April 19, 2009, 1:33am
I would like to log a user in automatically after successful registration, so I have this piece of code to do it:
The page at /home has a widget that uses Yii::app()->user->name, but after redirecting, the user name is not available.
I can log the user in manually and the data is there with no issue.
Have I missed a step in my auto login code?
April 19, 2009, 3:14pm
It seems fine to me. Do you mean Yii::app()->user->name is not set?
April 19, 2009, 5:24pm
In the widget:
The 'if' condition evaluates to isGuest = true, even after logging the user in, so the code block does not run.
April 19, 2009, 5:56pm
Did you override CUserIdentity::getId() ? I guess $identity doesn't have a valid ID value even if you call authenticate() (because your password may not be correct since it may be encoded.)
April 19, 2009, 6:35pm
I'm using the webapp generated UserIdentity, which has getId overridden:
It's just strange that I can log them in manually since the password is the same from the form or from the DB (same salt and hashing).
When I echo Yii::app()->user->id outside of the conditional after auto login authentication, it's empty, but when I log in manually, the id shows up, so you're right, it's not getting the id, I just can't figure out why since the very same functions are being called in both cases.
It's the same and only UserIdentity class in the app.
April 20, 2009, 12:24pm
When you do "new UserIdentity", is the password in plain text or hashed?
April 20, 2009, 2:22pm
It's the hashed password from the database.
April 20, 2009, 2:28pm
Wait a minute, that means I'm hashing the hashed password by calling authenticate(). How can it log in at all?
EDIT: The answer is it's not logging in, it's showing a secure page without the user having to successfully authenticate.
How are you guys ensuring a user is authenticated before displaying pages? RBAC?
April 20, 2009, 3:25pm
All you need is a valid user ID. So you may add a new method in your UserIdentity class which will find the ID based on the given username. You can call this method and then login the identity.