Home > Article > Backend Development > Detailed explanation of the method of adding a new user verification in Yii_PHP tutorial
Detailed explanation of the method of adding a new user verification in Yii_PHP tutorial
- WBOYOriginal
- 2016-07-21 15:04:46823browse
1. Why do I need to add a new user verification:
Because I want to make the website backend and frontend in the same yii application. But the frontend also includes member management Center. The two user verifications are completely different, so two different login pages are needed, and user information must be stored in different cookies or sessions. Therefore, a user verification needs to be added to an application
2.yii user verification:
Before customizing user verification, we must first figure out yii’s verification and authorization methods.
In order to verify a user, we It is necessary to define a verification class with verification logic. In Yii, this class needs to implement the IUserIdentity interface. Different classes can implement different verification methods. Website login generally requires user name and password verification. Yii provides the CUserIdentity class. This class A class generally used to verify usernames and passwords. After inheritance, we need to rewrite the authenticate() method to implement our own verification method. The specific code is as follows:
Php code
Copy code The code is as follows:
class UserIdentity extends CUserIdentity
{
private $_id;
public function authenticate()
$this->errorCode=self::ERROR_USERNAME_INVALID;
else if($record->password!==md5($this->password))
$this->errorCode= Self :: error_password_inValid;
Else
{
$ This-GT; t; );
$this->errorCode=self::ERROR_NONE;
}
return !$this->errorCode; {
return $this->_id;
Copy code
The code is as follows:
// Use the provided username and password to log in to the user
$identity=new UserIdentity($username ,$password);
Yii::app()->user->login($identity); else
echo $ identity->errorMessage;
When the user exits, the following code is called:Php code
Copy code
The code is as follows:
// Log out the current user
Yii::app()->user->logout();
Php code
Copy code The code is as follows:
'user'=>array(
// enable cookie-based authentication
'allowAutoLogin'=>true,
'loginUrl' => array('site /login'),
),
// enable cookie-based authentication
'allowAutoLogin'=>true,
'loginUrl' => array('site /login'),
),
Here we do not specify the class name of user. Because user is an instance of the CWebUser class by default in yii.
We have now implemented the user Login verification and logout. But now users can access all actions regardless of whether they are logged in, so in the next step we need to authorize user access. In Yii, user authorization is achieved through Access Control Filter, that is, access control filter. We Take a look at a simple Controller with access control:Php code
Copy codeThe code is as follows:
class AdminDefaultController extends CController
{
public function filters()
{
return array('accessControl');
}
Public function accessRules()
{ ; array('@'),
'deny',
'users' => array('*')
🎜>
We are in filters method Set a specific filter in. We can see that there is an accessControl parameter in the array returned by the filters method.
There is a filterAccessControl method in the CController class:
Php code
Copy code
The code is as follows:
public function filterAccessControl($filterChain)
{ $filter=new CAccessControlFilter;
$filter-> ;setRules($this->accessRules());
$filter->filter($filterChain); } Create a new CAccessControlFilter instance inside, and in When setRules, the parameters returned by the accessRules() method are passed in.
$filter->filter($filterChain) continues to call other filters.And all specific authorization rules are defined in accessRules Medium:
Php code
Copy code
The code is as follows:
public function accessRules()
{ return array(
array('deny',
'actions'=>array('create', 'edit'), 'users'=>array(' ?' ), ), array('allow', 'actions'=>array('delete'),
'roles'=>array('admin' ), array('deny', 🎜> ),
); CWebUser inherits a CAdminUser:
Php code
Copy code
The code is as follows:
class CAdminWebUser extends CWebUser
{
public $loginUrl = array('admin/admin/login');
}
We need to place it in components
If it is a global application, pass the components section of protected/config/main.php:
Php code
'user'=>array(
// enable cookie-based authentication
'class' => ; 'CAdminUser',
'allowAutoLogin'=>true,
'loginUrl' => array('site/login'),
),
If it is in modules, add the following code in the init method of the module class:
Php code
$this->setComponents(array(
'adminUser' => array(
'CAdminWebUser',
'allowAutoLogin ' => false,
) )
));
Last calling method
Php code
//Global application
Yii::app()->getComponent('adminUser');
//In module
Yii::app()->controller->module->getComponent('adminUser');
But this is not enough, we also need to modify the Controller's filter, we need Customize a filter to implement verification and authorization of another user
The first step is to customize a filter:
Php code
class CAdminAccessControlFilter extends CAccessControlFilter
{
protected function preFilter($filterChain)
{
$app=Yii::app ();
$request=$app->getRequest();
$user = Yii::app()->controller->module->getComponent('adminUser');
$verb=$request->getRequestType();
$ip=$request->getUserHostAddress();
foreach($this->getRules() as $rule)
{ 🎜> return false; ;
return true; >
Copy code
The code is as follows:
public function filterAccessControl($filterChain)
{
$filter = new CAdminAccessControlFilter();
$ filter->setRules($this->accessRules());
$filter->filter($filterChain);
}//Here we use a custom filter class to replace Original filter
OK, here we can specify the authorization of adminUser in the accessRules() of this Controller
); CWebUser inherits a CAdminUser:
Php code
Copy code
The code is as follows:
class CAdminWebUser extends CWebUser
{
public $loginUrl = array('admin/admin/login');
}
We need to place it in components
If it is a global application, pass the components section of protected/config/main.php:
Php code
Copy code The code is as follows:
'user'=>array(
// enable cookie-based authentication
'class' => ; 'CAdminUser',
'allowAutoLogin'=>true,
'loginUrl' => array('site/login'),
),
If it is in modules, add the following code in the init method of the module class:
Php code
Copy the code The code is as follows:
$this->setComponents(array(
'adminUser' => array(
'CAdminWebUser',
'allowAutoLogin ' => false,
) )
));
Last calling method
Php code
Copy code The code is as follows:
//Global application
Yii::app()->getComponent('adminUser');
//In module
Yii::app()->controller->module->getComponent('adminUser');
But this is not enough, we also need to modify the Controller's filter, we need Customize a filter to implement verification and authorization of another user
The first step is to customize a filter:
Php code
Copy code The code is as follows:
class CAdminAccessControlFilter extends CAccessControlFilter
{
protected function preFilter($filterChain)
{
$app=Yii::app ();
$request=$app->getRequest();
$user = Yii::app()->controller->module->getComponent('adminUser');
$verb=$request->getRequestType();
$ip=$request->getUserHostAddress();
foreach($this->getRules() as $rule)
{ 🎜> return false; ;
return true; >
Copy code
The code is as follows:
public function filterAccessControl($filterChain)
{
$filter = new CAdminAccessControlFilter();
$ filter->setRules($this->accessRules());
$filter->filter($filterChain);
}
OK, here we can specify the authorization of adminUser in the accessRules() of this Controller
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Introduction to the usage of parsing smarty interception string function truncate_PHP tutorialNext article:Introduction to the usage of parsing smarty interception string function truncate_PHP tutorial