User Authentification

Yii 1.1 General Discussion
1

Hi =)

I’m getting started with yii, and have read Larry’s tutorial. I know my question must be silly, but I’m a bit confused. I’ve found this tutorial fur user creation http://www.yiiframework.com/doc/guide/1.1/en/topics.auth and I’m surprised how easy it seams to be to create a user auth system. But I don’t know where to create this code…

Before I’ve read this tutorial, I had created a “user” table with login, password , name etc field, and wanted to bind them with the login feature automatically inserted in yii, but it didn’t seam to be the right approach…

Can anyone guide me a little bit through this problem?

Thanks a lot!

2

I found this tutorial http://www.yiiframework.com/doc/blog/1.1/en/prototype.auth and tried to adapt to what I already have.

I have a user class with (‘id’ ‘login’ ‘password’ … fields)

So I’ve tried with this code




<?php

class UserIdentity extends CUserIdentity

{

    private $_id;

 

    public function authenticate()

    {

        $username=strtolower($this->username);

        $user=User::model()->find('LOWER(login)=?',array($username));

        if($user===null)

            $this->errorCode=self::ERROR_USERNAME_INVALID;

        else if(!$user->validatePassword($this->password))

            $this->errorCode=self::ERROR_PASSWORD_INVALID;

        else

        {

            $this->_id=$user->id;

            $this->username=$user->username;

            $this->errorCode=self::ERROR_NONE;

        }

        return $this->errorCode==self::ERROR_NONE;

    }

 

    public function getId()

    {

        return $this->_id;

    }

}

But it doesn’t work with the user (login=‘test’ password='test) that I have created in phpmyadmin…

Does anyone have a clue?

Thanks a lot!

3

try to create a model for your user table, then controller and views, and then create a user . then try log in

4

Thanks for your reply,

I’ve created a Model, and then a CRUD for the user. Then I’ve created a user in phpmyadmin… but it doesn’t work .

It says that I have an invalid username or password. It must be because in my table I use a ‘login’ field and not ‘username’. I’ve tried to do the modifications (see my previous message) but something must be wrong :confused:

5

Hi,

Please post your User table schema (or the attributes)

Also post the validatePassword method

6

OK here is my table




CREATE TABLE IF NOT EXISTS `user` (

  `id` mediumint(<img src='http://www.yiiframework.com/forum/public/style_emoticons/default/cool.gif' class='bbc_emoticon' alt='8)' /> unsigned NOT NULL AUTO_INCREMENT,

  `login` varchar(20) NOT NULL,

  `password` varchar(20) NOT NULL,

  `firstName` varchar(20) NOT NULL,

  `lastName` varchar(40) NOT NULL,

  `email` varchar(60) NOT NULL,

  `adress` varchar(100) DEFAULT NULL,

  `zip` int(11) DEFAULT NULL,

  `city` varchar(60) DEFAULT NULL,

  `departmentId` tinyint(3) unsigned NOT NULL COMMENT 'CONSTRAINT FOREIGN KEY (departmentId) REFERENCES Department(id)',

  `subscriptionDate` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,

  `birthday` datetime DEFAULT NULL,

  PRIMARY KEY (`id`),

  KEY `name` (`lastName`,`firstName`),

  KEY `departmentId` (`departmentId`)

) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=7 ;

And my validatepassword which is is models/user




	    public function validatePassword($password)

    {

        return crypt($password,$this->password)===$this->password;

    }
7

Are you sure that the validatePassword works correctly?

check it by this code, at the moment you are login to the system




        public function validatePassword($password)

    {

        var_dump(crypt($password,$this->password)===$this->password);

        die();

    }
8

"Boolean false" appears…

(thanks again for your help)

9

So, you have to solve it.

This is it the problem.

Check how the password stored in database for example as md5($password)

in this way you have to check like that if (md5($password)==$this->password) {…success…}

10

It means that validatePassword is called right?

Maybe the problem comes from the fact that password are not crypted in the database? (which is another problem to solve, but at the account creation)

11

Hi gelly again,

I mean your code may not compares the passwords in the right way

I don’t check the crypt php function by myself but you can check if the crypted password

is the same with password after of encryption.

So you could change the compare by simpler algorithm as I mentioned (at least temporarly)

Also check the method that encrypts the passwords before stores in the database.

So, the problem is the comparison

12

Yes, I think that the problem comes from the fact that the site doesn’t encrypt the password at the creation of the user.

I check it and I’ll come back,

Thanks for your help

13

Hi again,

I’m still blocked, I can’t figure out where I have to encrypt the password.

How it is used:

The user goest to "site/index.php/user/create" enter the fields and the clicks on "create" , it leads him to "site/index.php/user/8" where we can see the user infos.

But I can’t find which file to modify :confused:

It’s confusing…

14

Hi again gelly!

So, check this

on your model override these methods


public $pass_stored;

 

protected function afterFind(){

	 $this->pass_stored = $this->password;

      parent::afterFind();	 

}


public function beforeSave() {

        if (parent::beforeSave()) {

	    if ($this->pass_stored!=$this->password) $this->password = md5($this->password);            

            return true;

        } else {

            return false;

        }

}

create a new account and try to log-in replacing first the validatePassword


public function validatePassword($password)

{

  return md5($password)===$this->password;

}
15

Hi gelly!

Show us your code (User/loginform model/controller/UserIdentity.php). It makes the things easy to help you.