How to: Automatic User Login in CakePHP

Leave a reply

Sometimes you need to enable silent (implicit) login for your users. A good example of this would be this – after a registration process, you would want to automatically login the user, rather then having him retype the user name and password.

In CakePHP there is a simple method in the Auth components that lets you login on the user’s behave.

Here is how it is done:


// assuming $password is the clear text password
$this->data["User"]["password"] = $this->Auth->password($password);
$this->data["User"]["username"] = $username;

// do the login
$login = $this->Auth->login($this->data);

// $login is true is login went well.
// now we can redirect the user to any page:
if($login){
$this->redirect(array('controller' => "anycontroller",
'action' => "any_secure_action", null));
}

This will be implemented in the next CakeOTP release.

IPWEditor – In-Place WYSIWYG Editor 1.2.1 Released with TinyMCE bug fix and more

Leave a reply


IPWEditor provides easy in-place editing for Web pages with a layer of WYSIWYG. It allows you to seamlessly replace text on Web pages with inputs for on-the-spot editing.

Up until now IPWEditor did not support TinyMCE advance settings, due to a minor bug found and resolved by the community.
This release incorporates this bug fix and adds additional documentation around the ‘cancel’ functionality.

DEMO (TinyMCE)



Click me! I am editable and WYSIWYG!!! (TinyMCE)

Code behind:


<script type="text/javascript" src="jquery-1.3.2.js"></script>
<script type="text/javascript" src="jquery.editable.ipweditor-1.2.1.js"></script>
<script type="text/javascript" src="tinymce/jscripts/tiny_mce/tiny_mce.js"></script>

<div id=”editable” class=”myipwe1″> Click me! I am editable and WYSIWYG!!! </div>

<script type=”text/javascript”>//set all the tinyMCE configuration here and pass it to the editable
$().ready(function() {
var ed = new tinymce.Editor(‘myipwe1’, {
theme : “advanced”

}); $(‘.myipwe1’).editable(
{
type: ‘wysiwyg’,
editor: ed,
onSubmit:function submitData(content){
alert(content.current)
},
submit:’save’,
cancel:’cancel’
});
});

</script>

download and docs

Formal documentation and download can be found here.

How to Connect IPWEditor to the Server Side

9 Replies

I have been getting multiple support requests from developers how want to save the data edited in IPWEditor on the server side.

Saving information in the server side is a server-side feature and out of scope for IPWEditor (which is a client-side JQuery plug-in), moreover, it is programming language depended – a java developer might handle this differently from a .NET or a PHP developer.

Despite all that, I will try to give general guild on how it is done, I will be using PHP for the server-side examples but you can use any server side programming language you prefer.

Continue reading

6 Useful Things Google Search Provides That Are Not Search / Useful Google Search Tools

Leave a reply

Lately it is kind of popular to trash Google. Very much like Microsoft, people love to complain about companies that take an important part of their daily life. Google is now an integral part of our life not only for search but for many other things. A good friend saw me convert foreign exchange on Google search and was very surprised you can do that. So here is a list of things I do in Google search which are not search related.

Looking up What’s the Time in Other Places Around the World

Living in a far away island in the pacific with friends in Europe and America, this tool is a great help.

Continue reading

Security issue in CakePHP code documentation

5 Replies

I have been using CakePHP for a long time now and enjoy every second. It provides a productive, easy to use and well document platform for PHP application. The key advantages for me are – transparent OR mapping, a strong Model View Controller framework, and tons of extra utilities that make your life better.

I have came across a possible security issue in one of cakePHP code examples. This section of code is responsible to authorize or un-authorize clients access to a certain action (MVC flow)

action == 'delete') {
            if ($this->Auth->user('role') == 'admin') {
                return true;
            } else {
                return false;
            }
        }

        return true;
    }
?>

The major security rule this code is breaking is – never ever have ‘return true’ as a default for an authorization method.
Continue reading

Forget About Software Configuration, Settings and Options – Choose the Right Defaults

Leave a reply

Common pitfall “I am not sure what to do…. let’s make it configurable”

You hear this all the time in software companies – Some business analysts, developer or product manager trying to solve a dilemma in software development by pushing the decision to the end user side. “Let’s make it configurable” seems like a get-out-of-jail free card if you can’t make you mind about colors, screen layout and many other hard choices we have to make many time when designing our software.

People think they want free choice, while in fact they want the right choice.

It is a common mistake to think that making some aspect of your application configurable is necessarily a good thing. Software users rarely go into configuration and edit the software options to fit their needs. Users expect the software to work “by default” / “out of the box” / “no hustle”. Continue reading

CakeOTP 1.0 – Secure, Expirable, Table-less One Time Password for CakePHP Released

Leave a reply

CakeOTP is a secure, table-less and expirable implementation of One Time Password for the popular CakePHP development framework.

A one-time password (OTP) is a password that is only valid for a single login session or transaction. It is commonly used in the internet for registration and password reminder process in which OTPs are provides to the user in a form of a link that the user uses to access in order to create/reset his password.

The problem is that most one-time password implementation involve maintaining additional database tables and batch process that handle the persistence and expire date of the one time password. This adds complexity and reduces performance.

CakeOTP is a simple and clean implementation of one time password. It reduces complexity by removing the redundant SQL calls and DB batch maintenance while still keeping the one time password secure and expirable.

Download this release here.

Checkout the Online Demo, project page and getting started page.

Feel free to post comments and questions.

Google to present at the Wellington Architect forum

Leave a reply


Our speaker will be James Tarquin, Enterprise Architect with Google.
He’ll be speaking about the “Key challenges with cloud services”, specifically security, change management and reliability.

Get copies of the flyer here both a thumbnail and a high-res copy are available here.

When: 2nd-Feb-2010 (Networking from 12 noon, formal session from 12:30 till 1:30pm)
Venue: Optimation Boardroom, 1 Grey Street, Wellington (New Zealand)

I’ll be happy to see you there.

Automatic online advertisement finally developed a twisted sense of humor.

Leave a reply

In an interesting blog post about New Zealand education system moving from Microsoft to open source. I have noticed that the advertisement picked for the blog post, indicates that automatic-advertisement finally developed a sense of humor:

I hope I get the same kind of advertisement and then we can have a recursive blog post.

CakeOTP 0.1 beta release – One Time Password Reference Implementation for CakePHP

Leave a reply


I have started to implement the algorithm for tableless, secure One time password.

Here is a link to the Demo, and here is a link to the beta release.

The only thing you need to do other then the regular cakePHP setup is to create a user table (used by the CakePHP Auth component):

CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) NOT NULL auto_increment,
  `username` char(50) default NULL,
  `password` char(40) default NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=23 ;

Continue reading