cakephp secure keyword like login method

I want to achieve something like below scenario mention in CakePHP 1.3.8 a latest version:

• Ask for Username / Password or directly ask for Secret Keyword
• If correct, ask for Secret Keyword
• If correct, access more details of website
• If wrong, don't allow any further access

There is Auth component into CakePHP for authentication like username/password however I want to implement this extra step of Secret Keyword to access information which should b开发者_高级运维e stored in somefile, encrypted way or some other better way you suggest in a single computer usage only.

Any ideas would be appreciated.

Thanks !

I typically turn off autoRedirect so I can do extra stuff in my login method. I typically don't do this much work, but you can probably repurpose accordingly by, after authentication is complete/successful. It's not a complete answer, nor is the following a complete code snippet for your requirement, but it may be enough to get you started.

/** Logging in and authenticated */
if ( !empty( $this->data ) && $this->Auth->user() ) {
  $this->User->id = $this->Auth->user( 'id' );
  $this->set_user_type();
  $this->User->saveField( 'last_login', date( 'Y-m-d H:i:s' ) );

  if( $this->User->has_building( $this->Auth->User('id') ) ) {
    $this->redirect( array( 'controller' => 'buildings', 'action' => 'incentives' ) );
  }
  else {
    $this->redirect( $this->Auth->redirect() );
  }
}

This is a snippet from one of my own projects. In your case, you might look for a secret key value next. If that doesn't exist, drop into a view to retrieve that and submit back to this same method. On the second pass, if the user is authenticated and the secret key is passed and exists, then redirect as required. If the secret key is wrong, then de-authenticate the user and redirect.

Like I said, not a complete answer and a very simple look at a hard problem, but hopefully it helps you get started.