Login Form - The $_POST desapeared!


#1

Hi Folks

I’m having a problem with my login form.
The problem is that when I do the login, the global variable $_POST don’t arrives to the login method. It simply desapeared. When I do “if ($this->request->is(‘post’))” on login method , it don’t enter inside.
The strange thing it’s when a open a new anonymous tab inside chrome or firefox it works fine. On the normal tab, when I do ctrl + shift + del and delete the things, it works fine again.
I’m trying to solve this problem, because it will be hard to always say to user clean the things on his own browser.

my main src\AppController.php
public function initialize()
{

        parent::initialize();
        $this->loadComponent('Aviso');
        $this->loadComponent('RequestHandler');
        $this->loadComponent('Flash');
        $this->loadComponent('Auth',[
                                    'authorize' => ['Controller'],
                                    'loginAction' => ['controller' => 'Usuarios','action' => 'login'],
                                    'logoutRedirect' => ['controller' => 'Usuarios','action' => 'login'], 
                                    'authenticate' => [
                                                        'Form' => ['userModel' => 'Usuarios',
                                                                   'fields' => ['username'  => 'st_email', 
                                                                                'password'  => 'st_senha']
                                                        ]
                                                      ],
                                    'authError'=>"Você não pode acessar a página.",
                                    'storage' => 'Session',
                            ]);

    }

My login method src\plugins\controle\UsuariosController.php

public function login()
{
$this->viewBuilder()->layout(‘login’);

    //Se já estiver logado, redireciona
    if (!is_null($this->Auth->user())) {
        $this->redirect('/inicio');    
    }
    
    if ($this->request->is('post')) {
        
        $usuario = $this->Auth->identify();
        
        $this->Auth->setUser($usuario);
        
        if ($usuario && $usuario['ch_situacao'] === 'A') {      
            
            $this->loadModel('Controle.Menus');
            $menus = $this->Menus->buscarPermissoes($this->Auth->user('id'));
            $usuario['menu'] = $menus['menu'];
            $usuario['permissao'] = $menus['permissao'];
            
            $this->loadModel('Controle.Parametros');
            $usuario['param'] = $this->Parametros->buscarTodos();
            
            $this->Auth->setUser($usuario);
            
            if ($usuario['nr_troca_senha'] == 1) {
                return $this->redirect(['action' => 'trocarSenha']);
            }
            return $this->redirect('/inicio');
        }

        $this->Flash->error(__('E-mail ou senha inválidos ou usuário inativado, tente novamente'));
    }
}

My login form src\plugins\controle\Template\Usuarios\login.ctp

<h1 class="navbar-fixed-top title-box title">DAER</h1>

<div class="box">
    <h2 class="title title-box">LOGIN</h2>
    <form method="post" action="<?= $this->Url->build(['plugin' => 'controle', 'controller' => 'usuarios','action' => 'login'])?>">
        <p class="text text-center">Faça o login para iniciar sua sessão</p>
        <div class="form-group has-feedback">
            <input type="email" class="form-control input" placeholder="E-mail" name="st_email">
            <span class="fa fa-envelope form-control-feedback"></span>
        </div>
        <div class="form-group has-feedback">
            <input type="password" class="form-control input" placeholder="Senha" name="st_senha">
            <span class="fa fa-lock form-control-feedback"></span>
        </div>

        <div class="form-group">
            <button type="submit" class="btn btn-primary btn-block btn-flat button">ENTRAR</button>
        </div>

        <div class="form-group">
            <a class="btn btn-success btn-block btn-flat button" href="cadastrar">CADASTRAR NOVO USUÁRIO</a>
        </div>

        <div class="row">
            <div class="col-xs-12">
                <a class="text esqueci_senha" href="senha">Esqueceu sua senha? Clique aqui</a>
            </div>    
        </div>
    </form>
</div>

#2

Try to debug($this->request); die; before this:

Also try look at https://book.cakephp.org/3.0/en/tutorials-and-examples/blog-auth-example/auth.html


#3

Thank you for your reply.

This is the result of the command :slight_smile:

/plugins/Controle/src/Controller/UsuariosController.php (line 81)
object(Cake\Network\Request) {
	params => [
		'controller' => 'Usuarios',
		'action' => 'login',
		'pass' => [],
		'plugin' => 'Controle',
		'_matchedRoute' => '/controle/:controller/:action/*',
		'_ext' => null,
		'isAjax' => false
	]
	data => []
	query => []
	cookies => []
	url => 'controle/usuarios/login'
	base => '/sid'
	webroot => '/sid/'
	here => '/sid/controle/usuarios/login'
	trustProxy => false
	[protected] _environment => [
		'REDIRECT_REDIRECT_UNIQUE_ID' => 'WcEpAQiFKHPy0A8PfMe6SwAAAAg',
		'REDIRECT_REDIRECT_STATUS' => '200',
		'REDIRECT_UNIQUE_ID' => 'WcEpAQiFKHPy0A8PfMe6SwAAAAg',
		'REDIRECT_STATUS' => '200',
		'UNIQUE_ID' => 'WcEpAQiFKHPy0A8PfMe6SwAAAAg',
		'HTTP_HOST' => 'benim.daer.rs.gov.br',
		'HTTP_CONNECTION' => 'keep-alive',
		'HTTP_CACHE_CONTROL' => 'max-age=0',
		'HTTP_USER_AGENT' => 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36',
		'HTTP_UPGRADE_INSECURE_REQUESTS' => '1',
		'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
		'HTTP_ACCEPT_ENCODING' => 'gzip, deflate',
		'HTTP_ACCEPT_LANGUAGE' => 'pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4,it;q=0.2',
		'PATH' => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin',
		'SERVER_SIGNATURE' => '',
		'SERVER_SOFTWARE' => 'Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/7.0.14',
		'SERVER_NAME' => 'benim.daer.rs.gov.br',
		'SERVER_ADDR' => '10.76.64.89',
		'SERVER_PORT' => '80',
		'REMOTE_ADDR' => '10.76.64.116',
		'DOCUMENT_ROOT' => '/var/www/html',
		'REQUEST_SCHEME' => 'http',
		'CONTEXT_PREFIX' => '',
		'CONTEXT_DOCUMENT_ROOT' => '/var/www/html',
		'SERVER_ADMIN' => 'root@localhost',
		'SCRIPT_FILENAME' => '/var/www/html/sid/webroot/index.php',
		'REMOTE_PORT' => '38685',
		'REDIRECT_URL' => '/sid/webroot/controle/usuarios/login',
		'GATEWAY_INTERFACE' => 'CGI/1.1',
		'SERVER_PROTOCOL' => 'HTTP/1.1',
		'REQUEST_METHOD' => 'GET',
		'QUERY_STRING' => '',
		'REQUEST_URI' => '/sid/controle/usuarios/login',
		'SCRIPT_NAME' => '/sid/webroot/index.php',
		'PHP_SELF' => '/sid/webroot/index.php',
		'REQUEST_TIME_FLOAT' => (float) 1505831169.901,
		'REQUEST_TIME' => (int) 1505831169,
		'HTTP_X_HTTP_METHOD_OVERRIDE' => null,
		'ORIGINAL_REQUEST_METHOD' => 'GET',
		'HTTPS' => false,
		'HTTP_X_REQUESTED_WITH' => null
	]
	[protected] _detectors => [
		'get' => [
			'env' => 'REQUEST_METHOD',
			'value' => 'GET'
		],
		'post' => [
			'env' => 'REQUEST_METHOD',
			'value' => 'POST'
		],
		'put' => [
			'env' => 'REQUEST_METHOD',
			'value' => 'PUT'
		],
		'patch' => [
			'env' => 'REQUEST_METHOD',
			'value' => 'PATCH'
		],
		'delete' => [
			'env' => 'REQUEST_METHOD',
			'value' => 'DELETE'
		],
		'head' => [
			'env' => 'REQUEST_METHOD',
			'value' => 'HEAD'
		],
		'options' => [
			'env' => 'REQUEST_METHOD',
			'value' => 'OPTIONS'
		],
		'ssl' => [
			'env' => 'HTTPS',
			'options' => [
				(int) 0 => (int) 1,
				(int) 1 => 'on'
			]
		],
		'ajax' => [
			'env' => 'HTTP_X_REQUESTED_WITH',
			'value' => 'XMLHttpRequest'
		],
		'flash' => [
			'env' => 'HTTP_USER_AGENT',
			'pattern' => '/^(Shockwave|Adobe) Flash/'
		],
		'requested' => [
			'param' => 'requested',
			'value' => (int) 1
		],
		'json' => [
			'accept' => [
				(int) 0 => 'application/json'
			],
			'param' => '_ext',
			'value' => 'json'
		],
		'xml' => [
			'accept' => [
				(int) 0 => 'application/xml',
				(int) 1 => 'text/xml'
			],
			'param' => '_ext',
			'value' => 'xml'
		],
		'mobile' => object(Closure) {
			
		},
		'tablet' => object(Closure) {
			
		}
	]
	[protected] _detectorCache => [
		'ajax' => false,
		'get' => true,
		'head' => false,
		'options' => false
	]
	[protected] _input => ''
	[protected] _session => object(Cake\Network\Session) {
		[protected] _engine => null
		[protected] _started => null
		[protected] _lifetime => '1440'
		[protected] _isCLI => false
	}
} 

I think the problem starts after this line return $this->redirect(’/inicio’)

The first time that the post comes, everything it’s ok. The user is recognized as should be, but after redirect the request comes again against the login form and it loses the post.


#4

It is standard behaviour. When you are redirected to /inicio you have to fill form again and send POST. There could be way to save input to session and reload it after login form reload, but when your form is login form, I think expected behaviour is to reset login form after reload.


#5

I found the problem !

The problem was that the infrastructure team has enable SSL. So everytime that I tried to login using SSL connection , it was permited my access. When I tried to access using non SSL connection, the user had gotted the validation but it always returned to the login form.
Reading the cakephp documentation I found this https://book.cakephp.org/3.0/en/development/sessions.html

CakePHP’s defaults session.cookie_secure to true, when your application is on an SSL protocol. If your application serves from both SSL and non-SSL protocols, then you might have problems with sessions being lost. If you need access to the session on both SSL and non-SSL domains you will want to disable this:

Configure::write(‘Session’, [
‘defaults’ => ‘php’,
‘ini’ => [
‘session.cookie_secure’ => false
]
]);

Thank you all for the replies.