Auto generated login

Hi,

I noticed in the skeleton app that Yii creates, it has a demo and admin account.

Where are these accounts stored? Because I do not think they are stored in the database is this correct?

It does

it generates the data using the sql file plus the script dbgen.php that are located in protected/data

EDIT: It does not generate sql, but you can

The authentication is done in LoginForm and UserIdentity

In 1.0 they were hardcoded in protected/components/UserIdentity.php.

In 1.1 like Gustavo says.

/Tommy

Cheers folks,

Just been looking more into the Framework, just to clarify I am using version 1.1.5 and Yii does not put anything in the database. I have checked the UserIdentity class and it just validates that the password is "demo", "demo" etc. It does not do database work.

Do we have to write our own user login in Yii 1.1.5 using the UserIdentity class?

Seems like I was wrong about 1.1 (my webapp generated by 1.1.4 has the two users hardcoded). I can’t remember where to find ready code examples for this. You can search the wiki (perhaps here) for solutions or take a look at the old Yii 1.0 skeleton app.

Edit: this one seems to be spot on

/Tommy

This may be helpful?

Dana - I had a look at your guide there. The thing is all this stuff about roles and permissions got me really confused. So I just did it the quick and dirty way. By that I mean in my loadModel() function I have something like this to ensure that users can only read/update their own records:


$this->_model=Enquiry::model()->findByPk($_GET['id'], 'user_id'=>Yii::app()->user->id));

And in my access rules I just check that the user has been authenticated (‘users’=>array(’@’))

To ensure only ‘Admin’ users can access my admin module I do this in accessRules:


'expression'=>'Yii::app()->user->getState("type")==1',

(I store the user’s ‘type’ in a session variable)

I don’t really know how secure/efficient these methods are but they work for me.

Ok cheers folks,

Just to go on this a little further.

What is the point of the "CUserIdentity" class? Why do we extend from that to product user login, what value does that provide over say extending from a Model?

What is the point of using a framework like Yii ?

Authentication in Yii:

http://www.yiiframework.com/doc/guide/1.1/en/topics.auth

HTH ;)

The point is to be able to use the same interface no matter how the user is authenticated.

So if you extend from CUserIdentity, you can be certain that it would just plug into the rest of your unmodified application, and any third-party modules.