Login Using MySQL DB

Hi Everyone,

I would like to learn How to use DB for authentication?

I followed steps from the following link:

But I am not able to succeed with these changes.

Could anyone please help me to achieve this?

Thank you in advance.



Hi tarakarama,

After reading the good tutorial you found on the web, what are the steps that you cannot understand / failed? IMHO the tutorial is very well written and explains step by step the procedures to achieve it.

I do not know if you could get a better help than that tutorial…


Followed the same steps. And tried to access the page using this link: http://localhost/nano/index.php/user

I am getting the following error.

Parse error: syntax error, unexpected T_STRING, expecting T_FUNCTION in C:\wamp\www\nano\protected\models\User.php on line 56

And line 56 in User.php is DEFINE(‘SALT_LENGTH’, 10);

Please help me with this.

Thank you,


I guess you are doing something like

class User extends Model{

//method 1

 function method1(){




//method 2

 function method2(){




you should define it or inside a method or outside the class

Hi Gustavo,

Thank you for your response.

I moved the define to outside class. Now I can see the login page. But when I am not able to login. Its throwing error saying incorrect password. I am using the data from DB only.

Please help me with this.

Thank you

If you are using from the blog demo the password is stored encripted(sha1) and it wont work if you use the same as stored in db

you should use the one that was used to create the sha1 hased password

Please make sure you create a user before you actually trying to enter to the system and make sure you have the encrypted password within.


I followed same steps and got error

PHP notice

Undefined index: email


103 $model->password = $model->hashPassword($_POST[‘User’][‘password’], $_POST[‘User’][‘email’]);

Please help the growing generation.



Undefined index: email > check your form, you don’t appear to have a field named “email”.

In my code i have created login action so please follow the step…

1) you can create the actionLogin on your controller…

public function actionLogin()


		$this->layout = 'admin_login';

		$model=new AdminLoginForm;

		// if it is ajax validation request

		if(isset($_POST['ajax']) && $_POST['ajax']==='login-form')


			echo CActiveForm::validate($model);



		// collect user input data




			// validate user input and redirect to the previous page if valid




		// display the login form




i call a if($model->login()) on previous function so i write this function on my model (AdminLoginForm.php)

public function login()




			$this->_identity=new AdminIdentity($this->username,$this->password);





			$duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days


			return true;



		    Yii::app()->user->setFlash('error', "User Authentication failed!");

			return false;




3) And finally create the new class on componets folder AdminIdentity.php and write a custome query



 * CustomerIdentity represents the data needed to identity a user.

 * It contains the authentication method that checks if the provided

 * data can identity the user.


class AdminIdentity extends UserIdentity


	private $_id;

	const ERROR_NONE=0;






	 * Authenticates a user.

	 * The example implementation makes sure if the email and password

	 * are both 'demo'.

	 * In practical applications, this should be changed to authenticate

	 * against some persistent user identity storage (e.g. database).

	 * @return boolean whether authentication succeeds.


	public $email;

	public function __construct($username,$password)






	public function authenticate()


		$email = $this->email;

		$criteria = new CDbCriteria();


		$criteria->select = "t.*, CONCAT_WS(' ', t.`firstname`, t.`lastname`) AS `fullname`";

		//$criteria->condition  = ' t.user_type = IN(\'admin\',\'user\') AND(t.username = \''.$this->username.'\' OR  t.`email` = \''.$email.'\')';

		$criteria->condition  = ' t.user_type IN(\'admin\',\'superadmin\') AND(t.username= \''.$this->username.'\' OR  t.`email` = \''.$email.'\')';

		$admin = User::model()->find($criteria);



		if($admin===null) {


		} else if(Yii::app()->getModule('admin')->encrypting($this->password)!==$admin->password) {


		//} else if($admin->status==0&&Yii::app()->getModule('admin')->loginNotActive==false) {


	/*	} else if($admin->status==-1) {


		} else {

			$this->_id		= $admin->id;

			$this->email	= $admin->email;

			$this->username	= $admin->email;

			$this->errorCode= self::ERROR_NONE;


			Yii::app()->admin->guestName = $admin->email;

			Yii::app()->admin->name = strtolower($admin->user_type);


			//Yii::app()->admin->fullname = $admin->username;


			$adminData = $admin->attributes;

			$adminData['fullname'] = $admin->username;



		return !$this->errorCode;



	 * @return integer the ID of the user record


	public function getId()


		return $this->_id;



i hope it’s help may be someone.

FYI that tutorial does have a couple errors in it:

  1. Model (user.php)
    Needs to be outside the class or inside the function hashPassword.

  2. Controller (userController.php)

The salt of the password is e-mail and not username.

$_POST [ 'User' ][ 'email' ]) should be $_POST [ 'User' ][ 'username ])

You will never login with the users you created because the validation is looking for