Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Problem with Auth Tutorial when not being an Admin user
  • Hi there,

    I try to make an admin swection and login with this example:
    http://net.tutsplus.com/tutorials/php/build-an-admin-panel-with-the-fuel-php-framework/
    running a new fuelPHP 1.4 version.

    Everything looks great, until I try to login with an user which is not administrator ( e.g. group=50).

    I can login, but then the browser gets a loop which cannot be endet. :-(

    Does someone has an idea what happenz?

    Greetz
    Kay

  • I don't know the tutorial, but I looked briefly at it, and at one point it checks for membership of '100', and if not, it redirects to "admin/login". Check your code to see if that doesn't redirect back if already logged in...
  • I have no idea what the code really does in routing:

    [code]
    class Controller_Admin extends Controller_Base {

        public $template = 'admin/template';

        public function before()
        {
            parent::before();

            if ( ! Auth::member(100) and Request::active()->action != 'login')
            {
                Response::redirect('admin/login');
            }

        }

        public function action_login()
        {
            // Already logged in
            Auth::check() and Response::redirect('admin');

            $val = Validation::forge();

            if (Input::method() == 'POST')
            {
                $val->add('email', 'Email or Username')
                    ->add_rule('required');
                $val->add('password', 'Password')
                    ->add_rule('required');

                if ($val->run())
                {
                    $auth = Auth::instance();

                    // check the credentials. This assumes that you have the previous table created
                    if (Auth::check() or $auth->login(Input::post('email'), Input::post('password')))
                    {
                        // credentials ok, go right in
                        $current_user = Model_User::find_by_username(Auth::get_screen_name());
                        Session::set_flash('success', e('Welcome, '.$current_user->username));
                        Response::redirect('admin');
                    }
                    else
                    {
                        $this->template->set_global('login_error', 'Fail');
                        echo "Mist"; die;
                    }
                }
            }

            $this->template->title = 'Login';
            $this->template->content = View::forge('admin/login', array('val' => $val), false);
        }

        /**
         * The logout action.
         *
         * @access  public
         * @return  void
         */
        public function action_logout()
        {
            Auth::logout();
            Response::redirect('admin');
        }

        /**
         * The index action.
         *
         * @access  public
         * @return  void
         */
        public function action_index()
        {
            echo "Test index"; die;
            $this->template->title = 'Dashboard';
            $this->template->content = View::forge('admin/dashboard');
        }
    [/code]

    As I understand the before() only checks if Auth is not Admin and Active Action is not Login and then redirects to Login Page, which is logical.

    But why do I get a loop if I am not a user with a group of "100" = Admin?
  • You arrive at login. Auth::check() is false, so you are presented the login form
    You login as a non-admin. The login succeeds, and you get redirected to 'admin'.
    You get in the before(). The action is 'index', because of the redirect without method.
    before will determine that you're not an admin, and the action is not 'login, and redirects you.
    You arrive at login. Auth::check() is true, so you are redirected to 'admin'.

    And there's your loop.
  • OK, I understand what is happening now.
    But how can I break this loop?

    The file was created automatically from OIL while doing this tutorial, so I assumed that this code should be OK?! :-)

    Where and what do I have to change, so that also the other user groups will work?

    Thanks
    Kay
  • You have to capture the access failure in the before:

    if (Auth::check())
    {
    // only allow admin access, or login/logout
        if ( ! Auth::member(100) and ! in_array(Request::active()->action, array('login', 'logout')))
        {
            // generate an access failure message
            Session::set_flash('error', e('You don\'t have access to the admin panel'));

            // and redirect back to the homepage
            Response::redirect('/');
        }
    }
    else
    {
        // not logged-in, login first
        Response::redirect('admin/login');
    }
  • :-(

    With that code I even didn't come to the Logon Mask:

    class Controller_Admin extends Controller_Base {

        public $template = 'admin/template';

        public function before()
        {
            parent::before();

            if (Auth::check())
            {
                // only allow admin access, or login/logout
                if ( ! Auth::member(100) and ! in_array(Request::active()->action, array('login', 'logout')))
                {
                    // generate an access failure message
                    Session::set_flash('error', e('You don\'t have access to the admin panel'));

                    // and redirect back to the homepage
                    Response::redirect('/');
                }
            }
            else
            {
                // not logged-in, login first
                Response::redirect('admin/login');
            }
        }

        public function action_login()
        {
            // Already logged in
            Auth::check() and Response::redirect('admin');

            $val = Validation::forge();

            if (Input::method() == 'POST')
            {
                $val->add('email', 'Email or Username')
                    ->add_rule('required');
                $val->add('password', 'Password')
                    ->add_rule('required');

                if ($val->run())
                {
                    $auth = Auth::instance();

                    // check the credentials. This assumes that you have the previous table created
                    if (Auth::check() or $auth->login(Input::post('email'), Input::post('password')))
                    {
                        // credentials ok, go right in
                        $current_user = Model_User::find_by_username(Auth::get_screen_name());
                       
                        Session::set_flash('success', e('Welcome, '.$current_user->username));
                        Response::redirect('admin');
                    }
                    else
                    {
                        $this->template->set_global('login_error', 'Fail');
                    }
                }
            }

            $this->template->title = 'Login';
            $this->template->content = View::forge('admin/login', array('val' => $val), false);
        }

        /**
         * The logout action.
         *
         * @access  public
         * @return  void
         */
        public function action_logout()
        {
            Auth::logout();
            Response::redirect('admin');
        }

        /**
         * The index action.
         *
         * @access  public
         * @return  void
         */
        public function action_index()
        {
            #echo "Test index"; die;
            $this->template->title = 'Dashboard';
            $this->template->content = View::forge('admin/dashboard');
        }

    }

    By the way, all user groups should have access to \admin. Later I will show them othen menues depemding on their groups.

    Perhaps this would be easier?
  • That's not how the oil templates are designed. Only admin has access to the admin section.

    What happened, as I can't see an issue with this code atm?
  • I guess you are trying to login as a non-admin user and will show some message like "For admin user only".



    I assume the system flow:

    1.) not log in yet? go to login page

    2.) logged in and is admin user? go to admin dashboard

    3.) logged in but not an admin user? logout, go to login page, show message "admin user only"




    class Controller_Admin extends Controller_Base
    {
    .......

    public function before()
    {
    parent::before();

    if (Auth::check())
    {
    // only allow admin access, or login/logout
    if (!Auth::member(100) and !in_array(Request::active()->action, array('login', 'logout')))
    {
    //only admin can log in here
    Auth::logout();

    // generate an access failure message
    Session::set_flash('login_error', e('You don\'t have access to the admin panel'));

    // and redirect back to the homepage
    Response::redirect('admin/login');
    }
    }
    else
    {
    // not logged-in, login first
    Response::redirect('admin/login');
    }
    }

    public function action_login()
    {
    // Already logged in
    Auth::check() and Response::redirect('admin');

    $val = Validation::forge();

    if (Input::method() == 'POST')
    {
    ... same ...
    }

    //this login_error only exists when user has logged in but not an admin user
    Session::get_flash('login_error') and $this->template->set_global('login_error', Session::get_flash('login_error'));

    $this->template->title = 'Login';
    $this->template->content = View::forge('admin/login', array('val' => $val), false);
    }

    }

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion