Registration/Login conventions/best practices

Hey all,

I have been reading through various examples, trying to figure out what the best practices simply registering/logging in a user. I have used the MVC design pattern extensively in the past, but am new to developing in PHP using Yii, so I would just like to make sure I get best practices nailed down in the beginning.

(Steps that are clear)

  1. Define some sort of User model.

  2. Define CRUD operations on User model.

(Where I am not so clear)

first option

3?) Make additional LoginForm and RegisterForm models and respective views.

4?) RegistrationForm handles insurance of matching of passwords.

5?) Implement controller between both forms and User model. Forms pass input data to user model, User validates data returning Error message to Forms, which form then displays to client.

second option

3?) Don’t make separate LoginForm and RegisterForm models and views.

4?) Pass User Model to form generator

I would assume it is the first option, just because I would think that the User model should know nothing about forms. Then again, I am also new to the Yii framework, so hopefully someone can help clarify what Yii best practices would dictate doing in the fairly common scenario.


Yes, the first version is preferred. You can adapt the loginForm that is part of the default application that Yii generates. You will create the LoginForm / RegForm in any controller you want. In the loginform model you will have an authenticate validator for the password. To be thorough, you should also not access the user directly in the form, but an UserIdentity - this a another abstraction layer, which will be helpful if you have users from different sources. The reigsterForm will be similar.

some links:

Awesome, thanks a lot! I think I am pretty set on login, but are there any conventions for wrapping the registration process? It would differ from the login process in that the "authentication" to be done is solely that nobody with the same credentials already exists, which is the exact opposite of what happens in a login process.

I don’t think that subclassing CUserIdentity will be the right solution, simply due to the fact that they have no identity before they are registered.

Any suggestions to help think this through?


in your model:


public function register()




$criteria = new CDbCriteria;

$criteria->condition='email = :email';

$criteria->params=array( ':email'=> $this->useremail);	

$email = User::model()->find($criteria);



    $this->addError('useremail', 'Registration failed. Did you try to log in?');

    return false;


… if not, return true or create a user from the model

Thanks for the response! I just ended up adding the following rule to RegisterForm.php, is this conventional?

 public function rules(){


     //ensure username and email are unique

     array('username, email', 'unique', 'className' => 'User'),



Yes, this seems better what I have since it works together more closely with the framework. :)

Thanks again for all the help! There definitely seems to be a steep learning curve, but I can tell that it will definitely be very powerful.

If you are looking for a ready made solution there are a couple in the downloads->extensions area of the website.

My personal favourite is this: however it no longer seems to be under development.

I have used it on several production sites with no problems.