this method is it right !?

[font=“Tahoma”]Hello friends :)

check username and password for this method of security and … Is it right?

If you know another way please tell![/font]

UserController.php


class UserController extends Controller

{

	public function actionIndex()

	{


		$this->render('index');


		

	}

	

	public function actionLogin()

	{

		$model = new User();

		$this->render('login',array('model'=>$model));

		if(isset($_POST['User']))

		{

			$username = $_POST['User']['username'];

			$password = $_POST['User']['password'];

			$User = User::model()->find('username=:username AND password=:password',array(':username'=>$username,':password'=>$password));

			echo count($User);

		}

	}

	

}

view/user/login.php


<?php 

$form = $this->beginWidget('CActiveForm'); 

	echo $form->labelEx($model,'username');

	echo $form->textField($model,'username');

	echo $form->error($model,'username');

	echo '<br />';

	echo $form->labelEx($model,'password');

	echo $form->passwordField($model,'password');

	echo $form->error($model,'password');

	echo '<br />';

	echo $form->labelEx($model,'button');

	echo CHtml::submitButton();

	echo $form->error($model,'button');

$this->endWidget(); 

?>

Look at and use the way of authentication like in the blog demo.

But basically you are doing it correct cause you are using param binding in the SQL.

I didn’t saw that issue

Roopz is right and you have to call the render Method (always) at the end of a controller action.