User Name Acting As Admin Even If Not Logged

Yii 1.1 General Discussion
1

i have a problem. i was trying to make a checkAccess rule in the layout on my custom theme. but after deciding to keep it in the way it was before, i undo everything but now its staying logged as admin, even when i click logout and still rendering the stuff i dont want to show if not logged… this is my main layout custom:


<?php

	if(Yii::app()->user->name = 'admin')

	{	

		$this->widget('bootstrap.widgets.TbNavBar',array(

			'brandLabel'=>TbHtml::b(Yii::app()->name),

			'color'=>TbHtml::NAVBAR_COLOR_INVERSE,

			'items'=>array(

				array(

					'class'=>'bootstrap.widgets.TbNav',

					'items'=>array(

						array('label'=>'Home', 'url'=>array('/site/index')),

						array('label'=>'About', 'url'=>array('/site/page', 'view'=>'about')),

						array('label'=>'Contact', 'url'=>array('/site/contact')),

						array('label'=>'Users', 'url'=>array('/user/index')),

					),

				),

				array(

					'class'=>'bootstrap.widgets.TbNav',

					'htmlOptions'=>array('class'=>'pull-right'),

					'items'=>array(

						array('label'=>'Login', 'url'=>array('/site/login'), 'visible'=>Yii::app()->user->isGuest),

						array('label'=>'Logout ('.Yii::app()->user->name.')', 'url'=>array('/site/logout'), 'visible'=>!Yii::app()->user->isGuest)

					),

				),

			),

		)); 

	}

	else

	{

		$this->widget('bootstrap.widgets.TbNavBar',array(

			'brandLabel'=>TbHtml::b(Yii::app()->name),

			'color'=>TbHtml::NAVBAR_COLOR_INVERSE,

			'items'=>array(

				array(

					'class'=>'bootstrap.widgets.TbNav',

					'items'=>array(

						array('label'=>'Home', 'url'=>array('/site/index')),

						array('label'=>'About', 'url'=>array('/site/page', 'view'=>'about')),

						array('label'=>'Contact', 'url'=>array('/site/contact')),

					),

				),

				array(

					'class'=>'bootstrap.widgets.TbNav',

					'htmlOptions'=>array('class'=>'pull-right'),

					'items'=>array(

						array('label'=>'Login', 'url'=>array('/site/login'), 'visible'=>Yii::app()->user->isGuest),

						array('label'=>'Logout ('.Yii::app()->user->name.')', 'url'=>array('/site/logout'), 'visible'=>!Yii::app()->user->isGuest)

					),

				),

			),

		));

	} 

	?>

i do an echo on the menu to show the name of the current logged user, but still returning as admin… i dont know what is it doing… this is my controller


<?php


class UserController extends Controller

{

	/**

	 * @var string the default layout for the views. Defaults to '//layouts/column2', meaning

	 * using two-column layout. See 'protected/views/layouts/column2.php'.

	 */

	public $layout='//layouts/column2';


	/**

	 * @return array action filters

	 */

	public function filters()

	{

		return array(

			'accessControl', // perform access control for CRUD operations

			'postOnly + delete', // we only allow deletion via POST request

		);

	}


	/**

	 * Specifies the access control rules.

	 * This method is used by the 'accessControl' filter.

	 * @return array access control rules

	 */

	public function accessRules()

	{

		return array(

			array('allow',  // allow all users to perform 'index' and 'view' actions

				'actions'=>array('create', 'new'),

				'users'=>array('*'),

			),

			array('allow', // allow authenticated user to perform 'create' and 'update' actions

				'actions'=>array('create','update'),

				'users'=>array('@'),

			),

			array('allow', // allow admin user to perform 'admin' and 'delete' actions

				'actions'=>array('index', 'view', 'admin', 'delete'),

				'users'=>array('admin'),

			),

			array('deny',  // deny all users

				'users'=>array('*'),

			),

		);

	}


	/**

	 * Displays a particular model.

	 * @param integer $id the ID of the model to be displayed

	 */

	public function actionView($id)

	{

		$this->render('view',array(

			'model'=>$this->loadModel($id),

		));

	}


	public function actionNew($id)

	{

		$this->render('new',array(

			'model'=>$this->loadModel($id),

		));

	}

	/**

	 * Creates a new model.

	 * If creation is successful, the browser will be redirected to the 'view' page.

	 */

	public function actionCreate()

	{

		$user = new User;

		$gunwcuser =new Gunwcuser;

		$game = new Game;

		$cash = new Cash;


		// Uncomment the following line if AJAX validation is needed

		// $this->performAjaxValidation($model);


		$auth = '1';

		$time = '0000-00-00 00:00:00';

		$gp = '1000';

		$gold = '200000';

		$cash1 = '10000';

		$rank = '19';


		if(isset($_POST['User']))

		{

			


			// Set data column in DB before saving

			$user->Status = '1';

			$user->MuteTime = $time;

			$user->RestrictTime = $time;

			$user->Authority = $auth;

			$user->User_Level = '1';

			$user->Authority2 = $auth;

			$user->attributes=$_POST['User'];


		

			$gunwcuser->Status = '1';

			$gunwcuser->MuteTime = $time;

			$gunwcuser->RestrictTime = $time;

			$gunwcuser->Authority = $auth;

			$gunwcuser->User_Level = '1';

			$gunwcuser->Authority2 = $auth;

			$gunwcuser->AuthorityBackup = $auth;

			$gunwcuser->attributes=$_POST['User'];


			$game->attributes=$_POST['User'];

			$game->Nickname = $user->NickName;

			$game->Money = $gold;

			$game->EventScore1 = '0';

			$game->EventScore2 = '0';

			$game->EventScore3 = '0';

			$game->AvatarWear = '0';

			$game->Prop1 = '0';

			$game->Prop2 = '0';

			$game->AdminGift = $gp;

			$game->TotalScore = $gp;

			$game->SeasonScore = $rank;

			$game->TotalGrade = $rank;

			$game->SeasonGrade = '0';

			$game->TotalRank = '0';

			$game->SeasonRank = '0';

			$game->AccumShot = '0';

			$game->AccumDamage = '0';

			$game->StageRecords = '0';

			$game->LastUpdateTime = $time;

			$game->NoRankUpdate = '0';

			$game->ClientData = '0';

			$game->CountryGrade = '20';

			$game->CountryRank = '0';

			$game->GiftProhibitTime = $time;


			$cash->Cash = $cash1;


			if($user->save() && $gunwcuser->save() && $game->save() && $cash->save())

				/*$this->redirect(array('view','id'=>$user->Id, 'message'=>$message));*/

				$this->redirect(array('new', 'id'=>$user->Id));

		}


		$this->render('create',array(

			'user'=>$user, 'gunwcuser'=>$gunwcuser, 'game'=>$game, 'cash'=>$cash,

		));

	}


	/**

	 * Updates a particular model.

	 * If update is successful, the browser will be redirected to the 'view' page.

	 * @param integer $id the ID of the model to be updated

	 */

	public function actionUpdate($id)

	{

		$model=$this->loadModel($id);


		// Uncomment the following line if AJAX validation is needed

		// $this->performAjaxValidation($model);


		if(isset($_POST['User']))

		{

			$model->attributes=$_POST['User'];

			if($model->save())

				$this->redirect(array('view','id'=>$model->Id));

		}


		$this->render('update',array(

			'model'=>$model,

		));

	}


	/**

	 * Deletes a particular model.

	 * If deletion is successful, the browser will be redirected to the 'admin' page.

	 * @param integer $id the ID of the model to be deleted

	 */

	public function actionDelete($id)

	{

		$this->loadModel($id)->delete();


		// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser

		if(!isset($_GET['ajax']))

			$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));

	}


	/**

	 * Lists all models.

	 */

	public function actionIndex()

	{

		$dataProvider=new CActiveDataProvider('User');

		$this->render('index',array(

			'dataProvider'=>$dataProvider,

		));

	}


	/**

	 * Manages all models.

	 */

	public function actionAdmin()

	{

		$model=new User('search');

		$model->unsetAttributes();  // clear any default values

		if(isset($_GET['User']))

			$model->attributes=$_GET['User'];


		$this->render('admin',array(

			'model'=>$model,

		));

	}


	/**

	 * Returns the data model based on the primary key given in the GET variable.

	 * If the data model is not found, an HTTP exception will be raised.

	 * @param integer $id the ID of the model to be loaded

	 * @return User the loaded model

	 * @throws CHttpException

	 */

	public function loadModel($id)

	{

		$model=User::model()->findByPk($id);

		if($model===null)

			throw new CHttpException(404,'The requested page does not exist.');

		return $model;

	}


	/**

	 * Performs the AJAX validation.

	 * @param User $model the model to be validated

	 */

	protected function performAjaxValidation($model)

	{

		if(isset($_POST['ajax']) && $_POST['ajax']==='user-form')

		{

			echo CActiveForm::validate($model);

			Yii::app()->end();

		}

	}

}
2

So, basically, the problem is that you cannot log out user?

3

it acts as logged out, but acting as admin still, its not logged but still can get into pages that only have access to admin, and when it happens, the user name changes to admin but still logged

4

is a bit frustrating, i was so close to finish the page and now it gives this bug i dont know where it comes from and it started when i was just editing the layout, i wouldnt like to start all over again, im still trying to find this error

5

First of all, how does actionLogout() look like?

6

Also make sure you’re running the latest stable.

Also try to clear states and see if it helps.

7

i have yii 1.1.14, i dont know if that is the version, i took it from the changelog file, and the actionLogout() looks like this from site controller:


  public function actionLogout()

	{

		Yii::app()->user->logout();

		$this->redirect(Yii::app()->homeUrl);

	}
8

That’s strange.

Ok, some things to try:

  1. clear all the cookies for this site, then try to login and logout.

  2. try different browser (once I saw this problem on google chrome + domain w/o .TLD)

3… to be continued…

9

no clue… deleted cookies and test on ipad… still giving the same error… i guess i will have to remake the app

10

some guy told me from stackoverflow to set the


if(Yii::app()->user->name = 'admin')

to


if(Yii::app()->user->name == 'admin')

and deleted some comments on the AccessRules from controller, somehow the bug stopped, i dont know how, very weird

11

Omg, I was so unobservant. My bad.

Yes, he’s right.


somehow the bug stopped, i dont know how, very weird

That’s because Yii::app()->user->name = ‘admin’ always returns true. It’s an assignment, not equality check.

12

well. i would never realize that because im still new at programming, would you send me a link to a guide that can explain things like (==, !=, ::, etc.), sorry for asking such a stupid question

13

right here

14

I am programmer of a model and acting agency and using WordPress CMS. I am facing some problems in theme setting. The agency is Ashley Camille Modeling, Acting & Career Center, Inc

Please take a look and help me to fix theme setting for a photography theme website. I am waiting for some fast suggestions to improve my website performance.

15

Just a note. What if you write something like this.




if ("admin"==0) 

 echo "true";

Will it print "true"? Yes it will. You are comparing different types. The string will be treated as zero. If you want to include type checking you use


===

. Not that necessary but good to know.