What do you mean by "the default login system (with db)" ?
Neither the framework nor the application generated by yiic webapp command implements an actual database-based authentication - it’s your responsibility.
Can you post your code (UserIdentity class, User model) ?
ok, it’s true that I took the example from the manual page, but there is anyway a problem in my opinion, here my code for the authenticate method:
UserIdentity class
...
public function authenticate()
{
//echo "-$this->username-";exit;
$record=User::model()->findByAttributes(array('username'=>$this->username));
if($record===null)
$this->errorCode=self::ERROR_USERNAME_INVALID;
else if($record->password!==md5($this->password))
$this->errorCode=self::ERROR_PASSWORD_INVALID;
else
{
$this->_id=$record->id;
$this->errorCode=self::ERROR_NONE;
}
return !$this->errorCode;
}
...
LoginForm class
...
public function login()
{
if($this->_identity===null)
{
$this->_identity=new UserIdentity($this->username,$this->password);
$this->_identity->authenticate();
}
if($this->_identity->errorCode===UserIdentity::ERROR_NONE)
{
$duration=$this->rememberMe ? 3600*24 : 3600; // 1 days if remembered, 1 hour otherwise
Yii::app()->user->login($this->_identity,$duration);
return true;
}
else
return false;
}
...
nothing orginal here. the echo line is there if you want to see the passed username.
well I can enter "username" or "username ", and I can still login.
As suggested above, is it possible that findByAttributes trims the value at a certain point? (I do not override the method in my user class). The consequence is that the user for the session can be "username " if it’s not trimmed.
I’m not sure if this is correlated, but logging in in this forum with "username " is allowed.