What is the smart way to do the user identification?

mocapapa · March 4, 2009, 1:08am

I have been working to make an application having different mechanism for the user authentications. What I would like to do is to distinguish users, it means that every one can register his/her username and password.

Well, let me take an example as a blog demo for the time being. What I have done is as follows.

Modified the code of protected/components/UserIdentity.php



***************


*** 


        {


                $user=User::model()->find('LOWER(username)=?',array(strtolower($this->username)));


                if($user===null)


!                       $this->errorCode=self::ERROR_USERNAME_INVALID;


!               else if(md5($this->password)!==$user->password)


                        $this->errorCode=self::ERROR_PASSWORD_INVALID;


                else


                {


--- 


        {


                $user=User::model()->find('LOWER(username)=?',array(strtolower($this->username)));


                if($user===null)


!                       if ($this->password === null) 


!                              $this->errorCode=self::ERROR_PASSWORD_INVALID;


!                       else {


!                              $dbuser = new User;


!                              $dbuser->username = $this->username;


!                              $dbuser->password = md5($this->password);


!                              $dbuser->email = $this->username; // for avoiding error


!                              $dbuser->save();


!                              $this->errorCode=self::ERROR_NONE;


!                              //  redirect('userRegisterd');


!                       }


!               } else if(md5($this->password)!==$user->password)

It worked, but now I have two questions.

Q1. Is it OK to save() in the components?

Q2. I think it is not good for the components to change the view using redirect method. What do you think is the smart way? One idea is to set another return code in the component and redirect in the model, but it failed because models do not have a redirect method. I have to do it in the controller but I do not know how to do it.

qiang · March 4, 2009, 1:11am

I think it's fine.
You can use Yii::app()->controller->redirect().

mocapapa · March 4, 2009, 1:20am

Thanks Qiang,

Quote

1. I think it's fine.

Thanks for your fast responce.

Quote

2. You can use Yii::app()->controller->redirect().

Do you think it is fine as well to change the view in the components? It may work but I do not know it is recommended or not according to the 'Yii style' if it exists.

qiang · March 4, 2009, 1:26am

I think it’s fine.

There's no strict rule for this.

mocapapa · March 4, 2009, 2:12am

Thanks Qian, I see, and I hope redirection may work. But before going further, I have a problem of login for the new user just being registered. I have modified the code as follows.



class UserIdentity extends CUserIdentity


{


  // const ERROR_NONE=0;


  // const ERROR_USERNAME_INVALID=1;


  // const ERROR_PASSWORD_INVALID=2;


  const USER_REGISTERED=3;


  // const ERROR_UNKNOWN_IDENTITY=100;


    :                        else {


                               $dbuser = new User;


                               $dbuser->username = $this->username;


                               $dbuser->password = md5($this->password);


                               $dbuser->email = $this->username; // for avoiding error


                               $dbuser->save();


                               $this->errorCode=self::USER_REGISTERED;


                        }



class LoginForm extends CFormModel


{                               case UserIdentity::ERROR_NONE:


                                case UserIdentity::USER_REGISTERED:


                                        $duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days


                                        Yii::app()->user->login($identity,$duration);


                                        break;





   :


        public function authenticate($attribute,$params)


        {


                if(!$this->hasErrors())  // we only want to authenticate when no input errors                            


                {


                        $identity=new UserIdentity($this->username,$this->password);


                        $identity->authenticate();


                        switch($identity->errorCode)


                        {


                                case UserIdentity::ERROR_NONE:


+                               case UserIdentity::USER_REGISTERED:


*                                       $identity->errorCode = UserIdentity::ERROR_NONE;


                                        $duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days                         


                                        Yii::app()->user->login($identity,$duration);


                                        break;

I tested the login status just as the user who is already registered, but failed. I added (*) line but it is of no help. Why are these two status different?

[Edit]

May be the $_id variable in the $identity… I should check.

qiang · March 4, 2009, 2:18am

Are you modifying UserIdentity from the blog demo?

The login status depends on the value of UserIdentity::getId().

If it is overridden (as in the blog demo), you need to set $this->_id to be the newly inserted user id.

mocapapa · March 4, 2009, 2:58am

Thaks. I added following code and now it works fine



class UserIdentity extends CUserIdentity


{


  :


                               $dbuser = new User;


                               $dbuser->username = $this->username;


                               $dbuser->password = md5($this->password);


                               $dbuser->email = $this->username; // for avoiding error


                               $dbuser->save();


+                              $user=User::model()->find('LOWER(username)=?',array(strtolower($this->username)));


+                              $this->_id=$user->id;


                               $this->errorCode=self::USER_REGISTERED;



class LoginForm extends CFormModel


{


   :


        public function authenticate($attribute,$params)


        {


   :


+                               case UserIdentity::USER_REGISTERED:


+                                       $duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days


+                                       Yii::app()->user->login($identity,$duration);


+                                       Yii::app()->controller->redirect(array('post/userRegistered'));


+                                       break;