CakePHP – User authentication and registration

CakePHP Framework

Hello guys! This is my firs post so I’ll keep it short for now.

I could say I am newbie with CakePHP framework. I’ve been working with it just for a couple of weeks so far but I think it’s awesome. It’s flexible, provides code generation, adopting MVC pattern, which definitely makes life easier. And on the other hand it’s really easy to extend the framework with 3rd party code like plugins and components or just extend the core classes to match your specific needs.

In this post I’d like to speak about one such plugin I decided to use in my project. The name of the plugin is Authake. That is a user authentication and management plugin. Initially I decided to use the core ACL and Auth classes but because of the tight time frame I have on the project I decided to go for ready solution that will save me some time and help me deploy the application faster.


Installing Authake

First you have to download Authake plugin, the best place to do it is GutHub.  Next step, put all files from the archive in your application under the following path: root/app/plugins/authake

Once this is done you have to add the PHP code that will load the plugin. So if you haven’t already created app_controller.php file this the right moment to do it. This file will override or it’s more accurate to say it will extend the default app_controller.php and allow you to specify extra configurations, load libraries, plugins and other necessary stuff for your application. Go into your application directory and create the app_controller.php file. The file content should look as follows:
[cc escaped=”true” lang=”php”]class AppController extends Controller {
// Loads the plugin helper to be used in Views
var $helpers = array(‘Authake.Authake’);
// Loads the plugin component to be used in Controllers
var $components = array(‘Authake.Authake’);

function beforeFilter(){
// Invokes our custom method that will load Authake

private function auth(){
// Sets the layout to default you have couple of options for that
Configure::write(‘Authake.useDefaultLayout’, true);
// Loads the actual plugin
Once the App Controller is set you have to import the database file which is under db directory in the plugin. You have two options either install plain tables or install tables with example data. Do whatever you think is suitable in your case. If you are doing a real-world project plain tables is better if it’s just for test purpose go for the sample SQL, this will help get better idea of how the plugin should be set.

OK so now we have our plugin installed, we’ve imported the database and set the App Controller. Now we want to make use of our authentication system. But before you start using the plugin there is one maybe small but very important bit. The plugin uses its own database configurations. To set this go to app/config/database.php and add the following code:
[cc escaped=”true” lang=”php”]var $authake = array(
‘driver’ => ‘mysql’,
‘persistent’ => false,
‘host’ => ‘localhost’,
‘login’ => ”, //username for the db
‘password’ => ”, //password for the db
‘database’ => ‘authake’, //where you have imported the authake.sql
‘prefix’ => ”,
This is quite useful if you want to use same database and authentication plugin for different applications. For example if you have subscription website on one hand and forum on the other this could be two separate applications with one user management system. But bare in mind it could create some problems in the application. I’ll look at this problem later in another post and will provide a solution.

Plugin routing

The plugin is ready for use but if you have to use the default layouts’ names e.g.: "/authake/register", "/authake/lost_password" and atc.

Which doesn’t look very pretty. That’s why we should use the routing in CAkePHP. Add following rules in your “app/config/rout.php” file:
[cc escaped=”true” lang=”php”]Router::connect(‘/register’, array(‘plugin’=>’authake’, ‘controller’ => ‘user’, ‘action’ => ‘register’));
Router::connect(‘/login’, array(‘plugin’=>’authake’, ‘controller’ => ‘user’, ‘action’ => ‘login’));
Router::connect(‘/logout’, array(‘plugin’=>’authake’, ‘controller’ => ‘user’, ‘action’ => ‘logout’));
Router::connect(‘/lost-password’, array(‘plugin’=>’authake’, ‘controller’ => ‘user’, ‘action’ => ‘lost_password’));
Router::connect(‘/verify/*’, array(‘plugin’=>’authake’, ‘controller’ => ‘user’, ‘action’ => ‘verify’));
Router::connect(‘/pass/*’, array(‘plugin’=>’authake’, ‘controller’ => ‘user’, ‘action’ => ‘pass’));
Router::connect(‘/profile’, array(‘plugin’=>’authake’, ‘controller’ => ‘user’, ‘action’ => ‘index’));
Router::connect(‘/denied’, array(‘plugin’=>’authake’, ‘controller’=>’user’, ‘action’=>’denied’));[/cc]
Now when we have all routes set we can start working with our plugin

Working with Authake

To login to the back end of the plugin you have to go to http://domain.tld/login. You should see a login form and you can use username: admin and password: admin. After you login you should see the admin panel if that’s not the case go to http://domain.tld/authake.

Here you have three options, to manage users, groups or rules. First we should set the groups. All groups are optional and can be deleted except the admin group. I really doubt someone would like to delete it. So if you have registered user you can create one for them and one for subscribers if your application offer such service. You can create as much groups as you want and you can name them as you want.

Once we have the groups we have to set our rules. Navigate to rule management panel and click on the top button to add new rule. Each rule is a list of regular expressions. For example the easiest one is to allow or deny all pages for a specific user group or all of the groups: “*”

The asterisk tells the script that this group can’t access  any page on the website. Be careful because with this rule.

Other example is if you want to forbid a specific page: “/products”. This will stop group users to see the “/products/index” page but this won’t stop user to visit other pages. To do so you have to add an asterisk like that: “/products/*”. If you want to add more than one rule per row you can so it using  “or” after each rule e.g.: “/page1 or /page2 or /page3/*”

You can use brackets to specify if something is optional for example: “/test(/page)?” if the user visit “/test/page” or just “/test” he/she will be redirected to access denied page.

Each rule has a priority. This means the you can have as much rules as you want and they will be organized in some logical order. For example if you forbid everything with rule with priority 0 and declare new rule with rang 10 that allows some pages like “/denied, /pages, /login” and so on the lower priority rule will be overridden. So the system is quite flexible and could match all kind of requirements.

Useful tips

There is a menu plugin that is integrated with Authake, it’s called CakeMenu. It’s really easy for integration and works out of the box with Authake groups, users and rules.



Just a guy with strong interest in PHP and Web technologies

Tagged with: , , , ,
7 comments on “CakePHP – User authentication and registration
  1. Janice Billingham says:

    Appreciate your inforamtion. It is just too greeeeat!

  2. Sherika Roell says:

    Glad to find this information. I have been searching in Google for long time.

  3. Marna Leef says:

    How long did it take you to research this work? Amazing!

  4. samir says:

    thanks for the tutorial any. any tutorial on adding an auth User?

  5. Magento Team says:

    This site was… how do you say it? Relevant!!
    Finally I have found something that helped me. Kudos!

  6. cs go giveaway says:

    Hello, I think your site might be having browser compatibility issues.
    When I look at your blog site in Opera, it looks fine but
    when opening in Internet Explorer, it has some overlapping.
    I just wanted to give you a quick heads up! Other then that, wonderful blog!

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.