/** * Get the current user. * * Will prefer the static user cache over sessions. The static user * cache is primarily used for stateless authentication. For stateful authentication, * cookies + sessions will be used. * * @param string $key field to retrieve. Leave null to get entire User record * @return mixed User record. or null if no user is logged in. * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#accessing-the-logged-in-user */ public static function user($key = null) { if (!empty(static::$_user)) { $user = static::$_user; } elseif (static::$sessionKey && Session::check(static::$sessionKey)) { $user = Session::read(static::$sessionKey); } else { return null; } if ($key === null) { return $user; } return Hash::get($user, $key); }
/** * Get the URL a user should be redirected to upon login. * * Pass a URL in to set the destination a user should be redirected to upon * logging in. * * If no parameter is passed, gets the authentication redirect URL. The URL * returned is as per following rules: * * - Returns the normalized URL from session Auth.redirect value if it is * present and for the same domain the current app is running on. * - If there is no session value and there is a config `loginRedirect`, the * `loginRedirect` value is returned. * - If there is no session and no `loginRedirect`, / is returned. * * @param string|array $url Optional URL to write as the login redirect URL. * @return string Redirect URL */ public function redirectUrl($url = null) { if ($url !== null) { $redir = $url; $this->session->write('Auth.redirect', $redir); } elseif ($this->session->check('Auth.redirect')) { $redir = $this->session->read('Auth.redirect'); $this->session->delete('Auth.redirect'); if (Router::normalize($redir) === Router::normalize($this->_config['loginAction'])) { $redir = $this->_config['loginRedirect']; } } elseif ($this->_config['loginRedirect']) { $redir = $this->_config['loginRedirect']; } else { $redir = '/'; } if (is_array($redir)) { return Router::url($redir + ['_base' => false]); } return $redir; }
/** * Manually add form tampering prevention token information into the provided * request object. * * @param \Cake\Network\Request $request The request object to add into. * @return bool */ public function generateToken(Request $request) { if (isset($request->params['requested']) && $request->params['requested'] === 1) { if ($this->session->check('_Token')) { $request->params['_Token'] = $this->session->read('_Token'); } return false; } $token = ['allowedControllers' => $this->_config['allowedControllers'], 'allowedActions' => $this->_config['allowedActions'], 'unlockedFields' => $this->_config['unlockedFields']]; $this->session->write('_Token', $token); $request->params['_Token'] = ['unlockedFields' => $token['unlockedFields']]; return true; }
/** * Used to check if a session variable is set * * In your controller: $this->Session->check('Controller.sessKey'); * * @param string $name the name of the session key you want to check * @return bool true is session variable is set, false if not * @link http://book.cakephp.org/2.0/en/core-libraries/components/sessions.html#SessionComponent::check */ public function check($name) { return Session::check($name); }
/** * Used to check if a session variable is set * * In your controller: $this->Session->check('Controller.sessKey'); * * @param string $name the name of the session key you want to check * @return bool true is session variable is set, false if not * @link http://book.cakephp.org/2.0/en/core-libraries/components/sessions.html#SessionComponent::check */ public function check($name) { return $this->_session->check($name); }
/** * testCheckEmpty * * @return void */ public function testCheckEmpty() { $session = new Session(); $this->assertFalse($session->check()); }
/** * Used to render the message set in Controller::Session::setFlash() * * In your view: $this->Session->flash('somekey'); * Will default to flash if no param is passed * * You can pass additional information into the flash message generation. This allows you * to consolidate all the parameters for a given type of flash message into the view. * * {{{ * echo $this->Session->flash('flash', array('params' => array('class' => 'new-flash'))); * }}} * * The above would generate a flash message with a custom class name. Using $attrs['params'] you * can pass additional data into the element rendering that will be made available as local variables * when the element is rendered: * * {{{ * echo $this->Session->flash('flash', array('params' => array('name' => $user['User']['name']))); * }}} * * This would pass the current user's name into the flash message, so you could create personalized * messages without the controller needing access to that data. * * Lastly you can choose the element that is rendered when creating the flash message. Using * custom elements allows you to fully customize how flash messages are generated. * * {{{ * echo $this->Session->flash('flash', array('element' => 'my_custom_element')); * }}} * * If you want to use an element from a plugin for rendering your flash message you can do that using the * plugin param: * * {{{ * echo $this->Session->flash('flash', array( * 'element' => 'my_custom_element', * 'params' => array('plugin' => 'my_plugin') * )); * }}} * * @param string $key The [Message.]key you are rendering in the view. * @param array $attrs Additional attributes to use for the creation of this flash message. * Supports the 'params', and 'element' keys that are used in the helper. * @return string * @link http://book.cakephp.org/2.0/en/core-libraries/helpers/session.html#SessionHelper::flash */ public function flash($key = 'flash', $attrs = []) { if (!Session::check('Message.' . $key)) { return ''; } $flash = Session::read('Message.' . $key); $message = $flash['message']; unset($flash['message']); if (!empty($attrs)) { $flash = array_merge($flash, $attrs); } if ($flash['element'] === 'default') { $class = 'message'; if (!empty($flash['params']['class'])) { $class = $flash['params']['class']; } $out = $this->formatTemplate('flash', ['class' => $class, 'key' => $key, 'message' => $message]); } elseif (!$flash['element']) { $out = $message; } else { $options = array(); if (isset($flash['params']['plugin'])) { $options['plugin'] = $flash['params']['plugin']; } $tmpVars = $flash['params']; $tmpVars['message'] = $message; $out = $this->_View->element($flash['element'], $tmpVars, $options); } Session::delete('Message.' . $key); return $out; }