Login funtionality


Im new to yii2, and im trying to have the login connected to my database.
so that the admin can create new users thru crud and that the created users can also login thru the login page.

hopefully you got some ideas!

You have to use the Advanced template

Already using that. just cant find a way to have the admin get a way of creating users thru a crud and give the created users admin permission or normal user. using rbac

Hi @DikkiX, welcome to Yii

First off, try to generate a CRUD for ‘User’ model in the backend using Gii. It will enable you to manage users in a limited way. You can create a user and manage some of the user’s attributes : login name, status (STATUS_ACTIVE, STATUS_INACTIVE or STATUS_DELETED), and others. The handling of password and the likes will be a bit complicated. Please read the source codes in ‘common/models/User.php’, ‘frontend/models/*.php’ and ‘frontend/controllers/SiteController.php’ in order to comprehend what you have to do to handle them correctly.

And, then, you have to deal with RBAC to make a user admin or normal. It’s another challenge.

If you want a very simple way, you may modify the user table and add a field that indicates he/she is an admin user or a normal user.

But usually you may want to have an extensible and flexible RBAC system. In that case you have to enable the yii’s RBAC component following the guide.
Security > Authorization > Role Based Access Control (RBAC)

And you have to implement the UI for the role assigning of the users, on your own.

Another way is to use a user management extension for Yii2. It may reduce some of your labor. I think that Yii 2 Usuario Extension is a reliable standard.

But I would rather encourage you to do it on your own. Access controlling and user management is a must have for any app, but the requirements differ app to app. Any ready made extension will be a lttle misfit to your certain app. And using an extension doesn’t mean that you don’t have to understand the RBAC system.

Hi @softark,

Thank you for your support!

I have gone thru everything you sent and hit a wall :smiling_face_with_tear:
This is for a school project so im stressing a bit ;/

After setting up the RBAC admin successfully I got links to navigate thru my admin panel.


I created 2 roles, Admin and Employee and assigned all the admin routes to the Admin role.
Now comes the first problem. After assigning the routes, and assigning users to roles. I can still acces those pages without logging in that means im doing something wrong and those assignments don’t work and I can’t find the solution after searching for it.
I want the Admin to be the only Role to be able to have acces to those Admin functionalities and also be the role to be able and create new users and give them a role (Employee’s on the front-end) (Admin on the front-end and backend).
I have gone through the docs and don’t understand everything sorry and can’t seem to find a lot of info online and youtube.
If anyone can help me here or even make time on Discord to help me would be highly appreciated.

My Discord: DikkiX#2653
Excuse my bad grammer, im a dutch student!

This is the best source for your help. Please take enough time to comprehend it.

I guess what you have to do next is writing a behavor of access control filter for the admin controller.

use yii\web\Controller;
use yii\filters\AccessControl;

class AdminController extends Controller
    public function behaviors()
        return [
            'access' => [
                'class' => AccessControl::class,
                'rules' => [
                        'allow' => true,
                        'roles' => ['admin'],
    // ...

Thank you @softark I will try this.
Can u also check ur pm because i asked a question there!


I’m very sorry, but I can’t discuss the problem via PM now, partly because I’m too busy to dig into the matter. Also, it’s not my preferrence to use PM and other private route to discuss the problem that should be dealt in open place like this forum.

The tutorial didn’t make me create an AdminController.
My admin links controllers are

Or do i need to create a controller for admin thru Gii in backend?