The Definitive Guide recommends, in section 3 of the chapter entitled
"Authentication and Authorization", that one should override
CUserIdentity::authenticate and CWebUser::beforeLogin. I’ve been
trying to implement this, but I can’t get it to work. My problem is
that beforeLogin is not being called when I expect it to be.
To reproduce the behaviour that surprises me, do the following.
Install Yii 1.1.7.
Create a website using "yiic webapp SOME_DIRECTORY".
Access this website.
Log in, making sure to check "Remember me next time".
Edit CWebUser.php, changing beforeLogin so that it throws an exception.
(I know it’s normally not a good idea to change the Yii classes; I am
suggesting it here only to illustrate the problem I’m having.)
- In the browser, follow the "About" link in the navbar of the new website.
I expect beforeLogin to be called at this point, and for the browser
to display an error message from Yii about an exception in beforeLogin,
but this doesn’t happen. Instead, I simply get the “About” page.
Therefore, I conclude that beforeLogin is not being called, which seems
to contradict the documentation.
By the way, I’m just starting on my first Yii site, so if I’ve got something wrong,
don’t be too hard on me.
Just in case the information is useful, I will list the software I used
for the above test:
Debian Linux 6.0
The website and the browser were running on the same machine.