the request/environment and uses the information there to confirm the identity of the user. HTTP Basic authentication
for example uses $_SERVER[’PHP_AUTH_USER’] and $_SERVER[’PHP_AUTH_PW’]
for the username and password fields. On each request, if a client doesn’t support cookies, these values
are used to re-identify the user and ensure they are valid user. As with authentication object’s
authenticate() method the getUser() method should return an array of user information on success,
and false on failure.:
public function getUser($request) {
$username = env(’PHP_AUTH_USER’);
$pass = env(’PHP_AUTH_PW’);
if (empty($username) || empty($pass)) {
return false;
}
return $this->_findUser($username, $pass);
}
The above is how you could implement getUser method for HTTP basic authentication. The
_findUser() method is part of BaseAuthenticate and identifies a user based on a username and
password.
Displaying auth related flash messages In order to display the session error messages that Auth
generates, you need to add the following code to your layout. Add the following two lines to the
app/View/Layouts/default.ctp file in the body section preferable before the content_for_layout
line.:
echo $this->Session->flash();
echo $this->Session->flash(’auth’);
You can customize the error messages, and flash settings AuthComponent uses. Using
$this->Auth->flash you can configure the parameters AuthComponent uses for setting flash messages.
The available keys are
• element - The element to use, defaults to ‘default’.
• key - The key to use, defaults to ‘auth’
• params - The array of additional params to use, defaults to array()
In addition to the flash message settings you can customize other error messages AuthComponent uses. In
your controller’s beforeFilter, or component settings you can use authError to customize the error used
for when authorization fails:
$this->Auth->authError = "This error shows up with the user tries to access a part of the website Hashing passwords AuthComponent no longer automatically hashes every password it can find. This was
removed because it made a number of common tasks like validation difficult. You should never store plain
text passwords, and before saving a user record you should always hash the password. You can use the static
AuthComponent::password() to hash passwords before saving them. This will use the configured
hashing strategy for your application.
