Part IV - Trying to understand the principles of Yii !

Well, I arrived at a critical point: Authentication!

First of all I know that in real world applications, the user must be logged in to perform the tasks / activities of the application. Despite this, I know that there are some tasks that are performed by anonymous user, like Public tasks that do not need to someone is logged in.

There are applications that runs some tasks/activities using the database to retrieve and display data. The task of login, as any other, is offered in a menu item.

Despite of the application style of dealing with LOGIN we know that at some point the objects of the application must be aware (or be aware) that there is no need for the user to be logged, or programs can be run with authentication to anonymous (guest) or without authentication.

Suppose that my actual application has no guest tasks. All task it do need to the users be logged in. So my primary (main) controller immediately routs the execution flow to the login program (form).

The doubts !

  1. How can I properly setup the USER component properties (in main app config file) to deal with database driven Authentication  ?

  2. What is the right value of the "allowAutoLogin" USER property ?

I have an Usuario.php class (subclassing of CActiveRecord class) that defines my tbUser database table. And I have into my LoginForm its authenticate method that does:


$identity=new UserIdentity($this->txtUsername,$this->txtPassword);



I know that CUserIdentity class constructor assigns its username and password properties and I know that at this point the USER object has been created as well (at the time of creating the application singleton object).

  1. The UserIdentity instance will recreates the USER object ?

Into my UserIdentity class I have:


	public function authenticate()


		$senha	= md5($this->password);

        $record = Usuario::model()->findByAttributes( array('de_nick'=>"{$this->username}", 'de_senha'=>"{$senha}") ); 


  1. If authentication runs well (done), how can I inject my actual User data (finded database user record fields values) into the USER ( Yii::App()->user ) object ? For this, I will need to create a WebUser (subclassing CWebUser) class ? If so, what kind of methods should be created to inject the values of the database on the properties of this object?

TIA (for a while).


You should checkout Yii Cookbook and example "How to add more information to Yii::app()->user":


Yes Jsmith I did it.

My other topics (here) are discussing this misunderstanding/disagreement in greater depth.



  1. You don’t deal with the CWebUser object to implant DB auth, you need to create a CUserIdentity child and implant it there.  Look at the blog demo for example

2.  It’s whether cookie login is enabled (please check the api before asking these questions if you didn’t, it says right here)