7 replies to this topic

[Jonathon]

Hi Larry,

I have made some progress with this query, so I think you can probably skip to the bottom of this thread (I hope)

I've been looking at authenticating my Yii login, this is currently How i've gone about it:
login.php

<div class="form">
<?php $form=$this->beginWidget('CActiveForm', array(
'id'=>'login-form',
//'enableClientValidation'=>true,
//'enableAjaxValidation'=>true,
'clientOptions'=>array(
  'validateOnSubmit'=>true,
),
)); ?>

<div class="row">
  <?php echo $form->labelEx($model,'email'); ?>
  <?php echo $form->textField($model,'email'); ?>
  <?php echo $form->error($model,'email'); ?>
</div>
<div class="row">
  <?php echo $form->labelEx($model,'password'); ?>
  <?php echo $form->passwordField($model,'password'); ?>
  <?php echo $form->error($model,'password'); ?>
</div>
<div class="row buttons">
  <?php echo CHtml::submitButton('Login'); ?>
</div>
<?php $this->endWidget(); ?>

LoginForm.php

<?php

/**
* LoginForm class.
* LoginForm is the data structure for keeping
* user login form data. It is used by the 'login' action of 'SiteController'.
*/
class LoginForm extends CFormModel
{
public $email;
public $password;

private $_identity;

/**
* Declares the validation rules.
* The rules state that username and password are required,
* and password needs to be authenticated.
*/
public function rules()
{
return array(

// email and password are required
		array('email, password', 'required'),
		array('email', 'email'),
		array('password', 'authenticate'),
);
}

/**
* Declares attribute labels.
*/
public function attributeLabels()
{
return array(
'rememberMe'=>'Remember me next time',
);
}

/**
* Authenticates the password.
* This is the 'authenticate' validator as declared in rules().
*/
public function authenticate($attribute,$params)
{
if(!$this->hasErrors())
{
$this->_identity=new UserIdentity($this->email,$this->password);
if(!$this->_identity->authenticate())
$this->addError('password','Incorrect email or password');
}
}

/**
* Logs in the user using the given username and password in the model.
* @return boolean whether login is successful
*/
public function login()
{
if($this->_identity===null)
{
$this->_identity=new UserIdentity($this->username,$this->password);
$this->_identity->authenticate();
}
if($this->_identity->errorCode===UserIdentity::ERROR_NONE)
{
/*
$duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days
Yii::app()->user->login($this->_identity,$duration);
return true;
*/
}
else
return false;
}
}

UserIdentity.php

class UserIdentity extends CUserIdentity
{

// Need to store the user's ID:
private $_id;


/**
* Authenticates a user.
* The example implementation makes sure if the username and password
* are both 'demo'.
* In practical applications, this should be changed to authenticate
* against some persistent user identity storage (e.g. database).
* @return boolean whether authentication succeeds.
*/
public function authenticate()
{
$user = Users::model()->findByAttributes(array('email'=>$this->username));

if ($user===null) { // No user found!
$this->errorCode=self::ERROR_USERNAME_INVALID;
} else if ($user->password !== SHA1($this->password) ) { // Invalid password!
$this->errorCode=self::ERROR_PASSWORD_INVALID;
} else { // Okay!
   $this->errorCode=self::ERROR_NONE;
   // Store the role in a session:
   $this->setState('type', $user->type);
$this->_id = $user->id;
}
return !$this->errorCode;
}

public function getId()
{
return $this->_id;
}


}

Currently when I try the user and password I get "Property "Users.password" is not defined." and this line is highlighted in this trace "} else if ($user->password !== SHA1($this->password) ) { // Invalid password!" and " if(!$this->_identity->authenticate())"

I changed the line to read

  } else if ($user->pass !== SHA1($this->password) ) { // Invalid password!

Which i think now matches up with the columns in my DB is that right?

I dont get errors when trying to log in but trying
<?php echo Yii::app()->user->type; ?>
results in:
CWebUser.type

and i cant seem to get the user ID back either?

Could you explain, where i've gone wrong please, when you have a minute?

(My password field in the DB is `pass` and i'm checking it against a `email` field and i have a `type` field for their role)

Edited by Jonathon, 8 January 2012 - 1:39 PM.

[Jonathon]

I seem to have worked out logging in. I have been using:

<?php if(Yii::app()->user->isGuest) echo 'Guest'; ?>

To see if a user is a guest. Which is always visible, except when I login in the first time. If I enter my password and email "Guest" doesn't appear (success (in part), I can also echo out the type of role the user has on that script). But as soon and I go to another page, like home or even just reload the login page again "Guest" returns, this suggests to me that the $_SESSION is being reset after each load or wiped, is this me?

My sessions are configured like this:

  'session' => array (
   'autoStart' => true,
   'sessionName' => 'My nice session name',
   //'cookieMode' => 'only',
   //'savePath' => '/path/to/new/directory',
   ),

Thanks in advance as always

[Larry]

Have you confirmed the session ID isn't changing?

[Jonathon]

No I hadn't so I went and looked through your working with sessions, it is changing on every page load. I am discovering that debugging in a framework is quite a difference to standard debugging.

[Larry]

Yes, debugging a framework is definitely different! A good framework will do 80% of the work for you, but that last 20% can be quite the chore!

[Jonathon]

Yes indeed, I shall get there I hope! In terms of this problem then, do you have any ideas as to how to over come this, I've changed the session path and everything is being written to the folder, I've also checked the cookies in the web developer tool (I uncommented 'cookieMode' => 'only') . My config settings seem to be ok in that sense, going from your "Working with Sessions in Yii" posts. I'm fairly convinced the login process itself is working ok too, so I am somewhat baffled as to areas where the issue will be?

[Larry]

I guess I would start by undoing all configuration settings that apply to sessions and see if that fixes the problem. Then you'd know where to start hunting at least.

[Jonathon]

Thanks Larry,

Sorry I havent looked at this for a while, but I took your advice and everything I had in the session config components were making the session rest, all except the cookie only part. Really weird, even the session path (which is correct) and the session name just on their own seemed to bring the problem back. I guess for now i'll just leave the cosmetics till the end and focus on the functionality.

Congratulations on the JavaScript book - get some rest!!!!!