maybe my request is similar to this one but I’d like to go a bit more in deep.
I’ve made a admin controller for the website backend that uses its own layout and when the user is not authenticated it redirects to the login page.
Then in the frontend I have a login form for "public" users that, once logged in, should be able to see certain area of the website that are for members only, and to edit their profile information.
So, for editing the profile information I’d like to use the same controller that I’ve used for the admin (UserController) to save / load user info.
At the same time, if a user on the frontend tries to reach a members only page I’d like to redirect him to the public login page… while if an admin tries to reach an admin page without being logged in I’d like to redirect him to the admin login page.
Which is the best way to achieve these two things?
I’ve just found this one: Organize directories for applications with front-end and back-end (in the cookbook)
This could be nice a solution for me as it would also allow me to set two different login pages (loginUrl) for frontend / backend and then I’ll use the frontend’s UserController from the backend, right?
But with this setup, can I still use yiic for generate a controller for the backend? / how ?
Another question: was that guide wrote after the introduction of modules? Or, having now the module feature, it could be set up as a module? (a user asked the same thing in the comments btw)
The yiic shell tool works per application. That means, if your front-end and back-end are two applications, you should be able to use yiic shell to create controllers/models/cruds for each of them. You may use the following format to start yiic shell:
cd wwwroot
protected/yiic shell protected/config/main.php
protected/yiic shell protected/config/admin-main.php
The guide was written after module was implemented. In general, modules are mainly used to develop sub-applications that are meant to be reused as a whole. Because back-end varies widely in different systems (usually need further development), it is more appropriate to develop it as an application instead of module.
Thanks. But now I’m a bit confused: what you described in the cookbook 33, it is not the same than having two applications, right? so in that case you can’t use yiic for the backend. (right?)
…or… does it just need to take the backend config files (protected/backend/config/main.php) ? (going to try this now)
…so having it set up in that way we can for example keep the "user" model just in the frontend and then have two different controllers and views for fron-end and back-end right?
would it also be possible, if needed, to use a fronend controller from the backend?
Another question: is it possible / how to have a different session for the user logged in admin than the user logged in frontend ?
Now, if I login from the frontend and then I go to the backend I find myself authenticated with the same user in the backend too… would like to avoid this to prevent “session hijacking” giving a shorter expiration time to the backend or avoiding completely the cookie… (anyay if I’m not wrong Yii already do the check to the IP… but an extra level of security is always nice )
If you want to use the same login data for each enter points, you should set same stateKeyPrefix in both configuration files. Simple part of config will be like this:
)