Action filter

Hello. i have comment form here.

<div class="comment_form">

            <p class="comment_title">Leave comment</p>

            <?php echo CHtml::beginForm()?>

            <div class="comment" id="a">

                <?php echo CHtml::textArea('content', '', array('id'=>'comment_area', 'rows'=>6, 'cols'=>38))?>


            <div class="comment" id="b">

                <br />

                <?php echo CHtml::ajaxSubmitButton('Submit', 





                                                if($(".comment_form textarea").val()=="")


                                                    $(".comment_form textarea").css("border","1px solid #f00");

                                                    return false;




                                                return true;




                                    'content'=>'js:$(".comment_form textarea").val()',

                                    'owner'=>  Yii::app()->user->getID(),



                            'success'=>'js:function (){

                                        $(".comment_form textarea").css("border","1px solid #cacaca");

                                        $(".comment_form textarea").val("");









            <?php echo CHtml::endForm();?>


It send ajax request to leave comment. But i don’t know how to deny non-logged in user lo leave comment. How i do this? And sorry about my english of there is mistake.

There are two things:

  1. to hide Submit button (or some other part of HTML) if user is not logged just put it in "if" block:

<?php if( !Yii::app()->user->isGuest ): ?>




<?php endif; ?>

  1. to make your application really secure you have to also prohibit action for not logged user (so nobody can prepare specific request by hand and call it):

class CommentController extends Controller {


    public function filters() {

        return array(

            'accessControl', // perform access control



    public function accessRules() {

        return array(

            array( 'allow',

                'actions' => array( 'comment' ),

                'users' => array( '@' ), //any logged user can call this action


            array( 'deny',

                'actions' => array( 'comment' ), //deny 'comment' action for any other (not logged) users


            //place here other rules (if any)

            array( 'deny' ), //deny any other requests to this controller



of course you should merge accessRules with your own and adapt it to your needs (the main concept is: first matching rule wins)

I tried accessRules and works well. The problem is there is no response. I use fiddler to se what is wrong. and there is

<!-- end #footer -->

<script type="text/javascript">


jQuery(function($) {

$('#login-form').yiiactiveform({'validateOnSubmit':true,'attributes':[{'id':'LoginForm_username','inputID':'LoginForm_username','errorID':'LoginForm_username_em_','model':'LoginForm','name':'username','enableAjaxValidation':false,'clientValidation':function(value, messages, attribute) {

if($.trim(value)=='') {

	messages.push("Username cannot be blank.");


}},{'id':'LoginForm_password','inputID':'LoginForm_password','errorID':'LoginForm_password_em_','model':'LoginForm','name':'password','enableAjaxValidation':false,'clientValidation':function(value, messages, attribute) {

if($.trim(value)=='') {

	messages.push("Password cannot be blank.");






on the form page there is no response. how do i catch response. I need to whether use is authenticated or not and display message like "Please log in."

So you should check "loginRequiredAjaxResponse" attribute in CWebUser:

…or read:

I think one of those should help :)