CakePHP Auth Component For Dummies Tutorial

First off, I would like to say much thanks to Gwoo for finally helping me to understand this thing.

So I know what you’re thinking; I’m probably the last person to finally figure out the CakePHP’s Auth Component. For the past few months, I’ve been using obAuthbecause that’s the only authentication I could get to work with CakePHP. I think that I was just making it more difficult than it should have been.

My main resource for learning the Auth Component has been Chris’s tutorial, but even then I still needed help. Also, I’m the type that doesn’t really learn much without code.

Note that I’m running off of the CaekPHP 1.2 beta.

Getting Started

Now you can modify this however you like, but I’m starting out with the basics. You’re going to need the following:

  • A user database with fields usernamepassword. Of course they don’t need to be named that way, but defaults are fun.
  • A User Model with Controller and Views – This can be baked from CakePHP
  • A login view for the user.
  • And a base app_controller.php. That’s it.

The Setup – app_controller and users_controller

So here’s the minimum in app_controller:




var $components = array('Auth');
function beforeFilter(){
    $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
    $this->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'display', 'home');
    $this->Auth->authorize = 'controller';
function isAuthorized() {
    return true;

You can always visit the API for a better understanding of what’s going on, but right now we’re just trying to get stuff working.

After that there’s the users_controller.php. This you can get straight out of CakePHP’s baking. You do need a small modification:


function login()
function logout(){

Brief Explanation

Honestly, it’s magic; automagic to be precise. If you want to know how it works, you can read up in the API. But what I will do, is give you some of the magic words.

$this->Auth->authorize = ‘controller’

There are different types of authorization action (ugh – ACL stuff), CRUD (basically locks up all the editing stuff), and controller (gives you some need control). Hey, sorry I don’t know too much of what it does, just what I need.

$this->Auth->loginAction = array(‘controller’ => ‘users’, ‘action’ => ‘login’)

This tells yo what the login page is. It also controls where the user is redirected to if he’s not authorized to view a page.

$this->Auth->loginRedirect = array(‘controller’ => ‘pages’, ‘display’ => ‘home’)

Self explanatory: default action to redirect the user to when logged in if they go straight to the login page. If, however, they tried to access a restricted page then this will be ignored and when they login they’ll be redirected to where they wanted to go to.


This is one of the magic functions. By default, adding the authentication component locks down all actions, except the login and logout. This is your way of telling the component let me in to the ‘display’ action for every controller. You at least want to see the homepage right?

You can also add to this in the beforeFilter() of each controller you you need (don’t forget theparent::beforeFilter() to make sure the Auth stuff is still called). Likewise there’s a $this->Auth->deny(), which does the reverse. One small tip: you can also use allow(array(‘*’)) to allow everything.

User Controller

For right now, the login() action can be left as is. The Auth Component handles all that foot work beautifully. You just need to make sure you call $this->Auth->logout() in your logout() action. It has the added benefit of returning the Auth’s logoutRedirect, so $this->redirect($this->Auth->logout() works great.

  1. bathroom vanity
    October 14, 2011 at 12:41 pm

    Your website won’t render properly on my iphone4 – you might wanna try and repair that

  2. web design
    October 16, 2011 at 11:43 pm

    Hello there, We are a business based in Scotland. We specialise in modern looking websites in the hope to earn our clients higher conversion rates with a more intuitive website. Axsion Multimedia can upgrade your website and make it more appealing to prospect consumers. Thanks for your time. We hope we can help your business. Our website:

  3. May 3, 2013 at 8:46 pm

    Your style is very unique in comparison to other folks I’ve read stuff from. Thank you for posting when you’ve got
    the opportunity, Guess I will just book mark this site.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: