October 09, 2014

In this article, we are going to discuss about How to create a simple AuthComponent in CakePHP 2.x. To make restricted access level site in cakephp we need to implement AuthComponent in cakephp. To apply AuthComponent in cakephp 2.x is similar like to apply AuthComponent in Cakephp 1.x. I think you know cakephp.

Here I described the Authcomponent implementation system for Cakephp 2.x

Step 1 : 

Create a users table like bellow

CREATE TABLE `users` (
  `username` varchar(255) NOT NULL,
  `password` varchar(255) DEFAULT NULL,
  `email` varchar(255) DEFAULT NULL,
  `firstname` varchar(255) NOT NULL,
  `lastname` varchar(255) DEFAULT NULL,
  `address` text,
  `mobile` varchar(255) DEFAULT NULL,
  `status` tinyint(1) DEFAULT '0',
  PRIMARY KEY (`id`)

Step 2 :

Create respective UserController, UserModel and view files.

Step 3:

For User Password hashing you need to add the SimplePasswordHasher component in your model table:

// app/Model/User.php

App::uses('AppModel', 'Model');
App::uses('SimplePasswordHasher', 'Controller/Component/Auth');

class User extends AppModel {

// ...

public function beforeSave($options = array()) {
    if (isset($this->data[$this->alias]['password'])) {
        $passwordHasher = new SimplePasswordHasher();
        $this->data[$this->alias]['password'] = $passwordHasher->hash(
    return true;

Step 4:

Open your AppController and write the bellow code

// app/Controller/AppController.php
class AppController extends Controller {

    public $components = array(
        'Auth' => array(
            'loginRedirect' => array(
                'controller' => 'members',
                'action' => 'index'
            'logoutRedirect' => array(
                'controller' => 'pages',
                'action' => 'display',
            'authorize' => array('Controller')
    public function isAuthorized() {
        $userDetails =  AuthComponent::user();
        if($userDetails['group_id'] == 1) return true;
          if($this->permissions[$this->action] == '*') return true;
          if(in_array($userDetails['group_id'], $this->permissions[$this->action]))
          return true;
        $this->Session->setFlash(__('You are not authorize to access that location.'));
        return false;

Step 5:

Go to your user controller and add the following methods:

// app/Controller/UsersController.php
public function beforeFilter() {
    // Allow all users to register and logout.
    $this->Auth->allow('add', 'logout');
public function login() {
    if ($this->request->is('post')) {
            if ($this->Auth->login()) {
                return $this->redirect($this->Auth->redirect());
            $this->Session->setFlash('Data Validation Failure', 'default', array('class' => 'cake-error'));

    public function logout() {
        return $this->redirect($this->Auth->logout());
Step 6:

Create login.ctp file with bellow code:  


<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
            <?php echo __('Please enter your username and password'); ?>
        <?php echo $this->Form->input('username');
        echo $this->Form->input('password');
<?php echo $this->Form->end(__('Login')); ?>

All done now you can check the AuthComponent action by accessing your application:


Post a Comment