Login not working!

micksalerno · January 15, 2011, 4:36pm

I have just started messing about with yii and I’m trying to implementing registration. I’ve managed to add login details to database but can’t login automatically afterwards my register controller:


if($_POST['register'])

            {

                $user=new User();

                $user->attributes=$_POST['register'];

                

                if($user->validate())

                        {


                        $user->save();

                        

                        $identity=new UserIdentity($username,$password);

                        if($identity->authenticate())

                                

                        $duration= 3600*24*30;

                        Yii::app()->user->login($identity,$duration);

                        $json = array('redirect'=>Yii::app()->request->baseUrl.'/profile/index');

                        echo CJSON::encode($json);

                        exit();

                        }

                        else

                        {

                            $data['error'] = $user->getErrors();

                            echo CJSON::encode($data);

                            exit();

                        }

in my useridentity class:


 private $_id;

    public function authenticate()

    {

        $record=User::model()->findByAttributes(array('username'=>$this->username));

        if($record===null)

            $this->errorCode=self::ERROR_USERNAME_INVALID;

        else if($record->password!==sha1($this->password.md5($this->username)))

            $this->errorCode=self::ERROR_PASSWORD_INVALID;

        else

        {

            $this->_id=$record->id;

            $this->errorCode=self::ERROR_NONE;

        }

        return !$this->errorCode;

    }


    public function getId()

    {

        return $this->_id;

    }

I’m also using this in my user model:


 public function beforeSave() {

            $this->password = sha1($this->password.md5($this->username));

            return true;

}

Any ideas?

twisted1919 · January 15, 2011, 5:17pm

Just as a sidenote, i might be wrong, but:

if your password is "password" and before saving it, becomes a 40 chars length (sha1) hash, then in database, you will save the generated hash. But, when updating a user, $this->password is already hashed, but you are hashing it again in beforeSave(), so this leads to a hash of the previous hashed password which leads to users unable to login.

jayrulez · January 15, 2011, 5:50pm

he could use




public function beforeSave()

{

    if(parent::beforeSave())

    {

        if($this->getIsNewRecord()/*||$this->scenario==='changePassword'*/)

        {

            $this->password = md5($this->password);

        }

        return true;

    }

    return false;

}

micksalerno · January 15, 2011, 6:22pm

I’ve sorted it I amended my register controller like this:


if($user->validate())

                        {


                        $user->save();

                        

                        $identity=new UserIdentity($_POST['register']['username'],$_POST['register']['password']);

                        if($identity->authenticate())

                                

                          $duration= 3600*24*30;

                        Yii::app()->user->login($identity,$duration);

                        $json = array('redirect'=>Yii::app()->request->baseUrl.'/profile/index');

                        echo CJSON::encode($json);

                        exit();

                        }

twisted1919 · January 15, 2011, 6:27pm

You just avoided the problem, didn’t fixed it.

micksalerno · January 15, 2011, 6:36pm

True. Although I’m only using this controller for registering. I’ll sort it and let you know.

Lilt · January 17, 2011, 3:13pm

Hi there. I was having exactly the same problem. I’m not 100% sure what the core of the problem was, but I think it was something to do with the order in which objects were initialised. I was able to solve it by initialising the WebUser object (check Yii::app()->user->isGuest) at the very start of your action. For some odd reason it was giving me two sessions with the same ID and same key prefix.

I was trying to log in after the registration, but this wasn’t shown on other pages. Meanwhile, a check to see if I was logged in right before I tried to log in again after registering again showed that I was still logged in.

Anyhow, hope this helps. Anyone who knows the core code a little better care to hazard a guess where the actual error might be happening? I printed out the Session ID and key prefix in both cases and they were the same. Note that I’m using enableCookieValidation, if that matters, and also using a SOAP call to insert the user’s details into an external database.

Cheers.