gRbac - User registration, authentication and management

gRbac - User registration, authentication and management

test drive:

user: admin

pasword: password

Cool, I like the confirm email part.

How did you do that part?

I generate a random validation code and mail the user to confirm registration. The confirmation link intercept the code to validate, after which the account is set to active.

Very good and useful extension. Congratulations. I have a simple recommendation for now. I think you should use PHPMailer (mailer extension) instead of email extension. However, I have to say that gRbac is a very useful extension.


Thanks for the recommendation, I will definitely use it in next version when the base code is cleaned up.

This is how my password generation looks like. I am total newbie when it come to the web security.

Please see and suggest if it is a good idea to use part of the user.created TS for salt.

    protected function beforeSave()


        $hashAlgo = Yii::app()->getModule('grbac')->hashAlgo;

		// random salt =CCYYmmddHH, it must be set along with created, latter we will using created to derive the salt.

		$salt     = date("YmdH");

		$this->created = new CDbExpression('NOW()');

		$this->created = date("Y-m-d H:i:s");

        if (!function_exists('hash')) $this->password = md5($this->passwordNew.$salt);

        else                          $this->password = hash($hashAlgo, $this->passwordNew.$salt);

        return parent::beforeSave();


Where can I download the latest version.

Do you use SVN/Mercurial for Subversioning?

There is no published files at


added the pre-release file.

Please see the PM


I’ll give it a try and I tell you my experience.


Sure, please download the new copy. I updated the UserIdentity

I am putting appropriate comments in the code and re-factoring the code.

In the first release, due this weekend, I will be adding PHPMailer as recommended by robregonm.

Hi download the new copy and let me know. Thanks


Hi ,

i followed your installation instruction , however i only got Srbac working but not grbac .

the error i’m getting when trying to register or login is (http://localhost/srtest/index.php?r=grbac/registration/register)

Error:403 'You are not authorized for this action'

Note : i’ve checked and userid=1 has itemname=Authority, and userid=2 has itemname=User in the assignments table

I’m sure it’s a small issue but i couldn’t figure it out

This was solved by adding the following to the /protected/config/main.php




Now i can access the login page , register (with conformation)

But when i login it’s redirects me to the index.php but

i’m not logged in , meaning i’m still considered a Guest user .

Any ideas ?

Hi, first of all, thank you for your feedback.

Here are some debugging that can help.

Put a print_r($identity) after $identity = new UserIdentity($this->username, $this->password); in model/Users.php

If there is no error from the above, you possibly are authenticate good. The simplest way to verify is to check if the lastlogin Timestamp is changed. Possible problems could be the difference in encryption and decryption parameters, algo and functions used. I know it is not wise to put salt and algo in the user table. As soon as I have some time to avail, I will put these in a separate table (user_security), along with question, answers and alternate recovery email.

I have $this->redirect(Yii::app()->user->returnUrl); in AuthenticateController, but it always throws me to index page when I am authenticate good. I still do not have the solution to that yet. Surely some brainiac here will highlight us with solution.

If you see that the lastlogin TS is updated and your app()->user->isGuest is still true, possible for some reason your user identity is not set correctly.

Hi ,

thanks for the quick reply :) . unfortunately it’s still not working :mellow: .

Timestamp of last login is the same as created.

after some digging i think i narrowed it down to this :

in grbac/controllers/AuthenticateController.php :

 public function actionLogin() {


      // validates and authenticates





the If returns true (honestly i didn’t understand why) , thus preforming the redirect .

However in the process it does not trigger "authenticateLogin" in Users as it should

from what i gathered . looking at the Users model "authenticateLogin" should be

triggered from the ‘login’ scenario and not the ‘Users’ as written in the controller.

(Option #2 is i don’t really understand scenarios ::) )

When i change




"authenticateLogin" is triggered , but that creates other problems .

Can you try this:

  public function actionLogin() {

    $user=new Users('login');

    // add the scenario


    if(isset($_POST['Users'])) {


      // validates and authenticates

      if($user->validate()) // notice





It’s working :D :D :D

Now i can continue to work on your very cool extension

Thank you very much , keep up the good work !!

Little Bug

In grbac/controllers/AdminController.php :

public function actionManage() {

    $actives   = Users::model()->count('active=1');

    $inactives = Users::model()->count('active=0');

    $this->render('manage', array('users'=>$users,'actives'=>$actives,'inactives'=>$inactives));


Thus $users isn’t defined and we get error , so i changed it to this and now it’s working .

Probably we don’t need all the data from Users and should use CDbCriteria , it’s just a quick fix.

public function actionManage() {

    $actives   = Users::model()->count('active=1');

    $inactives = Users::model()->count('active=0');

    $users= Users::model()->findAll();

    $this->render('manage', array('users'=>$users,'actives'=>$actives,'inactives'=>$inactives));


i’m off to check emailing capabilities :)

I’ve tested your extension and I think that some “tableName” functions in some models should be modified to detect automatically the tablename from srbac configuration or maybe should be inherited from main Users model and only this model implements this code. Also, I think i18n for this ext will be very useful.

I can give you a hand, I like this extension very much, contact me and maybe we implement a SVN (e.g. Google Code) and it will e easier to modify and maintain. (I’m testing with Yii 1.1-dev and Srbac 1.1-dev)

Best regards and merry christmas.