How to add more information to Yii::app()->user
By default, the expression Yii::app()->user returns a CWebUser application component which represents the information that are closely related with the current user. Some information can be persistent throughout the current user session. For example, CWebUser already comes with a name property that stores the username of the current user.
In order to store more information, we need to modify the identity class used together with CWebUser. Each application may have one or several identity classes which are mainly responsible to provide ways of performing user authentication.
Here we use the UserIdentity class included in the testdrive application as an example, assuming our goal is to add the ID and the last login time of the user to CWebUser. We would modify UserIdentity as follows,
class UserIdentity extends CUserIdentity { private $_id; public function authenticate() { $user=User::model()->findByAttributes(array('username'=>$this->username)); if($user===null) $this->errorCode=self::ERROR_USERNAME_INVALID; else if($user->password!==md5($this->password)) $this->errorCode=self::ERROR_PASSWORD_INVALID; else { $this->_id=$user->id; $this->setState('lastLoginTime', $user->lastLoginTime); $this->errorCode=self::ERROR_NONE; } return !$this->errorCode; } public function getId() { return $this->_id; } }
In the above, during authentication we retrieve the ID and the last login time information of the authenticated user. We save the ID in a private variable $_id and save lastLoginTime in a state by calling setState(). The reason that we use different approaches to save id and lastLoginTime is because id is a pre-defined property that is recognized by CWebUser. If we want to store more information, we should use setState(), like we do with lastLoginTime.
We also override the getId() method to return the private variable $_id. The parent implementation is to return the username.
That's all we need. Now if we want to retrieve the id or lastLoginTime information in our code, we can do the following:
$id=Yii::app()->user->id; $lastLoginTime=Yii::app()->user->lastLoginTime; // If you are using version 1.0.2 or earlier, you should use the following: // $lastLoginTime=Yii::app()->user->getState('lastLoginTime');
Note: When cookie-based authentication is enabled (by setting CWebUser::allowAutoLogin to be true), these persistent information will be stored in cookie. Therefore, you should NOT store sensitive information (e.g. password) like we do in the above.
Related article
The method explained above stores the user data into session or cookies when the user authenticates, there is another method of retrieveing user information from database directly:
Add information to Yii::app()->user by extending CWebUser
Total 3 comments:
So what is the approach if we want to store sensitive data in the user object? Is there a secure way for UserIdentity to provide information to CWebUser?
How if we want to use 2 tabel, one for admin and one for member?. may i copy from UserIdentity, and just rename it to AdminIdentity?. thanks
Not sure if this is the best method as I am new to Yii - but noticed that when I changed the Blog login box to use a new user field (userFullName) - it would cause a problem if the user was not logged in.
I fixed it with this simple workaround:
//added this bit to check if the user is logged in if (isset(Yii::app()->user->userFullName)) { $this->title=CHtml::encode(Yii::app()->user->userFullName); } else { $this->title=CHtml::encode(Yii::app()->user->name); }