Unable to log users in

Yii 1.1 General Discussion
1

Hello,

I am working on a project where I have 3 sections - Admin end, member’s end and site front end. In this project, admin should be able to access member’s end without signing in as member.

I am using technique given here for multiple users.

In admin end i have provided a link to an action which logs a user in without the need for his username/password. This function logs in the user but when the browser is redirected to member’s end (i.e another page in the site), the site takes user to login screen. Looks like the application is not saving sessions :s

The function i use for loging user in is





public function actionVisitMember($id)

	{

		Yii::app()->user->logout();


		$user = Users::model()->findByPk($id);

		if(!empty($user)){

			$identity = new UserIdentity($user);

			$identity->loginMember();

			Yii::app()->user->login($identity,0);


echo Yii::app()->user->isGuest;

echo Yii::app()->user->name;

echo CHtml::link('redirect',array('business/home'));


			//$this->redirect(array('business/home'));

		}

		Yii::app()->end();

	}

I cannot figure out the problem with this. Can any one point me in the right direction?

Thanks

2

Can some one help me with this?

3

can u post the UserIdentity::loginMember() codes here?

4

My complete UserIdentity Class





<?php


/**

 * UserIdentity represents the data needed to identity a user.

 * It contains the authentication method that checks if the provided

 * data can identity the user.

 */

class UserIdentity extends CUserIdentity

{

	private $_id;

	private $_user;


	const ERROR_EMAIL_INVALID=3;

	const ERROR_STATUS_NOTACTIV=4;

	const ERROR_STATUS_BAN=5;

	const ERROR_STATUS_WAITING_VERIFICATION = 6;




	public function __construct()

	{

		$arg_list = func_get_args();

		switch(func_num_args())

		{

			case 1:

				// calling from admin end....

				$this->_user = $arg_list[0];

				parent::__construct($user->username,$user->password);


			break;


			case 2:

				// calling from Login Model....

				parent::__construct($arg_list[0],$arg_list[1]);

			break;

		}

	}


	/**

	 * Authenticates a user.

	 * The example implementation makes sure if the username and password

	 * are both 'demo'.

	 * In practical applications, this should be changed to authenticate

	 * against some persistent user identity storage (e.g. database).

	 * @return boolean whether authentication succeeds.

	 */

	public function authenticate()

	{

		if (strpos($this->username,"@")) {

			$user = Users::model()->notsafe()->findByAttributes(array('email'=>$this->username));

		} else {

			$user = Users::model()->notsafe()->findByAttributes(array('username'=>$this->username));

		}

		if($user===null)

			if (strpos($this->username,"@")) {

				$this->errorCode=self::ERROR_EMAIL_INVALID;

			} else {

				$this->errorCode=self::ERROR_USERNAME_INVALID;

			}

		else if(md5($this->password)!== $user->password)

			$this->errorCode=self::ERROR_PASSWORD_INVALID;

		else if($user->status == Users::STATUS_NOACTIVE)

			$this->errorCode=self::ERROR_STATUS_NOTACTIV;

		else if($user->status == Users::STATUS_BANED)

			$this->errorCode=self::ERROR_STATUS_BAN;

		else if($user->status == Users::STATUS_WAITING_VERIFICATION)

			$this->errorCode=self::ERROR_STATUS_WAITING_VERIFICATION;

		else{

			$this->_user = $user;

			$this->setUserState();


			$this->errorCode=self::ERROR_NONE;

		}

		return !$this->errorCode;

	}





	public function loginMember()

	{

		if (!Yii::app()->request->cookies['admin']) {

			return false;

		}


		if(is_null($this->_user)){

			return false;

		}


		$this->setUserState();

		return true;

	}


    /**

    * @return integer the ID of the user record

    */

	public function getId()

	{

		return $this->_id;

	}




	private function setUserState()

	{

		$user = $this->_user;

		$this->_id=$user->id;

		$this->username=$user->username;

		$this->setState('user_id', $user->id);

		$this->setState('name', $user->name);

		$this->setState('email', $user->email);


	}


}
5

exactly, i have no idea that what’s the problem be, just trying… :slight_smile:

here in constructor of UserIdentity


parent::__construct($user->username,$user->password);

i think you should replace $user by $this->_user; :slight_smile:

6

Thank you Francis for the reply.

I fixed that but the issue remains there. The application redirects me to login page :-[

7

  1. I hope you have protected access to actionVisitMember($id) somehow - otherwhise you have created a huge security issue here as it’s very easy to login for anyone as any other user!!

  2. Your loginMember() is not working correctly. An authenticated UserIdentity has


$this->errorCode=self::ERROR_NONE;

This is missing in your code, so the user is not logged in correctly.

8

Thanks a lot Mike for looking at the issue.

I have two users

Yii::app()->user and

Yii::app()->admin

I’ll put a check for Yii::app()->admin to be authenticated in order to access this action.

I have added the line of code you mentioned


$this->errorCode=self::ERROR_NONE;

and changed my return statement to


 return !$this->errorCode;

but no success.

The echo statements in actionVisitMember shows that user has logged in but when i go to some other protected page, the applications redirects me to login :(

9

Maybe this helps you? http://www.yiiframework.com/wiki/191/implementing-a-user-level-access-system/

Cheers

10

The issue with with this line


 Yii::app()->user->logout();

of "actionVisitMember"

If I comment out this line, admin is able to login as user. So I changed my function to




public function actionVisitMember($id)

	{

		if(!Yii::app()->user->isGuest){

			Yii::app()->user->logout();

			$this->refresh();

		}


		$user = Users::model()->findByPk($id);

// remaining line of code.....

}

and every thing is good now.

Thank you every one for your time and help.