Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

cakephp lost session variable when redirect

I have problems with a session variable, users log into the app and then it sets a session variable but when it redirects to the next controller it isn't there.

At the moment I am not using the auth component, I think it is not correct, but I don't know how to apply it to my logic. This is because I dont log in users with username and password, they come authenticated from other website that gives me a ticket and a key to know who they are.

Here is my code of the UsersController where the app starts:

class UsuariosController extends AppController {
public $components = array('Session');

function beforeFilter() {

}

function login() {
    $isLogged = false;
    if(!empty($_POST['Ffirma']) ) {
        $this->loginByTicket();
    }
    else if(!empty($this->data)) { //When users log by email it works perfectly
        $this->loginByEmail();
    }
}

private function loginByEmail() {
    //Se busca el usuario en la base de datos
    $u = new Usuario();
    $dbuser = $u->findByEmail($this->data['Usuario']['email']);

    //if doesn't exist user in db
    if(empty($dbuser) ) {
        $this->Session->setFlash('El usuario no existe en el sistema, consulte con el administrador.');
        $this->redirect(array('controller' => 'usuarios', 'action' => 'login'));
        exit();
    }
    $this->userIsCorrectlyLogged($dbuser);
}

function loginByTicket() {
    $Fip = $_POST['Fip'];
    $Frol = $_POST['Frol'];
    $FidPersona = $_POST['Fidpersona'];
    $Fticket = $_POST['Fticket'];
    $Ffirma = $_POST['Ffirma'];
    //Check sing
    $f = $this->gen_firma($Frol, $FidPersona,  $Fticket);
    if( strcmp($f, $Ffirma) != 0 ) {
        $this->Session->setFlash('Firma no válida.');
        return;
    }
    //Check if ticket is valid
    //1º Check if it exists on the db
    $t = split('-',$Fticket);
    $ticket = new Ticket();
    $dbticket = $ticket->findById($t[0]);
    if( strcmp($dbticket['Ticket']['valor'], $t[1]) != 0) {
        $this->Session->setFlash('Ticket no válido.');
        return;
    }

    //2º if Ip ok
    if($Fip != $dbticket['Ticket']['ip']) {
        $this->Session->setFlash('IP no válida.'.' '.$dbticket['Ticket']['ip'].' '.$Fip);
        return;
    }

    $u = new Usuario();
    $dbuser = $u->findById($dbticket['Ticket']['idPersona']);
    $this->userIsCorrectlyLogged($dbuser);
}

private function userIsCorrectlyLogged($dbuser) {
    $user = array('Usuario' => array(
        'last_login' => date("Y-m-d H:i:s"),
        'rol_app' => 1,
        'nombre' => $dbuser['Usuario']['nombre'],
        'email' => $dbuser['Usuario']['email'],
        'apellidos' => $dbuser['Usuario']['apellidos'],
        'id' => $dbuser['Usuario']['id']
    ) );
    //Some stuff to determine rol privileges
    $this->Session->destroy(); 
    $this->Session->write('Usuario', $user);
    $this->redirect(array('controller' => 'mains', 'action' => 'index'),null, true);
    exit();
}

As you can see I make some controls before know that the user is correctly logged, and in user correctly logged I just save the session.

In my AppController I check if the user has logged in, but the session variable has already gone:

class AppController extends Controller {
    public $components = array('Session');
    function beforeFilter() {
        //Configure::write('Security.level', 'medium'); //I've tried this that i saw somewhere
        pr($this->Session->read()) // Session is empty
        if($this->checkAdminSession()) {
            $user = $this->Session->read('Usuario');
            $email = $user['Usuario']['email'];
            $usuario = new Usuario();
            $dbuser = $usuario->findByEmail($email);
            $respons = $usuario->getAccionesResponsable($dbuser['Usuario']['id']);  
            $this->set("hayacciones", true);
            if( empty($respons) ) $this->set("hayacciones", false);
        }
        else {
           $this->Session->setFlash('Necesitas identificarte para acceder al sistema.');

           $this->redirect('/usuarios/login/');
           exit();
        }
}
    function checkAdminSession() {
        return $this->Session->check('Usuario');        
    }
}

I'm desperate, I've read a lot of documentation but I don't know how to solve this problem, could you give me any clue?

Thanks you very much, and sorry for my English!.

Note: I have discovered that if the security level is low it works:

Configure::write('Security.level', 'low');

But I dont like this solution...

like image 392
NewRehtse Avatar asked Dec 28 '22 06:12

NewRehtse


1 Answers

You are overriding the beforeFilter() method. So, instead of using this:

<?php
class UsuariosController extends AppController {

    function beforeFilter() {

    }

you should do this:

<?php
class UsuariosController extends AppController {

    function beforeFilter() {
        parent::beforeFilter();
    }
like image 68
fzmaster Avatar answered Jan 05 '23 09:01

fzmaster