Make phpfuel page accessible without username and password

I have this function:

	public function action_login()
	{
		// Already logged in
		Auth::check() and Response::redirect('admin');

		$val = Validation::forge();

		if (Input::method() == 'POST')
		{
			$val->add('email', 'Email or Username')
			    ->add_rule('required');
			$val->add('password', 'Password')
			    ->add_rule('required');

			if ($val->run())
			{
				if ( ! Auth::check())
				{
					if (Auth::login(Input::post('email'), Input::post('password')))
					{
						// assign the user id that lasted updated this record
						foreach (\Auth::verified() as $driver)
						{
							if (($id = $driver->get_user_id()) !== false)
							{
								// credentials ok, go right in
								$current_user = Model\Auth_User::find($id[1]);
								Session::set_flash('success', e('Welcome, '.$current_user->username));
								Response::redirect('admin');
							}
						}
					}
					else
					{
						$this->template->set_global('login_error', 'Login failed!');
					}
				}
				else
				{
					$this->template->set_global('login_error', 'Already logged in!');
				}
			}
		}

		$this->template->title = 'Login';
		$this->template->content = View::forge('admin/login', array('val' => $val), false);
	}

Open in new window


Right now this wont let me acess any pages unles i am in a logged in state. however i want to build a cron that would hit a page within the admin but i cant do so since it will need an email and password, is there anything i can add so that if a user hits this page:
https://www.text.com/adminpanel/public/admin/reports

it will be accessible without a username or password
LVL 1
Jazzy 1012Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Julian HansenCommented:
Why do you want the cron to call an admin page?
What is the cron script going to be doing?
0
Jazzy 1012Author Commented:
it is to add in a query into the database, im not sure if there is another way to handle this.
0
Julian HansenCommented:
Ok but why does your cron script need to call a page that is linked to a login?

One option is to do this (if you have to)

In your login script you do a check to see if a constant is defined

the_script_you_want_to_run.php
if (defined('CRONSCRIPT')) {
   // set login state to logged in here
}
else {
  // do normal login here
}

Open in new window

 

In your cron script you do this

define('CRONSCRIPT',1);
require_once('path/to/the_script_you_want_to_run.php');

Open in new window


By defining the constant in your cron script you are telling the page you want to access to ignore the login process and just do what it needs to. This can only be done with a server script so it remains secure for your normal access.
0
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Jazzy 1012Author Commented:
Ok so i want to do it like this:

require_once('var/pathx.php');

and it send the login information "email" and "password" to the controller of my script page so it can act like it is logged in
0
Jazzy 1012Author Commented:
i did this so far:

cron script:
define('CRONSCRIPT',1);
require_once('var/www/pathchanges/index.php');

Open in new window

I enteredthis in the controller to let the login become authenticated even without actually login controller.php:
if (defined('CRONSCRIPT')) {
            Auth::login();
            Response::redirect('admin');


class Controller_Admin_Reports_Pathchanges extends Controller_Admin
{

    public function action_index($dir='upcoming')
    {
        $dir_op = ($dir === 'upcoming') ? '>=' : '<';
        $delivery_weeks = DB::query("select week(date,3) as week_num, year(date) as year, sum(1) as count from deliveries inner join orders on deliveries.order_id = orders.id  AND orders.status in ('upcoming', 'processing', 'complete') where date {$dir_op} now() group by week(date,3), year(date) limit 1")->execute();
        $data['current_direction'] = $dir;

        $weeks = array();

      foreach($delivery_weeks as $dw)
        {
            $week_num = $dw['week_num'];
            $year = $dw['year'];
            $count = $dw['count'];
            $curr_start_date = \Helper::get_date_by_week_number($week_num,$year,0);
            $curr_end_date = \Helper::get_date_by_week_number($week_num,$year,7);
            $weeks[$week_num] = array('start_date' => $curr_start_date, 'end_date' => $curr_end_date, 'year' => $year, 'count' => $count);
        }

        $data['weeks'] = $weeks;
        foreach ($weeks as $week_number => $item){
        $cookorder = new \Lib_Cookorder(array('week_num' => $week_number, 'year' => $year));

        }
        $cookorder->run();

        $data['meal_count'] = $cookorder->get_meal_count();
        $data['component_count'] = $cookorder->get_component_count();
        $data['start_date'] = $cookorder->get_start_date();
        $data['end_date'] = $cookorder->get_end_date();
        $data['week_number'] = $cookorder->get_week_number();
        $this->template->title = "Cookorder";
        $this->template->content = View::forge('pathchanges/index', $data);

/*      $this->template->title = "Reports";
        $this->template->content = View::forge('admin/reports/pathchanges/index', $data); */

    }

    public function action_view($year,$week_number)
    {


    }

}
}

Open in new window

but all i got was a HTTP 500 page. I also tried force_login, but it didnt work?
0
Julian HansenCommented:
You have it the wrong way round.

The logon only happens if your CRONSCRIPT define is NOT defined and it is supposed to go in your login controller. The principle here is to only run genuine authentication code if CRONSCRIPT is NOT defined. In your Auth::login you would test for this and if it is set you would automatically do the login without checking the post('email') and post('password')

The other option is to preload the $_POST array with valid email / password values before including the script and calling the login function

$_POST['email'] = 'valid@email.here';
$_POST['password'] = 'validpassword';
require_once('var/www/pathchanges/index.php');
Auth::login();

Open in new window


These are general ideas - you need to adapt for your setup.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jazzy 1012Author Commented:
thank you and yes you are right ill look into that!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
fuel

From novice to tech pro — start learning today.