CakePHP + admin routes + .htaccess + production mode
The following site shows a (kinda hack-ish) way to protect an admin route with .htaccess:
开发者_Python百科http://snook.ca/archives/servers/password_protect_admin/
If I understand it correctly, it only works because CakePHP runs a check for the 'real' file presence before it processes its own URL logic. So, when you request yoursite.com/admin, it checks for the default document in the (real, since we've created it) /admin dir, and this check triggers the authentication.
My issue is: the 'hack' works OK if I set my debug level to '1' or higher. If I set it to Production Mode ('0'), I just get a cake-interpreted HTTP 401 (Access Denied) error.
So, my question is: is there any way to make this 'hack' work with the debug level set to zero?
Check out the SecurityComponent which lets you set up basic HTTP Authentication with a few lines of code in your beforeFilter
. Should be a lot more robust than this hack.
I do agree though that the AuthComponent is terrifically easy to set up. You just copy and paste the snippets for the UserController and login form, run the table creation script, try to log in, take the encoded password from the SQL log, put it in the database and add Auth
to the component list in your controller. Takes less than 3 minutes and makes a better impression to the client (in case anybody cares ;)).
精彩评论