I’m new to yii. I have just developed my first yii based web application, however I have a problem with activation. User can still access their accounts even though they haven’t activated them on their emails. how can I forbid them from logging in before verifying their accounts? active== 0 OR 1.
Just create them inactive by default, and check the active status in your UserIdentity’s component authenticate() method
You can for instance do it like this (changes the example found in the link above):
class UserIdentity extends CUserIdentity
{
/* In {yii-framework}/web/auth/CBaseUserIdentity.php
const ERROR_NONE=0;
const ERROR_USERNAME_INVALID=1;
const ERROR_PASSWORD_INVALID=2;
const ERROR_UNKNOWN_IDENTITY=100; */
// So here we add a specific constant for inactive users, with the value you like different from those above
// There's one risk: some future version of the framework may use that value or that constant
const ERROR_USERNAME_INACTIVE=67;
…
public function authenticate() {
$record=User::model()->findByAttributes(array('username'=>$this->username));
if($record===null)
$this->errorCode=self::ERROR_USERNAME_INVALID;
// here we check the active status
else if (!$record->active)
$this->errorCode=self::ERROR_USERNAME_INACTIVE;
else if($record->password!==md5($this->password))
$this->errorCode=self::ERROR_PASSWORD_INVALID;
else { // ok, can log the user
}
…
}
}
And also modify your LoginForm model’s authenticate method in order to reflect the new constant (ERROR_USERNAME_INACTIVE) and display some message to the user if you want