so Yii:app() returns the current CApplication object. but where does user comes from? it isnt a property cause then it should have a $ in front. but not a method cause it lacks the ().
The static method Yii::app() returns an instance of CApplication (though by default in a webapp it returns one of its subclasses, CWebApplication). This class has a property named user, which is an object of class CWebUser, representing information about the current user. This class in turn has a returnUrl property. So the code Yii::app()->user->returnUrl references the returnUrl property of a CWebUser object that is in itself a property of CWebApplication.
And how does returnUrl knew where to redirect ? I can’t find anywhere that path is predefined.
I am asking because I will have to create log in system where I have members and admin. And if member is logging in I have to redirect him to members cms, and if it is admin then to admin cms. So how can I redirect them then ?
And how can I set different session variables like "isMember" and "isAdmin" for example to make sure that only admin is visiting his own pages ?
For your situation, you can probably just add the redirect into the generic user login method, so that given a certain user type, the correct redirection will take place (maybe you even want to check that returnUrl is empty - otherwise you’ll interfere with the above behavior).
For setting isAdmin…etc, you should check out some existing extensions to see how they manage it. Some set it as a model variable (yii-user-management) and some as a method of the WebUser model (yii-user). If you want to store it as a session variable, you can do so in the login method as well. Use setState and getState for that.
The return URL is set when you call Yii::app()->user->loginRequired() ([size=2]see [/size]here) [size=2]in a controller action or use [/size]access rules[size=2] which require logged in users[/size][size=2]. You should always use one of these two methods to protect your pages from anonymous users. Then Yii will do everything automatically: Redirect the user to the login page, whenever a protected URL is called and go back to that URL after the login was successful.[/size]