CakePHP – User authentication and registration

Installing Authake

First you have to download Authake plugin, the best place to do it is GutHub.  Next step, put all files from the archive in your application under the following path: root/app/plugins/authake
Once this is done you have to add the PHP code that will load the plugin. So if you haven’t already created app_controller.php file this the right moment to do it. This file will override or it’s more accurate to say it will extend the default app_controller.php and allow you to specify extra configurations, load libraries, plugins and other necessary stuff for your application. Go into your application directory and create the app_controller.php file. The file content should look as follows:

class AppController extends Controller { // Loads the plugin helper to be used in Views var $helpers = array('Authake.Authake'); // Loads the plugin component to be used in Controllers var $components = array('Authake.Authake');   function beforeFilter(){ // Invokes our custom method that will load Authake $this->auth(); }   private function auth(){ // Sets the layout to default you have couple of options for that Configure::write('Authake.useDefaultLayout', true); // Loads the actual plugin $this->Authake->beforeFilter($this); } }

Once the App Controller is set you have to import the database file which is under db directory in the plugin. You have two options either install plain tables or install tables with example data. Do whatever you think is suitable in your case. If you are doing a real-world project plain tables is better if it’s just for test purpose go for the sample SQL, this will help get better idea of how the plugin should be set.
OK so now we have our plugin installed, we’ve imported the database and set the App Controller. Now we want to make use of our authentication system. But before you start using the plugin there is one maybe small but very important bit. The plugin uses its own database configurations. To set this go to app/config/database.php and add the following code:

var $authake = array( 'driver' => 'mysql', 'persistent' => false, 'host' => 'localhost', 'login' => '', //username for the db 'password' => '', //password for the db 'database' => 'authake', //where you have imported the authake.sql 'prefix' => '', );

This is quite useful if you want to use same database and authentication plugin for different applications. For example if you have subscription website on one hand and forum on the other this could be two separate applications with one user management system. But bare in mind it could create some problems in the application. I’ll look at this problem later in another post and will provide a solution.

Plugin routing

The plugin is ready for use but if you have to use the default layouts’ names e.g.:

1	"/authake/register", "/authake/lost_password"

and atc.
Which doesn’t look very pretty. That’s why we should use the routing in CAkePHP. Add following rules in your “app/config/rout.php” file:

Router::connect('/register', array('plugin'=>'authake', 'controller' => 'user', 'action' => 'register')); Router::connect('/login', array('plugin'=>'authake', 'controller' => 'user', 'action' => 'login')); Router::connect('/logout', array('plugin'=>'authake', 'controller' => 'user', 'action' => 'logout')); Router::connect('/lost-password', array('plugin'=>'authake', 'controller' => 'user', 'action' => 'lost_password')); Router::connect('/verify/*', array('plugin'=>'authake', 'controller' => 'user', 'action' => 'verify')); Router::connect('/pass/*', array('plugin'=>'authake', 'controller' => 'user', 'action' => 'pass')); Router::connect('/profile', array('plugin'=>'authake', 'controller' => 'user', 'action' => 'index')); Router::connect('/denied', array('plugin'=>'authake', 'controller'=>'user', 'action'=>'denied'));

Now when we have all routes set we can start working with our plugin

Working with Authake

To login to the back end of the plugin you have to go to http://domain.tld/login. You should see a login form and you can use username: admin and password: admin. After you login you should see the admin panel if that’s not the case go to http://domain.tld/authake.
Here you have three options, to manage users, groups or rules. First we should set the groups. All groups are optional and can be deleted except the admin group. I really doubt someone would like to delete it. So if you have registered user you can create one for them and one for subscribers if your application offer such service. You can create as much groups as you want and you can name them as you want.
Once we have the groups we have to set our rules. Navigate to rule management panel and click on the top button to add new rule. Each rule is a list of regular expressions. For example the easiest one is to allow or deny all pages for a specific user group or all of the groups: “*”
The asterisk tells the script that this group can’t access  any page on the website. Be careful because with this rule.
Other example is if you want to forbid a specific page: “/products”. This will stop group users to see the “/products/index” page but this won’t stop user to visit other pages. To do so you have to add an asterisk like that: “/products/*”. If you want to add more than one rule per row you can so it using  “or” after each rule e.g.: “/page1 or /page2 or /page3/*”
You can use brackets to specify if something is optional for example: “/test(/page)?” if the user visit “/test/page” or just “/test” he/she will be redirected to access denied page.
Each rule has a priority. This means the you can have as much rules as you want and they will be organized in some logical order. For example if you forbid everything with rule with priority 0 and declare new rule with rang 10 that allows some pages like “/denied, /pages, /login” and so on the lower priority rule will be overridden. So the system is quite flexible and could match all kind of requirements.

Useful tips

There is a menu plugin that is integrated with Authake, it’s called CakeMenu. It’s really easy for integration and works out of the box with Authake groups, users and rules.