How to add a new user verification in yii-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

How to add a new user verification in yii

不言

Jun 15, 2018 pm 04:20 PM

yiiUser Authentication

This article is a detailed analysis and introduction to the method of adding a new user verification in Yii. Friends who need it can refer to it

1. Why should we add a new user? Verification:
Because I want to build the website backend and frontend in the same Yii application. But the frontend also contains the member management center. And the two user verifications are completely different, so Two different login pages are required, and user information must be stored in different cookies or sessions. Therefore, a user verification needs to be added to an application
2.yii user verification:
Before customizing user verification, we must first figure out the verification and authorization methods of yii.
In order to verify a user, we need to define a verification class with verification logic. This class needs to be implemented in yii IUserIdentity interface, different classes can implement different verification methods. Website login generally needs to verify the user name and password. Yii provides the CUserIdentity class, which is generally used to verify user names and passwords. After inheritance, we need to rewrite it authenticate() method to implement our own verification method. The specific code is as follows:
Php code

class UserIdentity extends CUserIdentity  
{  
    private $_id;  
    public function authenticate()  
    {  
        $record=User::model()->findByAttributes(array(&#39;username&#39;=>$this->username));  
        if($record===null)  
            $this->errorCode=self::ERROR_USERNAME_INVALID;  
        else if($record->password!==md5($this->password))  
            $this->errorCode=self::ERROR_PASSWORD_INVALID;  
        else 
        {  
            $this->_id=$record->id;  
            $this->setState(&#39;title&#39;, $record->title);  
            $this->errorCode=self::ERROR_NONE;  
        }  
        return !$this->errorCode;  
    }  
    public function getId()  
    {  
        return $this->_id;  
    }  
}

When the user logs in, the following code is called:

Php code

// 使用提供的用户名和密码登录用户  
$identity=new UserIdentity($username,$password);  
if($identity->authenticate())  
    Yii::app()->user->login($identity);  
else 
    echo $identity->errorMessage;

When the user exits, the following code is called:
Php code

// 注销当前用户  
Yii::app()->user->logout(); 
 其中的user是yii的一个components.需要在protected/config/main.php中定义

Php code

&#39;user&#39;=>array(  
    // enable cookie-based authentication  
    &#39;allowAutoLogin&#39;=>true,  
        &#39;loginUrl&#39; => array(&#39;site/login&#39;),  
),

Here we did not specify the class name of user. Because in Yii, user is an instance of the CWebUser class by default.
We have now implemented user login verification and logout. But now whether the user is logged in or not, the user All actions can be accessed, so the next step is to authorize user access. In Yii, user authorization is achieved through the Access Control Filter. Let’s take a look at a simple Controller with access control:
Php code

class AdminDefaultController extends CController  
{   
    public function filters()  
        {  
            return array(&#39;accessControl&#39;);  
        }  
        public function accessRules()  
        {  
            return array(  
                array(  
                    &#39;allow&#39;,  
                    &#39;users&#39; => array(&#39;@&#39;),  
                ),  
                array(  
                    &#39;deny&#39;,  
                    &#39;users&#39; => array(&#39;*&#39;)  
                ),  
            );  
        }  
}

We set the specific filter in the filters method. We can see that there is an accessControl parameter in the array returned by the filters method. There is a filterAccessControl method in the CController class:
Php code

public function filterAccessControl($filterChain)  
{  
    $filter=new CAccessControlFilter;  
    $filter->setRules($this->accessRules());  
    $filter->filter($filterChain);  
}

Create a new CAccessControlFilter instance inside, and pass in the parameters returned by the accessRules() method when setRules.
$filter->filter($filterChain) Then continue to call other filters.
And all specific authorization rules are defined in accessRules:
Php code

public function accessRules()  
    {  
        return array(  
            array(&#39;deny&#39;,  
                &#39;actions&#39;=>array(&#39;create&#39;, &#39;edit&#39;),  
                &#39;users&#39;=>array(&#39;?&#39;),  
            ),  
            array(&#39;allow&#39;,  
                &#39;actions&#39;=>array(&#39;delete&#39;),  
                &#39;roles&#39;=>array(&#39;admin&#39;),  
            ),  
            array(&#39;deny&#39;,  
                &#39;actions&#39;=>array(&#39;delete&#39;),  
                &#39;users&#39;=>array(&#39;*&#39;),  
            ),  
        );  
    }

For specific rules, please refer to the yii manual .
3. Add a new verification system:
First we inherit a CAdminUser from CWebUser:
Php code

class CAdminWebUser extends CWebUser  
{  
    public $loginUrl = array(&#39;admin/admin/login&#39;);  
}

We need to It is placed in components
If it is a global application, pass the components section of protected/config/main.php:
Php code

&#39;user&#39;=>array(  
    // enable cookie-based authentication  
        &#39;class&#39; => &#39;CAdminUser&#39;,  
    &#39;allowAutoLogin&#39;=>true,  
       &#39;loginUrl&#39; => array(&#39;site/login&#39;),  
),

If it is in modules Then add the following code in the init method of the module class:
Php code

$this->setComponents(array(  
       &#39;adminUser&#39; => array(  
                &#39;class&#39; => &#39;CAdminWebUser&#39;,  
                &#39;allowAutoLogin&#39; => false,  
        )  
));

Final calling method
Php code

//全局应用  
Yii::app()->getComponent(&#39;adminUser&#39;);  
//在模块中  
Yii::app()->controller->module->getComponent(&#39;adminUser&#39;);

But This is not enough, we also need to modify the Controller's filter. We need to customize a filter to implement the verification and authorization of another user
The first step is to customize a filter:
Php Code

class CAdminAccessControlFilter extends CAccessControlFilter  
{  
    protected function preFilter($filterChain)  
    {  
        $app=Yii::app();  
        $request=$app->getRequest();  
        $user = Yii::app()->controller->module->getComponent(&#39;adminUser&#39;);  
        $verb=$request->getRequestType();  
        $ip=$request->getUserHostAddress();  
        foreach($this->getRules() as $rule)  
        {  
            if(($allow=$rule->isUserAllowed($user,$filterChain->controller,$filterChain->action,$ip,$verb))>0) // allowed  
                break;  
            else if($allow<0) // denied  
            {  
                $this->accessDenied($user);  
                return false;  
            }  
        }  
        return true;  
    }  
}

Rewrite the filterAccessController method of the CController class
Php code

public function filterAccessControl($filterChain)  
{  
    $filter = new CAdminAccessControlFilter();  
    $filter->setRules($this->accessRules());  
    $filter->filter($filterChain);  
}  
//在这里我们使用自定义的filter类替换了原来的filter

OK, here we can specify in the accessRules() of this Controller adminUser's authorization

The above is the entire content of this article. I hope it will be helpful to everyone's study. For more related content, please pay attention to the PHP Chinese website!

Related recommendations:

About the implementation of the login function in the Yii framework of PHP

How to modify yii2.0 users The user table used for login is another table

The above is the detailed content of How to add a new user verification in yii. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

如何使用PHP框架Yii开发一个高可用的云备份系统Jun 27, 2023 am 09:04 AM

随着云计算技术的不断发展，数据的备份已经成为了每个企业必须要做的事情。在这样的背景下，开发一款高可用的云备份系统尤为重要。而PHP框架Yii是一款功能强大的框架，可以帮助开发者快速构建高性能的Web应用程序。下面将介绍如何使用Yii框架开发一款高可用的云备份系统。设计数据库模型在Yii框架中，数据库模型是非常重要的一部分。因为数据备份系统需要用到很多的表和关

Yii2 vs Phalcon：哪个框架更适合开发显卡渲染应用？Jun 19, 2023 am 08:09 AM

在当前信息时代，大数据、人工智能、云计算等技术已经成为了各大企业关注的热点。在这些技术中，显卡渲染技术作为一种高性能图形处理技术，受到了越来越多的关注。显卡渲染技术被广泛应用于游戏开发、影视特效、工程建模等领域。而对于开发者来说，选择一个适合自己项目的框架，是一个非常重要的决策。在当前的语言中，PHP是一种颇具活力的语言，一些优秀的PHP框架如Yii2、Ph

Yii框架中的数据查询：高效地访问数据Jun 21, 2023 am 11:22 AM

Yii框架是一个开源的PHPWeb应用程序框架，提供了众多的工具和组件，简化了Web应用程序开发的流程，其中数据查询是其中一个重要的组件之一。在Yii框架中，我们可以使用类似SQL的语法来访问数据库，从而高效地查询和操作数据。Yii框架的查询构建器主要包括以下几种类型：ActiveRecord查询、QueryBuilder查询、命令查询和原始SQL查询

php如何使用Yii3框架？May 31, 2023 pm 10:42 PM

随着互联网的不断发展，Web应用程序开发的需求也越来越高。对于开发人员而言，开发应用程序需要一个稳定、高效、强大的框架，这样可以提高开发效率。Yii是一款领先的高性能PHP框架，它提供了丰富的特性和良好的性能。Yii3是Yii框架的下一代版本，它在Yii2的基础上进一步优化了性能和代码质量。在这篇文章中，我们将介绍如何使用Yii3框架来开发PHP应用程序。

如何在win11上设置开机密码Dec 22, 2023 pm 01:18 PM

要是想要给自己的电脑设置隐私的话，我们是可以给电脑设置开机密码的，而且也很方便，只需要在设置中就可以完成了，下面一起来看看吧。win11怎么设置开机密码：1、首先右键“开始”菜单，点击设置。2、然后点击“账户”。3、接着点击“登录选项”。4、随后找到“密码”并且点击添加。5、最后就可以成功添加了。

Symfony vs Yii2：哪个框架更适合开发大型Web应用？Jun 19, 2023 am 10:57 AM

随着Web应用需求的不断增长，开发者们在选择开发框架方面也越来越有选择的余地。Symfony和Yii2是两个备受欢迎的PHP框架，它们都具有强大的功能和性能，但在面对需要开发大型Web应用时，哪个框架更适合呢？接下来我们将对Symphony和Yii2进行比较分析，以帮助你更好地进行选择。基本概述Symphony是一个由PHP编写的开源Web应用框架，它是建立

如何在PHP进行用户输入验证和安全过滤？Jun 29, 2023 pm 03:01 PM

如何在PHP进行用户输入验证和安全过滤？在开发Web应用程序时，用户输入验证和安全过滤是非常重要的环节。如果不正确处理用户输入，可能会导致各种安全漏洞，如跨站脚本攻击（XSS）和SQL注入攻击。因此，对用户输入进行验证和安全过滤是保护Web应用程序的重要措施之一。本文将介绍如何在PHP中进行用户输入验证和安全过滤。数据类型验证在接收用户输入之前，首先需要验证