如何在CakePHP中使用cookie進行身份驗證?

[英]How can I use cookies for authentication in CakePHP?


I am trying to use a cookie that is set by other page in my domain to authenticate the user. Say I have needpassword.example.com written using cakephp, and the cookie is generated by auth.example.com (using a Perl CGI program).

我正在嘗試使用我的域中其他頁面設置的cookie來驗證用戶身份。假設我使用cakephp編寫了needpassword.example.com,並且該cookie由auth.example.com生成(使用Perl CGI程序)。

To login in to needpassword.example.com, I need to redirect to auth.example.com to set the cookie, and then use CakePHP to parse the cookie.

要登錄needpassword.example.com,我需要重定向到auth.example.com來設置cookie,然后使用CakePHP來解析cookie。

How do I parse this cookie? And how do I modify the Auth component to do these?

我該如何解析這個cookie?如何修改Auth組件來執行這些操作?

And how can I override the Auth class to instead go to the auth.example.com to authenticate, and not using the User model? By overriding the identify method in Auth.php?

我如何覆蓋Auth類來代替auth.example.com進行身份驗證,而不是使用User模型?通過覆蓋Auth.php中的識別方法?

Many thanks.

2 个解决方案

#1


Since your needs sound outwith AuthComponent's originally intended design you have two options.

由於您的需求聽起來與AuthComponent最初的設計有關,因此您有兩種選擇。

Firstly, if it really doesn't fit your needs, you could create and maintain your very own AuthComponent. Do this by copying /cake/libs/controller/components/auth.php to /app/controller/components/auth.php.

首先,如果它真的不適合您的需求,您可以創建和維護您自己的AuthComponent。通過將/cake/libs/controller/components/auth.php復制到/app/controller/components/auth.php來完成此操作。

This would allow you to rewrite the component completely, but the downside is you will no longer receive updates to AuthComponent when you upgrade cake.

這將允許您完全重寫組件,但缺點是當您升級蛋糕時,您將不再接收AuthComponent的更新。

Secondly, you can extend just about anything in CakePHP using the following pattern:

其次,您可以使用以下模式擴展CakePHP中的任何內容:

// save as: /app/controllers/components/app_auth.php
App::import('Component', 'Auth');
class AppAuthComponent extends AuthComponent {
    function identify($user = null, $conditions = null) {
        // do stuff
        return parent::indentify($user, $conditions);
    }
}

.. and replace all instances of AuthComponent in your controllers with your AppAuthComponent.

..並使用AppAuthComponent替換控制器中的所有AuthComponent實例。

  • You only need to define the methods you wish to replace.
  • 您只需要定義要替換的方法。

  • You can run methods from the original AuthComponent (even ones you have redefined) at any point during your methods using parent::...
  • 您可以在使用parent :: ...的方法期間的任何時刻運行原始AuthComponent中的方法(甚至是已重新定義的方法)。

  • The method arguments should remain in the same order as the original API for consistency.
  • 方法參數應保持與原始API相同的順序以保持一致性。

  • If you wish to add more method arguments, put them after the API ones, eg:

    如果您希望添加更多方法參數,請將它們放在API之后,例如:

    function identify($user = null, $conditions = null, $custom = array()) { ... }

    函數標識($ user = null,$ conditions = null,$ custom = array()){...}

This approach allows you to make application-specific customisation while still using the latest methods defined in the core where necessary.

此方法允許您在必要時仍使用核心中定義的最新方法的同時進行特定於應用程序的自定義。

#2


Presuming I understand your question... As long as auth.example.com sets the cookie with the domain ".example.com" the users browser will send it along with the request to needpassword.example.com and you will be able to access it in your PHP script with the following:

假設我理解你的問題...只要auth.example.com設置域名為“.example.com”的cookie,用戶瀏覽器就會將請求發送到needpassword.example.com,你就可以了使用以下命令在PHP腳本中訪問它:

    $auth = $_COOKIE['auth'];

You can then make changes to the cookie with the following:

然后,您可以使用以下內容更改cookie:

    setcookie( "auth", "value", time() + 300, "/", ".example.com" );

(Note: time() + 300 sets the cookies expiry date to 5 minutes in the future, you may want to change this)

(注意:time()+ 300將cookies到期日設置為將來的5分鍾,您可能想要更改此)


注意!

本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:https://www.itdaan.com/blog/2009/07/17/b632bb23e6a31eebee17698fb20401ef.html



 
粤ICP备14056181号  © 2014-2021 ITdaan.com