => [

                    'Form' => [

                        'fields' => [

                            'username' => 'email',

                            'password' => 'password'

                        ]

                    ]

                ],

                'loginAction' => [

                    'controller' => 'Users',

                    'action' => 'login'

                ]

            ]);





php cakephp login oauth authorization







share|improve this question























  • I don't think the built in parts can handle this. You might have to write your own logic for the specific password input. I would recommend looking into Passwordable behavior as it provides a way to re-confirm existing passwords in forms. Would not be too difficult to implement for your use case.

    – mark
    Nov 26 '18 at 11:37
















0















I have used this tutorial to create a login screen for my application. But I want to protect with the same login form another inner page. So a user can login and use the application but if he/she wishes to open a specific page in the application he/she has to reenter the password for security reasons. How I can achieve that?



This is my initialize function in AppController.php:



$this->loadComponent('Auth', [

                'authenticate' => [

                    'Form' => [

                        'fields' => [

                            'username' => 'email',

                            'password' => 'password'

                        ]

                    ]

                ],

                'loginAction' => [

                    'controller' => 'Users',

                    'action' => 'login'

                ]

            ]);





php cakephp login oauth authorization







share|improve this question























  • I don't think the built in parts can handle this. You might have to write your own logic for the specific password input. I would recommend looking into Passwordable behavior as it provides a way to re-confirm existing passwords in forms. Would not be too difficult to implement for your use case.

    – mark
    Nov 26 '18 at 11:37














0












0








0








I have used this tutorial to create a login screen for my application. But I want to protect with the same login form another inner page. So a user can login and use the application but if he/she wishes to open a specific page in the application he/she has to reenter the password for security reasons. How I can achieve that?



This is my initialize function in AppController.php:



$this->loadComponent('Auth', [

                'authenticate' => [

                    'Form' => [

                        'fields' => [

                            'username' => 'email',

                            'password' => 'password'

                        ]

                    ]

                ],

                'loginAction' => [

                    'controller' => 'Users',

                    'action' => 'login'

                ]

            ]);





php cakephp login oauth authorization







share|improve this question














I have used this tutorial to create a login screen for my application. But I want to protect with the same login form another inner page. So a user can login and use the application but if he/she wishes to open a specific page in the application he/she has to reenter the password for security reasons. How I can achieve that?



This is my initialize function in AppController.php:



$this->loadComponent('Auth', [

                'authenticate' => [

                    'Form' => [

                        'fields' => [

                            'username' => 'email',

                            'password' => 'password'

                        ]

                    ]

                ],

                'loginAction' => [

                    'controller' => 'Users',

                    'action' => 'login'

                ]

            ]);





php cakephp login oauth authorization




php cakephp login oauth authorization






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 26 '18 at 7:37









dvn22dvn22

937




937













  • I don't think the built in parts can handle this. You might have to write your own logic for the specific password input. I would recommend looking into Passwordable behavior as it provides a way to re-confirm existing passwords in forms. Would not be too difficult to implement for your use case.

    – mark
    Nov 26 '18 at 11:37



















  • I don't think the built in parts can handle this. You might have to write your own logic for the specific password input. I would recommend looking into Passwordable behavior as it provides a way to re-confirm existing passwords in forms. Would not be too difficult to implement for your use case.

    – mark
    Nov 26 '18 at 11:37

















I don't think the built in parts can handle this. You might have to write your own logic for the specific password input. I would recommend looking into Passwordable behavior as it provides a way to re-confirm existing passwords in forms. Would not be too difficult to implement for your use case.

– mark
Nov 26 '18 at 11:37





I don't think the built in parts can handle this. You might have to write your own logic for the specific password input. I would recommend looking into Passwordable behavior as it provides a way to re-confirm existing passwords in forms. Would not be too difficult to implement for your use case.

– mark
Nov 26 '18 at 11:37












1 Answer
1






active

oldest

votes


















0














You could always use the AuthComponent::identify() method to check a login form even in a already authenticated enviroment. See Identifying Users and Logging Them In in the CakePHP docs and AuthComponent::identify in the API docs.



Step-by-step:




  1. Create controller action and template for password recheck and include form for a User entity with controls for email and password.

  2. Prefill email field if you like, a hidden field is also possible.

  3. Add a $this->request->is('post') block, just the way you would do in the standard login and check for valid crendential within using $user = $this->Auth->identify();.

  4. If a valid user is returned store some flag or timestamp for timeout in your Session and then redirect to protected pages.

  5. On any protected controller check for existence of the flag or valid timestamp in the Controller::beforeFilter callback method and throw UnauthorizedException or ForbiddenException if not.






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53476556%2fcakephp-3-6-protect-inner-page-with-existin-login-form%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    You could always use the AuthComponent::identify() method to check a login form even in a already authenticated enviroment. See Identifying Users and Logging Them In in the CakePHP docs and AuthComponent::identify in the API docs.



    Step-by-step:




    1. Create controller action and template for password recheck and include form for a User entity with controls for email and password.

    2. Prefill email field if you like, a hidden field is also possible.

    3. Add a $this->request->is('post') block, just the way you would do in the standard login and check for valid crendential within using $user = $this->Auth->identify();.

    4. If a valid user is returned store some flag or timestamp for timeout in your Session and then redirect to protected pages.

    5. On any protected controller check for existence of the flag or valid timestamp in the Controller::beforeFilter callback method and throw UnauthorizedException or ForbiddenException if not.






    share|improve this answer




























      0














      You could always use the AuthComponent::identify() method to check a login form even in a already authenticated enviroment. See Identifying Users and Logging Them In in the CakePHP docs and AuthComponent::identify in the API docs.



      Step-by-step:




      1. Create controller action and template for password recheck and include form for a User entity with controls for email and password.

      2. Prefill email field if you like, a hidden field is also possible.

      3. Add a $this->request->is('post') block, just the way you would do in the standard login and check for valid crendential within using $user = $this->Auth->identify();.

      4. If a valid user is returned store some flag or timestamp for timeout in your Session and then redirect to protected pages.

      5. On any protected controller check for existence of the flag or valid timestamp in the Controller::beforeFilter callback method and throw UnauthorizedException or ForbiddenException if not.






      share|improve this answer


























        0












        0








        0







        You could always use the AuthComponent::identify() method to check a login form even in a already authenticated enviroment. See Identifying Users and Logging Them In in the CakePHP docs and AuthComponent::identify in the API docs.



        Step-by-step:




        1. Create controller action and template for password recheck and include form for a User entity with controls for email and password.

        2. Prefill email field if you like, a hidden field is also possible.

        3. Add a $this->request->is('post') block, just the way you would do in the standard login and check for valid crendential within using $user = $this->Auth->identify();.

        4. If a valid user is returned store some flag or timestamp for timeout in your Session and then redirect to protected pages.

        5. On any protected controller check for existence of the flag or valid timestamp in the Controller::beforeFilter callback method and throw UnauthorizedException or ForbiddenException if not.






        share|improve this answer













        You could always use the AuthComponent::identify() method to check a login form even in a already authenticated enviroment. See Identifying Users and Logging Them In in the CakePHP docs and AuthComponent::identify in the API docs.



        Step-by-step:




        1. Create controller action and template for password recheck and include form for a User entity with controls for email and password.

        2. Prefill email field if you like, a hidden field is also possible.

        3. Add a $this->request->is('post') block, just the way you would do in the standard login and check for valid crendential within using $user = $this->Auth->identify();.

        4. If a valid user is returned store some flag or timestamp for timeout in your Session and then redirect to protected pages.

        5. On any protected controller check for existence of the flag or valid timestamp in the Controller::beforeFilter callback method and throw UnauthorizedException or ForbiddenException if not.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 26 '18 at 21:39









        Der DitschDer Ditsch

        514




        514
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53476556%2fcakephp-3-6-protect-inner-page-with-existin-login-form%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Ottavio Pratesi

            Image
            .mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce sull'argomento ciclisti italiani è solo un abbozzo . Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Ottavio Pratesi Nazionalità   Italia Ciclismo Specialità Strada Ritirato 1927 Carriera Squadre di club 1910-1911 Individuale 1912   Alcyon-Dunlop 1913 Globo-Dunlop 1914   Alcyon-Dunlop 1915-1922 Individuale 1923 Lygie 1924 Ostende 1925 Individuale   Modifica dati su Wikidata  · Manuale Ottavio Pratesi (Rosignano Marittimo, 1º gennaio 1889 – Livorno, 3 novembre 1977) è stato un ciclista su strada italiano, professionista tra il 1910 ed il 1925, era soprannominato il "Falco di ...
            Read more

            Tricia Helfer

            Image
            Tricia Helfer Tricia Helfer al Comic-Con 2015 Altezza 179 [1]  cm Misure 86-61-89 [1] Taglia 38 [1] (UE) - 8 [1] (US) Scarpe 40 [1] (UE) - 9 [1] (US) Occhi Azzurri [1] Capelli Biondo scuro [1] Modifica dati su Wikidata  · Manuale Tricia Helfer (Donalda, 11 aprile 1974) è una supermodella e attrice canadese, conosciuta principalmente per il suo ruolo di Numero Sei nella serie televisiva Battlestar Galactica . Indice 1 Carriera 2 Filmografia 2.1 Cinema 2.2 Televisione 2.3 Video musicali 2.4 Doppiatrice 2.4.1 Cinema 2.4.2 Televisione 2.4.3 Videogiochi 2.5 Produttrice 2.6 Agenzie 3 Doppiatrici italiane 4 Note 5 Altri progetti 6 Collegamenti esterni Carriera | Di origine inglese, tedesca, norvegese e svedese, nel 1992 Tricia vinse il concorso di "Ford Models Supermodel of the World", organizzato dall'agenzia Ford Models e fu poi assunta dall'agenzia ...
            Read more

            15 giugno

            Image
            gennaio  · febbraio  · marzo  · aprile  · maggio  · giugno 2018  · luglio  · agosto  · settembre  · ottobre  · novembre  · dicembre Ve Sa Do Lu Ma Me Gi Ve Sa Do Lu Ma Me Gi Ve Sa Do Lu Ma Me Gi Ve Sa Do Lu Ma Me Gi Ve Sa ← 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 → Il 15 giugno è il 166º giorno del calendario gregoriano (il 167º negli anni bisestili). Mancano 199 giorni alla fine dell'anno. Indice 1 Eventi 2 Nati 3 Morti 4 Feste e ricorrenze 4.1 Civili 4.2 Religiose 5 Altri progetti Eventi | 763 a.C. – Gli Assiri registrano un'eclissi solare 923 – Battaglia di Soissons: re Roberto I di Francia viene ucciso, re Carlo il Semplice viene arrestato dai sostenitori del duca Rodolfo di Borgogna 1094 – Reconquista: Valencia cade nelle mani di El Cid 1215 – Re Giovanni d'Inghilterra appone i...
            Read more