Hi, I am completely new to Yii but I have made some custom PHP applications from scratch in the past which could be classified as amateur work.
I am in need of creating a site with a few forms. The idea is that in order to see the forms, users first have to log in. The signup must be disabled for anyone but administrators of the site. Administrators are the only ones who create the usernames and say a default password. Users must be able to change their password and other optional user information after they log in to the site.
From what I understand in the tutorial, bcrypt() is the way to go. But there are few issues I do not understand yet, and wonder if you could point me in the right direction based on these facts I need to keep in mind:
- sitename/web/index.php
This is where I shall display the login form. After the login, I will make a controller that defaults to a specific form, independent if the user is Administrator or not.
- Administrators
How do I create the first administrator (myself) with an encrypted password? Do I need to write the whole signup & login functionality to do this, and then to modify/remove the signup function after the first account is made? Is there a best practice on how to create a user/password table?
- Users
How to distinguish users from administrators? Maybe this could be done in the user/password table with an extra column that defines the user level? Again, any best practice here?
- Session handling
I need to make sure that there are no vulnerabilities here. I have witnessed cookie spoofing before and that is not fun. So, I need to make sure that users can navigate between 2-3 forms and the "settings/configuration" page where they administrate their account information and change password. Will Yii allow me to do this based on the content of the tutorial? I have not yet completed this part.
I appreciate all answers and guidelines you can come with. Thank you in advance!