 | Tor, so far
At the end of Part 1, you were given an opportunity to put your skills
to work by building some missing functionality for Tor. Login/Logout,
index, the use of hashed passwords, and automatically logging a
registering user were all on the to-do list. How did you do?
The login view
Your login view might look something like Listing 1.
Listing 1. Login view
<?php
if (isset($error)) {
echo('Invalid Login.');
}
?>
<p>Please log in.</p>
<?php echo $form->create('User', array('action' => 'login')); ?>
<?php
echo $form->input('username');
echo $form->input('password');
?>
<?php echo $form->end('Login');?>
<?php echo $html->link('Register', array('action' => 'register')); ?>
|
Your index view might look something like Listing 2.
Listing 2. Index view
<p>Hello, <?php echo($user['first_name'] . ' ' . $user['last_name']); ?></p>
<?php echo $html->link('knownusers', array('action' => 'knownusers')); ?>
<?php echo $html->link('logout', array('action' => 'logout')); ?>
|
Both of the views should look pretty straightforward. The index view
just checks the session for the user's username and if it's not set,
sends him to log in. The login view doesn't set a specific error
message, so someone trying to guess his way into the system doesn't
know which parts are correct.
Your controller might look something like Listing 3.
Listing 3. Controller
<?php
class UsersController extends AppController
{
var $name = 'Users';
var $helpers = array('Html', 'Form' );
function register()
{
if (!empty($this->data))
{
$this->data['User']['password'] = md5($this->data['User']['password']);
if ($this->User->save($this->data))
{
$this->Session->setFlash('Your registration information was accepted');
$this->Session->write('user', $this->data['User']['username']);
$this->redirect(array('action' => 'index'), null, true);
} else {
$this->data['User']['password'] = '';
$this->Session->setFlash('There was a problem saving this information');
}
}
}
function knownusers()
{
$this->set('knownusers', $this->User->findAll(null,
array('id', 'username', 'first_name', 'last_name'), 'id DESC') ) ;
}
function login()
{
if ($this->data)
{
$results = $this->User->findByUsername($this->data['User']
['username']);
if ($results && $results['User']['password'] ==
md5($this->data['User']
['password']))
{
$this->Session->write('user', $this->data['User']['username']);
$this->redirect(array('action' => 'index'), null, true);
} else {
$this->set('error', true);
}
}
}
function logout()
{
$this->Session->delete('user');
$this->redirect(array('action' => 'login'), null, true);
}
function index()
{
$username = $this->Session->read('user');
if ($username)
{
$results = $this->User->findByUsername($username);
$this->set('user', $results['User']);
} else {
$this->redirect(array('action' => 'login'), null, true);
}
}
}
?>
|
The use of md5() to hash passwords and
compare their hashed values means you don't have to store plain-text
passwords in the database — as long as you hash the passwords
before you store them. As for the users you already created, you'll
need to update their plain-text passwords with MD5 versions of the
same: UPDATE users SET PASSWORD = md5( PASSWORD ) WHERE 1.
The logout action doesn't need a view. It just needs to clear the
values you put into session.
It's OK if your solutions don't look exactly like these. If you didn't
get to your own solutions, update your code using the above so
you will be ready to complete the rest of this tutorial.
| |
