I was trying to follow the Blog tutorial but I realized that the code snippet provided for the function authenticate() in models/LoginForm.php is from the older version of Yii. I tried to comment on the tutorial’s page, but I’m not allowed because it’s my first post.
Do I have to make the changes in the yii 1.1 version?
yii-1.0
public function authenticate($attribute,$params)
{
if(!$this->hasErrors()) // we only want to authenticate when no input errors
{
$identity=new UserIdentity($this->username,$this->password);
$identity->authenticate();
switch($identity->errorCode)
{
case UserIdentity::ERROR_NONE:
$duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days
Yii::app()->user->login($identity,$duration);
break;
case UserIdentity::ERROR_USERNAME_INVALID:
$this->addError('username','Username is incorrect.');
break;
default: // UserIdentity::ERROR_PASSWORD_INVALID
$this->addError('password','Password is incorrect.');
break;
}
}
}
yii 1.1
public function authenticate($attribute,$params)
{
$this->_identity=new UserIdentity($this->username,$this->password);
if(!$this->_identity->authenticate())
$this->addError('password','Incorrect username or password.');
}
I’ve extract this methods from the demo/ yii folder. Maybe it should be great to indicate it directly in the tutorial page :
public static function string2array($tags)
{
return preg_split('/\s*,\s*/',trim($tags),-1,PREG_SPLIT_NO_EMPTY);
}
public static function array2string($tags)
{
return implode(', ',$tags);
}
I just want to add, that to a newbie, the authentication part of the blog tutorial seems a little error prone or unclear. eg: it uses hashing to compare the password in validatePassword, but it’s not clear (to me at least) how to hash the original password. I added in a user in my SQL script that generates the tables, but of course that password is not hashed, so the validatePassword function fails.
In any case, thanks for the generally great documentation.
Apologies for being a necromancer bringing this 2 year-old topic back to life, but I really am curious about string2array method that was posted on the Blog tutorial. Can someone enlighten me as to why use preg_split instead of using explode()? I always thought that regular expressions are slow, and so I usually avoid using it unless needed for complex matching. And it’s always usually harder to write than using plain explode.