1. Why do you want to add a user authentication:
Because I want to do the site backstage and the foreground in the same Yii application. But the front desk also includes a member of the management Center. And these two user authentication is completely different, so requires two different landing pages, To save user information in a different cookie or session. So you need to add a user authentication to an application
User authentication for 2.yii:
Before customizing user authentication, we should first clarify the authentication and authorization methods of Yii.
To verify a user, we need to define a validation class with validation logic. In Yii, this class needs to implement the Iuseridentity interface, and different classes can implement different authentication methods. Website Login generally need to verify the user name and password, Yii provides the Cuseridentity class, a class that is typically used to validate user names and passwords. After inheritance we need to rewrite the authenticate () method to implement our own
validation methods. The code is as follows:
PHP code
Copy CodeThe code is as follows:
Class Useridentity extends Cuseridentity
{
Private $_id;
Public function Authenticate ()
{
$record =user::model ()->findbyattributes (Array (' username ' = $this->username));
if ($record ===null)
$this->errorcode=self::error_username_invalid;
else if ($record->password!==md5 ($this->password))
$this->errorcode=self::error_password_invalid;
Else
{
$this->_id= $record->id;
$this->setstate (' title ', $record->title);
$this->errorcode=self::error_none;
}
Return! $this->errorcode;
}
Public Function GetId ()
{
return $this->_id;
}
}
The following code is called when the user logs on:
PHP code
Copy CodeThe code is as follows:
Log in to the user with the user name and password provided
$identity =new useridentity ($username, $password);
if ($identity->authenticate ())
Yii::app ()->user->login ($identity);
Else
Echo $identity->errormessage;
when the user exits, the following code is called:
PHP code
Copy CodeThe code is as follows:
Log off the current user
Yii::app ()->user->logout ();
The user is a part of yii. Need to be defined in protected/config/main.php
PHP code
Copy CodeThe code is as follows:
' User ' =>array (
Enable cookie-based Authentication
' Allowautologin ' =>true,
' loginurl ' = = Array (' Site/login '),
),
Here we do not specify the class name of user. Because the default user in Yii is an instance of the Cwebuser class.
We have now implemented the user's login verification and exit. But now that the user has access to all actions regardless of whether they are logged in or not, the next step is to authorize user access. In Yii, Access Control Filter is the Access control filter to implement user authorization. Let's look at a simple controller with access control:
PHP code
Copy CodeThe code is as follows:
Class Admindefaultcontroller extends Ccontroller
{
Public Function Filters ()
{
Return Array (' AccessControl ');
}
Public Function Accessrules ()
{
Return Array (
Array
' Allow ',
' users ' = = Array (' @ '),
),
Array
' Deny ',
' users ' = = Array (' * ')
),
);
}
}
We set the specific filter in the Filters method. We can see that there are AccessControl parameters in the array returned by the filters method,
There is a Filteraccesscontrol method in the Ccontroller class:
PHP code
Copy CodeThe code is as follows:
Public Function Filteraccesscontrol ($filterChain)
{
$filter =new Caccesscontrolfilter;
$filter->setrules ($this->accessrules ());
$filter->filter ($filterChain);
}
A new Caccesscontrolfilter instance is created inside, and the parameters returned by the Accessrules () method are passed in SetRules.
$filter->filter ($filterChain) is to continue invoking the other filter.
and all the specific authorization rules are defined in Accessrules:
PHP code
Copy CodeThe code is as follows:
Public Function Accessrules ()
{
Return Array (
Array (' Deny ',
' Actions ' =>array (' Create ', ' edit '),
' Users ' =>array ('? '),
),
Array (' Allow ',
' Actions ' =>array (' delete '),
' Roles ' =>array (' admin '),
),
Array (' Deny ',
' Actions ' =>array (' delete '),
' Users ' =>array (' * '),
),
);
}
Refer to the Manual of Yii for specific rules.
3. Add a validation system:
First we inherit a cadminuser from Cwebuser:
PHP code
Copy CodeThe code is as follows:
Class Cadminwebuser extends Cwebuser
{
Public $loginUrl = Array (' Admin/admin/login ');
}
We need to put him in the components.
if it is a global application, it passes through the components of protected/config/main.php:
PHP code
Copy CodeThe code is as follows:
' User ' =>array (
Enable cookie-based Authentication
' Class ' = ' Cadminuser ',
' Allowautologin ' =>true,
' loginurl ' = = Array (' Site/login '),
),
If you are in modules, add the following code to the Init method of the module class:
PHP code
Copy CodeThe code is as follows:
$this->setcomponents (Array (
' AdminUser ' = Array (
' Class ' = ' Cadminwebuser ',
' Allowautologin ' = False,
)
));
Last Call Mode
PHP code
Copy CodeThe code is as follows:
Global Application
Yii::app ()->getcomponent (' AdminUser ');
In the module
Yii::app ()->controller->module->getcomponent (' AdminUser ');
But that's not enough, we also need to modify the controller's filter, we need to customize a filter to implement another user's authentication and authorization
The first step is to customize a filter:
PHP code
Copy CodeThe code is as follows:
Class Cadminaccesscontrolfilter extends Caccesscontrolfilter
{
protected function Prefilter ($filterChain)
{
$app =yii::app ();
$request = $app->getrequest ();
$user = Yii::app ()->controller->module->getcomponent (' AdminUser ');
$verb = $request->getrequesttype ();
$ip = $request->getuserhostaddress ();
foreach ($this->getrules () as $rule)
{
if ($allow = $rule->isuserallowed ($user, $filterChain->controller, $filterChain->action, $ip, $verb)) >0) Allowed
Break
else if ($allow <0)//Denied
{
$this->accessdenied ($user);
return false;
}
}
return true;
}
}
re-overriding the Filteraccesscontroller method of the Ccontroller class
PHP code
Copy CodeThe code is as follows:
Public Function Filteraccesscontrol ($filterChain)
{
$filter = new Cadminaccesscontrolfilter ();
$filter->setrules ($this->accessrules ());
$filter->filter ($filterChain);
}
Here we use the custom filter class to replace the original filter
OK, here we can specify the authorization of Adminuser in this controller's Accessrules ()
http://www.bkjia.com/PHPjc/327749.html www.bkjia.com true http://www.bkjia.com/PHPjc/327749.html techarticle 1. Why do I need to add a user authentication: Because I want to do the site backstage and the foreground in the same Yii application. However, the front desk also includes a member's management center. And these two users are verified to be finished ...