sitecontroller loginaction u will find below code.
if ($model->load(Yii::$app->request->post()) && $model->login()) {
so it will goes to loginform model.
in models/loginform
in rules: ['password', 'validatePassword'],
public function validatePassword($attribute, $params)
{
if (!$this->hasErrors()) {
$user = $this->getUser();
if (!$user || !$user->validatePassword($this->password)){
$this->addError($attribute, 'Incorrect username or password.');
}
}
}
in models/user
public function validatePassword($password)
{
return $this->password === $password;//here $this->password is stored db password and $password is pass from loginform.
}
In the basic template, the usernames and passwords are stored in the $users array in app\models\User, when the user attempts to log in, the User object is populated from the $users array and that is where the password comes from.
public static function findByUsername($username)
{
foreach (self::$users as $user) {
if (strcasecmp($user['username'], $username) === 0) {
return new static($user);
}
}
return null;
}
This is called when the user attempts to login. If their username exists in the $users array, a new User is returned which is populated by the contents of the array. The syntax new static($user) means create a new type of the current class using the data in the given array to populate the fields.