One of the most typical functionalities offered by sites with authentication capabilities is the ability to let the user choose (by clicking on a checkbox) whether they want the system to remember their account after logging in.
We should have a working authentication system, so follow the entire recipe, Setting up a basic authentication system.
app/app_controller.php
file and add the following Auth
component settings to the Auth
component. Also add the Cookie
component by making the following changes to the components
property: AppController
(in the $components
property) must include the following mandatory setting (if it is not there, add it inside the array of settings for the component):public $components = array( 'Auth' => array( 'authorize' => 'controller', 'autoRedirect' => false ), 'Cookie', 'Session' );
app/views/users/login.ctp view
file and make the following changes:<?php
echo $this->Form->create(array('action'=>'login'));
echo $this->Form->inputs(array(
'legend' => 'Login',
'username',
'password',
'remember' => array('type' => 'checkbox', 'label' => 'Remember me')
));
echo $this->Form->end('Login'),
?>
login
action of your UsersController
class:if (!empty($this->data)) { $userId = $this->Auth->user('id'), if (!empty($userId)) { if (!empty($this->data['User']['remember'])) { $user = $this->User->find('first', array( 'conditions' => array('id' => $userId), 'recursive' => -1, 'fields' => array('username', 'password') )); $this->Cookie->write('User', array_intersect_key( $user[$this->Auth->userModel], array('username'=>null, 'password'=>null) )); } elseif ($this->Cookie->read('User') != null) { $this->Cookie->delete('User'), } $this->redirect($this->Auth->redirect()); } }
logout()
method of your UsersController
class:if ($this->Cookie->read('User') != null) { $this->Cookie->delete('User'), }
AppController
class, right below the components
property declaration:public function beforeFilter() { if ($this->Auth->user() == null) { $user = $this->Cookie->read('User'), if (!empty($user)) { $user = $this->Auth->getModel()->find('first', array( 'conditions' => array( $this->Auth->fields['username'] => $user[$this->Auth->fields['username']], $this->Auth->fields['password'] => $user[$this->Auth->fields['password']] ), 'recursive' => -1 )); if (!empty($user) && $this->Auth->login($user)) { $this->redirect($this->Auth->redirect()); } } } }
The first task we needed to accomplish was to disable the automatic redirect in the Auth
component. By doing so, we are able to catch both successful and failed log in attempts, which allows us to check if they remember me checkbox is selected. If the checkbox is indeed checked, we create a cookie named User
that contains the values for the username
and password
fields with a value equal to the user ID that logged in. Remember that the password
value is automatically encrypted by the Auth
component, so it is safe for storage. The Cookie
component adds another layer of security by automatically encrypting and decrypting the given values.
In AppController::beforeFilter()
, when there is no logged-in user, we check to see if the cookie is set. If it is, we use the values for the username
and password
fields stored in the cookie to log in a user, and then redirect the browser to the login
action.
Finally, we delete the cookie when it is appropriate (when a user logs in without the checkbox selected, or when the user manually logs out).
3.22.61.30