While developing my latest project with Yii I have encountered the following problem
The system should support 3 types of users: admins, intranet users and clients
Because I did not use the advanced RBAC structure for this I just added some information to the UserIdentity and it works great. My only problem are the loginforms. I have one loginform on the frontend website, it is intended for the client users. The admins and intranet users login on the backend. Because I did not want to show the backend (which has a different theme) login to my clients I set the default loginUrl in my config to the loginform of the clients. Now when an admin for example gets logged out because of inactivity and has to log in again, he is redirected to the client login screen, which does not work for him because client users are in a separate DB table, so he has to enter the right URL again.
I tried to set the loginUrl for each user, but that does not work. Are there any suggestions for this?
public function __construct() {
//url for login
Yii::app()->user->loginUrl=array('Backend/login');
//url for error reporting
Yii::app()->errorHandler->errorAction='Backend/Error';
parent::__construct('Backend');
}
If I understand correct, the loginUrl is not stored in the session of a user, but has to be set on every controller to which the user has access to… Thanks for the solution!
So, I check for an admin user first, then for a client. The limitation here is that Clients and Users can’t have the same username (I use the email address & force unique values).
This way I can use the same login form for everyone.
Obviously, it’s easy enough to extend this to check more tables (I’ll be adding Suppliers to ours).