Auth and multiple entries


I’m just starting with yii, but I read a lot of Api and Tutos and see the video about blog set up.

I’m face to 3 kinds of users of my web application (Admin, user1, user2)

for all of us some informations are required to login (passwd for instance)

But for user1 and user2 there are different informations to login, user2 need extra information.

My question is "how can I handle this with the Auth manager…"

is there a tuto on this ?

do you have some hints ?

Thanks in advance for your responses…

Is my question stupid ?

Shall I build new class from CAuth… in order to take into account this case of multiple entries.

To be clear:

In one case I shall verify username and passwd (Ok, it’s simple) But in another case I shall verify username, passwd and an another field.


You could use a dropdownlist/radiobuttonlist to select the type of user you want to authenticate. Depending on the selected type, you could then perform different authentication methods in your UserIdentity class.

So roughly i’d start with something like this:

  1. Add a dropdownlist to your login view, to select the user type

  2. Add a public var $userType to your UserIdentity

  3. Use a scenario in LoginForm for every user type and configure the validation rules for each

  4. In the login action of your controller, check the value of your dropdownlist and set the model scenario accordingly

  5. In the authenticate method of LoginForm set the usertype in UserIdentity according to your scenario

  6. Perform different authentication in UserIdentity depending on the user type

It’s just the basic concept, but i hope it helps to get started.

Thanks a lot Mike.

It helps me a lot.

Hmm, Mike there stays a problem with your way of doing and Yii.

I feel that Yii inforces us to use a User table which is intended to gather information login of users.

Your hint works perfectly however we MUST put in User ALL informations which is used to login.

if a User1 needs only username and passwd and User2 need extra information as birth date (for instance), then we HAVE to add a column (birth date) to our User global table.

But this field is not used for User1.

(I hop I’m clear enough)

Other problem with this User "Yii predefined table" (even if we can change the fields in this table and changing username by email, we MUST gather login info in it for ALL users) is that in case we have, during loging process, search on a huge table (because collecting all users).

In my application, depending on url we know which kind of user must be login and recognize and then we search (or we would like to search, due to Yii architecture I don’t know whether it is possible ::) ) in the good table.

It permits to balance charge also

Hope I am clear…

Actually i don’t really understand. UserIdentity allows to do any kind of authentication you can think of. Yii doesn’t limit you there. It also doesn’t force you to fill in all fields all the time. That’s what scenarios are for. And why would it be a problem that for some user types, some unused columns (birthdate) are empty? Maybe you can explain and give a (simplified) example of some concrete user attributes?

I have Admin who is able to log in with (email, password)

I have Customer who is able to log in with (email, password)

I have Guest who is able to log in with (email, password, special-code)

There is 3 specific areas in the application

One dedicated to Admin, one for Customer and one for Guest

One chooses his specific area and connects with a specific login form representing their login information.

Then I judged ok to have at leat 2 different models (tables)

one for Admin/Customer

one for Guest. The amount of Guest is far higher than amount of Customers

Then at login stages searching in a single user table which encompasses admin, customer, guest seems to me time consuming and not so consistent because special-code addresses guests and not Admin nor Customer.

And As far As I have understood (but I’m far for this I think) Yii proposes user table.

(one table, one model)

Maybe I’m totaly wrong in my perception of the problem also…

So use 2 models, e.g. User (for Customer/Admin) and Guest. Then in UserIdentity use the above $userType to decide, which model to use for authentication.