Recently, I have created a new web application by using yiic console command. Unfortunately, I was unable to login to the system with the default login credentials (admin/admin or demo/demo) provided by Yii. There is no error message and it just redirect me to the homepage.
After further checking, I realized that the Yii::app()->user->isGuest() is always return true although I have successfully logged in to the system and the “login” hyperlink on top of the banner wasn’t change to “logout”.
I didn’t modify any code and all the code is originally generated from yiic command.
I’m using Apache/2.2.15, Yii Framework/1.1.14, PHP 5.5.3, Centos 6.4. Will it be any compatibility issues? How can I fixed this issue?
BTW, I’m new to Yii and sorry for my poor English.
public function actionLogin()
{
$model=new LoginForm;
// if it is ajax validation request
if(isset($_POST['ajax']) && $_POST['ajax']==='login-form')
{
echo CActiveForm::validate($model);
Yii::app()->end();
}
// collect user input data
if(isset($_POST['LoginForm']))
{
$model->attributes=$_POST['LoginForm'];
// validate user input and redirect to the previous page if valid
if($model->validate() && $model->login())
$this->redirect(Yii::app()->user->returnUrl);
}
// display the login form
$this->render('login',array('model'=>$model));
}
LoginForm.php
<?php
/**
* LoginForm class.
* LoginForm is the data structure for keeping
* user login form data. It is used by the 'login' action of 'SiteController'.
*/
class LoginForm extends CFormModel
{
public $username;
public $password;
public $rememberMe;
private $_identity;
/**
* Declares the validation rules.
* The rules state that username and password are required,
* and password needs to be authenticated.
*/
public function rules()
{
return array(
// username and password are required
array('username, password', 'required'),
// rememberMe needs to be a boolean
array('rememberMe', 'boolean'),
// password needs to be authenticated
array('password', 'authenticate'),
);
}
/**
* Declares attribute labels.
*/
public function attributeLabels()
{
return array(
'rememberMe'=>'Remember me next time',
);
}
/**
* Authenticates the password.
* This is the 'authenticate' validator as declared in rules().
*/
public function authenticate($attribute,$params)
{
if(!$this->hasErrors())
{
$this->_identity=new UserIdentity($this->username,$this->password);
if(!$this->_identity->authenticate())
$this->addError('password','Incorrect username or password.');
}
}
/**
* Logs in the user using the given username and password in the model.
* @return boolean whether login is successful
*/
public function login()
{
if($this->_identity===null)
{
$this->_identity=new UserIdentity($this->username,$this->password);
$this->_identity->authenticate();
}
if($this->_identity->errorCode===UserIdentity::ERROR_NONE)
{
$duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days
Yii::app()->user->login($this->_identity,$duration);
return true;
}
else
return false;
}
}
UserIdentity.php
<?php
/**
* UserIdentity represents the data needed to identity a user.
* It contains the authentication method that checks if the provided
* data can identity the user.
*/
class UserIdentity extends CUserIdentity
{
/**
* Authenticates a user.
* The example implementation makes sure if the username and password
* are both 'demo'.
* In practical applications, this should be changed to authenticate
* against some persistent user identity storage (e.g. database).
* @return boolean whether authentication succeeds.
*/
public function authenticate()
{
$users=array(
// username => password
'demo'=>'demo',
'admin'=>'admin',
);
if(!isset($users[$this->username]))
$this->errorCode=self::ERROR_USERNAME_INVALID;
elseif($users[$this->username]!==$this->password)
$this->errorCode=self::ERROR_PASSWORD_INVALID;
else
$this->errorCode=self::ERROR_NONE;
return !$this->errorCode;
}
}
if you did not modify anything in code then problem must be in session/cookie handling by your php on server or your browser. You must debug what cookies are set, session id, etc.
I have tried this, but still no luck for me. I believe it’s something to do with the PHP session or cookies problem like what andy_s and redguy mentioned. Thanks anyway.
Hi Andy & Redguy, could you guys please guide me on how to check on the session/cookie handling by PHP? Attached herewith the screenshot of the PHP session from php_info.
Open your browser’s cookie manager and clear all the old cookies from this domain. Then try to login again.
(Weird, but cool): What’s your domain name look like? I’ve had this issue on Google Chrome + dev domain w/o TLD (i.e. http://example instead of http://example.local)