This is a tutorial which can be used by those who want to setup a basic user administration and authentication in CakePHP, one of the most popular MVC PHP frameworks around. We will be using the Auth component of Cake and we will create some administration screens.
Setting up the database
First of all we need one table to store our users. Cake’s Auth module can automate some of the process, as long as we are following some naming conventions. Our table consists of 4 fields: id, username, password and role:
CREATE TABLE users (
id INT(10) UNSIGNED NOT NULL auto_increment,
username VARCHAR(20) NOT NULL,
password VARCHAR(50) NOT NULL,
role ENUM('user','admin') NOT NULL DEFAULT 'user',
PRIMARY KEY (`id`)
);
The “id” is the primary key of the table. By using this name, we are helping Cake to take care of possible Model associations without having to modify anything. The pair of fields “username” and “password” are expected by the Auth component (again, this is configurable). Finally, the “role” field will be used in order to distinguish basic users from administrators.
Careful readers will notice that the “password” field is rather large. This is because all passwords stored in the database are hashed and, in the end, the field length will be much longer than the original (depending on the algorithm used).
Modeling the table
You can either bake the table into a Model or write the Model on your own. The basic Model looks like this:
/**
*
* Filename: /app/models/user.php
*
**/
class User extends AppModel {
var $name = 'User';
}
We are going to add some validation rules:
- the username must be non-empty and unique
- the password must be non-empty
- the role can either be ‘user’ or ‘admin’
Additionally, we would like to have some sort of password confirmation mechanism, which can be used either during the user registration or during the user edit. By implementing those rules, our code becomes:
/**
*
* Filename: /app/models/user.php
*
**/
class User extends AppModel {
var $name = 'User';
var $validate = array(
'username' => array(
'notEmpty' => array(
'rule' => 'notEmpty',
'message' => 'The username cannot be empty'
),
'isUnique' => array(
'rule' => 'isUnique',
'message' => 'The username is already taken.'
)
),
'password' => array(
'notEmpty' => array(
'rule' => 'notEmpty',
'message' => 'The password cannot be empty'
),
'confirmPassword' => array(
'rule' => array('confirmPassword', 'password_confirm'),
'message' => 'Please enter the same password twice'
)
),
'role' => array(
'rule' => array('inlist', array('user', 'admin')),
'message' => "A user's role must either be 'user' or 'admin'"
)
);
function confirmPassword( $original, $confirmationField ) {
return $this->data[$this->name][$confirmationField] === $original['password'];
}
}
The password confirmation is implemented in lines 27-29. This part of the code tells Cake that we will be providing the Model with two different fields (“password” and “password_confirm”) and that we would like to apply the function named “confirmPassword” listed bellow (lines 39-43). Have a look at the relevant manual page (“Adding your own Validation Methods“) to read how you can use your own functions for advanced field validation.
Go ahead ahead and play around with the code provided. Bake your own Controller and see if you can create some forms which will allow you to add new users and edit the existing ones.
~~~to be continued…
