[SOLVED] PART I - Definitely Yii isn't friendly with its Authentication feature

Archives Yii 1.0.x Discussions
1

(my environment is: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i mod_autoindex_color PHP/5.2.8 Yii Framework/1.0.3)

First Scenario - Following the instructions founded at Definitive Guide (http://www.yiiframework.com/doc/guide/topics.auth) and Yii CookBook (http://www.yiiframework.com/doc/cookbook/6/)

--------------------------------------------------------------------------

Step 1: main.php config file has

Quote

...

'user'=>array(

                  'allowAutoLogin'=>TRUE, // enable cookie-based authentication

                ),

Step 2: extending the CUserIdentity Yii class

Quote

<?php

class UserIdentity extends CUserIdentity

{

public $_id = NULL;	











public function authenticate()





{ 





	$senha	= md5($this-&gt;password);

        $user = Usuario::model()->findByAttributes( array('de_nick'=>"{$this->username}", 'de_senha'=>"{$senha}") );

	if( $user===null ) {





		$this-&gt;errorCode=self::ERROR_UNKNOWN_IDENTITY;





	} else {





		$this-&gt;_id		= $user-&gt;id_usuario;





		$this-&gt;password = $senha;

                          // customizing USER object !!!

		$this-&gt;setState( &#039;tp_pessoa&#039;, $user&#91;&#039;tp_pessoa&#039;] );





		$this-&gt;setState( &#039;guestName&#039;, $user&#91;&#039;de_nick&#039;] );





		$this-&gt;errorCode=self::ERROR_NONE;





	}





	return !$this-&gt;errorCode;





}











public function getId()





{





	return $this-&gt;_id;





}

}

?>

Step 3: Evaluating the Yii::App()->user has changed as expected, at SiteControler program (assuming the input of a valid login data).

Quote

public function actionIndex() 
{





	// renders the view file &#039;protected/views/site: /index.php or /login.php&#039;





	// using the default layout &#039;protected/views/layouts: /mainLayout.php or /loginLayout.php&#039;





	if( Yii::App()-&gt;user-&gt;isGuest ) {





		$this-&gt;layout = &#039;loginLayout&#039;;





		$form = new LoginForm;





		// collect user input data





		if(isset($_POST&#91;&#039;LoginForm&#039;]))





		{





			$form-&gt;attributes=$_POST&#91;&#039;LoginForm&#039;];





			// validate user input and redirect to previous page if valid





			if($form-&gt;validate())





				$this-&gt;redirect(Yii::app()-&gt;user-&gt;returnUrl);





		}





		// display the login form





		$this-&gt;render( &#039;login&#039;, array(&#039;form&#039;=&gt;$form) ); 





	} else {

var_dump(Yii::App()->user); // (***)

die();

// display the main program

		$this-&gt;layout = &#039;mainLayout&#039;;





		$this-&gt;render(&#039;index&#039;);





	}





}</div></div>

Step 4: The great disappointment: Where is the customization?

Quote

( the output of var_dump  *** )

object(CWebUser)#8 { [“allowAutoLogin”]=>  bool(true) [“guestName”]=>  string(5) “Guest” [“loginUrl”]=>  array(1) { [0]=>  string(10) “site/login” } ["_keyPrefix:private"]=>  string(32) “7f3668ab9970a2aec82f5148750368e0” [“behaviors”]=>  array(0) { } ["_initialized:private"]=>  bool(true) ["_e:private"]=>  NULL ["_m:private"]=>  NULL }

At next post I will expose the second scenario of desapointment.

TIA

MN

2

The customized data are stored in $_SESSION. That's why you couldn't see them in var_dump of the user object.

3

( Only for curiosity, my php was configured with session_auto_start = On )

But I think that "$this->setState( 'prop', 'data' );" into UserIdentity would injecting a new property into Yii::App()->user instance ?!?!? Wouldn't it ?

MN

4

It does. However, CWebUser doesn't keep them in memory. Instead, they are stored in $_SESSION so that they are persistent during the whole session.

5

So, how can I investigate it ?

If you are right, what kind of fixing code that I can do ? (and Where?)

This is a bug or a need to repair the Yii?

TIA MN.

6

You are right !

WebUser is putting those "new" (injected) properties in $_SESSION !!!

For example:

All like this: $_SESSION['7f3668ab9970a2aec82f5148750368e0guestName']=>'superadmin' ie. prefixed by _keyPrefix value !

I was sad because I wanted to access the "new" User data by: Yii::App()->user->de_nick, for example.

Any clue ?

MN

7

You can do that (my app is customized to do this too).

Just extend CWebUser::init() to inject the session data back into the object.  Ex:

$this->email = $this->getState('email');

I thought as of yii 1.0.3 this is done automatically though… at least that's what I have written down in my code docs

8

BINGO !!!

You are right !

I can do it with a litle (bit) change on your ideia. My WebUser class looks like:

Quote

<?php

class WebUser extends CWebUser

{

/* the same Usuario (my User) ActiveRecord (db table) properties	*/





public $id_usuario			= NULL;





public $de_senha			= NULL;





public $tp_status			= NULL;





public $de_codigo_ativacao	= NULL;





public $de_observacao		= NULL;





public $de_nick				= NULL;





public $dt_registro			= NULL;





public $dt_cancelamento		= NULL;





public $tp_pessoa			= NULL;





public $id_pessoa_fisica	= NULL;





public $de_config			= NULL; 





public $id_perfil			= NULL;





public $arr_role			= NULL;





public $de_theme 			= NULL;

// Your tip !!!

public function init()

{





	parent::init();





	$propertiesUsuario = get_class_vars( &#039;WebUser&#039; );





	foreach( $propertiesUsuario as $k=&gt;$v ) 





		if(! is_array($v) ) $this-&gt;$k = $this-&gt;getState($k);





}</span>











public function login($identity,$duration=0) 





{





	parent::login($identity,$duration);











	if( ! empty($identity-&gt;id) ) 





	{





		$user = Usuario::model()-&gt;findByAttributes( array(&#039;de_nick&#039;=&gt;&quot;{$identity-&gt;username}&quot;, &#039;de_senha&#039;=&gt;&quot;{$identity-&gt;password}&quot;) ); 





		if( ! is_null($user) ) 





		{





			// Injects the same name Usuario (AR) properties





			$propertiesUsuario = get_class_vars( &#039;WebUser&#039; );





			foreach( $propertiesUsuario as $k=&gt;$v ) {





				if(! is_array($v) )&nbsp; 





					if( isset( $user-&gt;$k ) ) $this-&gt;setState( $k, $user[$k] );





			}





			$this-&gt;setState( &#039;guestName&#039;, $user&#91;&#039;de_nick&#039;] );





			$this-&gt;saveIdentityStates();





		}





	}





}

}

?>