Yii Framework Forum: gRbac - User registration, authentication and management - Yii Framework Forum

Jump to content

  • (4 Pages)
  • +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

gRbac - User registration, authentication and management Rate Topic: -----

#1 User is offline   Deepak Pradhan 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 209
  • Joined: 01-May 09
  • Location:Charlotte, NC

Posted 12 December 2009 - 01:28 PM

gRbac - User registration, authentication and management

test drive: http://grbac.gemisoft.com/
user: admin
pasword: password
0

#2 User is offline   gazbond 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 61
  • Joined: 02-November 09
  • Location:London, UK

Posted 13 December 2009 - 07:09 AM

Cool, I like the confirm email part.
How did you do that part?
0

#3 User is offline   Deepak Pradhan 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 209
  • Joined: 01-May 09
  • Location:Charlotte, NC

Posted 13 December 2009 - 03:59 PM

View Postgazbond, on 13 December 2009 - 07:09 AM, said:

Cool, I like the confirm email part.
How did you do that part?


I generate a random validation code and mail the user to confirm registration. The confirmation link intercept the code to validate, after which the account is set to active.
0

#4 User is offline   robregonm 

  • Experienced Yii Developer
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 602
  • Joined: 30-July 09
  • Location:Colombia

Posted 14 December 2009 - 08:38 AM

Very good and useful extension. Congratulations. I have a simple recommendation for now. I think you should use PHPMailer (mailer extension) instead of email extension. However, I have to say that gRbac is a very useful extension.

Regards
Ricardo Obregón
LinkedIn Profile
YiiFramework en Español - http://yiiframework.co/ - Yii Code Generator for Bootstrap
http://obregon.co/ - https://1server.co/
PHP 5.5+, nginx, MySQL, PostgreSQL, Yii 1.x & 2.x, CanJS and more.
Follow me: @robregonm & @obregonco & @1ServerCo.
0

#5 User is offline   Deepak Pradhan 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 209
  • Joined: 01-May 09
  • Location:Charlotte, NC

Posted 15 December 2009 - 12:55 PM

View Postrobregonm, on 14 December 2009 - 08:38 AM, said:

Very good and useful extension. Congratulations. I have a simple recommendation for now. I think you should use PHPMailer (mailer extension) instead of email extension. However, I have to say that gRbac is a very useful extension.

Regards


Thanks for the recommendation, I will definitely use it in next version when the base code is cleaned up.
0

#6 User is offline   Deepak Pradhan 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 209
  • Joined: 01-May 09
  • Location:Charlotte, NC

Posted 15 December 2009 - 12:58 PM

This is how my password generation looks like. I am total newbie when it come to the web security.

Please see and suggest if it is a good idea to use part of the user.created TS for salt.

    protected function beforeSave()
    {
        $hashAlgo = Yii::app()->getModule('grbac')->hashAlgo;
		// random salt =CCYYmmddHH, it must be set along with created, latter we will using created to derive the salt.
		$salt     = date("YmdH");
		$this->created = new CDbExpression('NOW()');
		$this->created = date("Y-m-d H:i:s");

        if (!function_exists('hash')) $this->password = md5($this->passwordNew.$salt);
        else                          $this->password = hash($hashAlgo, $this->passwordNew.$salt);

        return parent::beforeSave();
    }

0

#7 User is offline   robregonm 

  • Experienced Yii Developer
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 602
  • Joined: 30-July 09
  • Location:Colombia

Posted 15 December 2009 - 02:09 PM

Where can I download the latest version.
Do you use SVN/Mercurial for Subversioning?
There is no published files at http://www.yiiframew...xtension/grbac/

Regards
Ricardo Obregón
LinkedIn Profile
YiiFramework en Español - http://yiiframework.co/ - Yii Code Generator for Bootstrap
http://obregon.co/ - https://1server.co/
PHP 5.5+, nginx, MySQL, PostgreSQL, Yii 1.x & 2.x, CanJS and more.
Follow me: @robregonm & @obregonco & @1ServerCo.
0

#8 User is offline   Deepak Pradhan 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 209
  • Joined: 01-May 09
  • Location:Charlotte, NC

Posted 15 December 2009 - 02:18 PM

View Postrobregonm, on 15 December 2009 - 02:09 PM, said:

Where can I download the latest version.
Do you use SVN/Mercurial for Subversioning?
There is no published files at http://www.yiiframew...xtension/grbac/

Regards


added the pre-release file.
Please see the PM
0

#9 User is offline   robregonm 

  • Experienced Yii Developer
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 602
  • Joined: 30-July 09
  • Location:Colombia

Posted 15 December 2009 - 02:24 PM

Gr8,
I'll give it a try and I tell you my experience.

Regards
Ricardo Obregón
LinkedIn Profile
YiiFramework en Español - http://yiiframework.co/ - Yii Code Generator for Bootstrap
http://obregon.co/ - https://1server.co/
PHP 5.5+, nginx, MySQL, PostgreSQL, Yii 1.x & 2.x, CanJS and more.
Follow me: @robregonm & @obregonco & @1ServerCo.
0

#10 User is offline   Deepak Pradhan 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 209
  • Joined: 01-May 09
  • Location:Charlotte, NC

Posted 15 December 2009 - 02:41 PM

View Postrobregonm, on 15 December 2009 - 02:24 PM, said:

Gr8,
I'll give it a try and I tell you my experience.

Regards


Sure, please download the new copy. I updated the UserIdentity
0

#11 User is offline   Deepak Pradhan 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 209
  • Joined: 01-May 09
  • Location:Charlotte, NC

Posted 16 December 2009 - 01:33 PM

I am putting appropriate comments in the code and re-factoring the code.

In the first release, due this weekend, I will be adding PHPMailer as recommended by robregonm.
0

#12 User is offline   Deepak Pradhan 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 209
  • Joined: 01-May 09
  • Location:Charlotte, NC

Posted 17 December 2009 - 11:51 AM

View Postrobregonm, on 15 December 2009 - 02:24 PM, said:

Gr8,
I'll give it a try and I tell you my experience.

Regards

Hi download the new copy and let me know. Thanks
0

#13 User is offline   Locke 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 11
  • Joined: 08-December 09

Posted 23 December 2009 - 08:44 AM

[SOLVED]
Hi ,
i followed your installation instruction , however i only got Srbac working but not grbac .
the error i'm getting when trying to register or login is (http://localhost/srt...ration/register)
Error:403 'You are not authorized for this action'

Note : i've checked and userid=1 has itemname=Authority, and userid=2 has itemname=User in the assignments table
I'm sure it's a small issue but i couldn't figure it out

This was solved by adding the following to the /protected/config/main.php
'srbac'=>array(
  'alwaysAllowed'=>array('grbacAuthenticateLogin') 
 ),

0

#14 User is offline   Locke 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 11
  • Joined: 08-December 09

Posted 23 December 2009 - 10:30 AM

Now i can access the login page , register (with conformation)
But when i login it's redirects me to the index.php but
i'm not logged in , meaning i'm still considered a Guest user .

Any ideas ?
0

#15 User is offline   Deepak Pradhan 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 209
  • Joined: 01-May 09
  • Location:Charlotte, NC

Posted 23 December 2009 - 07:55 PM

View PostLocke, on 23 December 2009 - 10:30 AM, said:

Now i can access the login page , register (with conformation)
But when i login it's redirects me to the index.php but
i'm not logged in , meaning i'm still considered a Guest user .

Any ideas ?


Hi, first of all, thank you for your feedback.

Here are some debugging that can help.
Put a print_r($identity) after $identity = new UserIdentity($this->username, $this->password); in model/Users.php

If there is no error from the above, you possibly are authenticate good. The simplest way to verify is to check if the lastlogin Timestamp is changed. Possible problems could be the difference in encryption and decryption parameters, algo and functions used. I know it is not wise to put salt and algo in the user table. As soon as I have some time to avail, I will put these in a separate table (user_security), along with question, answers and alternate recovery email.

I have $this->redirect(Yii::app()->user->returnUrl); in AuthenticateController, but it always throws me to index page when I am authenticate good. I still do not have the solution to that yet. Surely some brainiac here will highlight us with solution.

If you see that the lastlogin TS is updated and your app()->user->isGuest is still true, possible for some reason your user identity is not set correctly.
0

#16 User is offline   Locke 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 11
  • Joined: 08-December 09

Posted 24 December 2009 - 04:22 AM

Hi ,
thanks for the quick reply :) . unfortunately it's still not working :mellow: .
Timestamp of last login is the same as created.
after some digging i think i narrowed it down to this :

in grbac/controllers/AuthenticateController.php :
 public function actionLogin() {
   ....
      // validates and authenticates
      if($user->validate('Users'))
                   $this->redirect(Yii::app()->user->returnUrl);
 ...
 }

the If returns true (honestly i didn't understand why) , thus preforming the redirect .

However in the process it does not trigger "authenticateLogin" in Users as it should
from what i gathered . looking at the Users model "authenticateLogin" should be
triggered from the 'login' scenario and not the 'Users' as written in the controller.
(Option #2 is i don't really understand scenarios ::) )

When i change
if($user->validate('Users'))
to
if($user->validate('login))

"authenticateLogin" is triggered , but that creates other problems .
0

#17 User is offline   Deepak Pradhan 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 209
  • Joined: 01-May 09
  • Location:Charlotte, NC

Posted 24 December 2009 - 09:40 AM

View PostLocke, on 24 December 2009 - 04:22 AM, said:

Hi ,
thanks for the quick reply :) . unfortunately it's still not working :mellow: .
Timestamp of last login is the same as created.
after some digging i think i narrowed it down to this :

in grbac/controllers/AuthenticateController.php :
 public function actionLogin() {
   ....
      // validates and authenticates
      if($user->validate())
                   $this->redirect(Yii::app()->user->returnUrl);
 ...
 }

the If returns true (honestly i didn't understand why) , thus preforming the redirect .

However in the process it does not trigger "authenticateLogin" in Users as it should
from what i gathered . looking at the Users model "authenticateLogin" should be
triggered from the 'login' scenario and not the 'Users' as written in the controller.
(Option #2 is i don't really understand scenarios ::) )

When i change
if($user->validate('Users'))
to
if($user->validate('login))

"authenticateLogin" is triggered , but that creates other problems .



Can you try this:
  public function actionLogin() {
    $user=new Users('login');
    // add the scenario
    $user->scenario='login';

    if(isset($_POST['Users'])) {
      $user->setAttributes($_POST['Users']);
      // validates and authenticates
      if($user->validate()) // notice
        $this->redirect(Yii::app()->user->returnUrl);
    }
    $this->render('login',array('form'=>$user));
  }

0

#18 User is offline   Locke 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 11
  • Joined: 08-December 09

Posted 24 December 2009 - 10:50 AM

It's working :D :D :D

Now i can continue to work on your very cool extension
Thank you very much , keep up the good work !!
0

#19 User is offline   Locke 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 11
  • Joined: 08-December 09

Posted 24 December 2009 - 11:06 AM

Little Bug
In grbac/controllers/AdminController.php :
public function actionManage() {
    $actives   = Users::model()->count('active=1');
    $inactives = Users::model()->count('active=0');
    $this->render('manage', array('users'=>$users,'actives'=>$actives,'inactives'=>$inactives));
  }

Thus $users isn't defined and we get error , so i changed it to this and now it's working .
Probably we don't need all the data from Users and should use CDbCriteria , it's just a quick fix.

public function actionManage() {
    $actives   = Users::model()->count('active=1');
    $inactives = Users::model()->count('active=0');
    $users= Users::model()->findAll();
    $this->render('manage', array('users'=>$users,'actives'=>$actives,'inactives'=>$inactives));
  }


i'm off to check emailing capabilities :)
0

#20 User is offline   robregonm 

  • Experienced Yii Developer
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 602
  • Joined: 30-July 09
  • Location:Colombia

Posted 24 December 2009 - 04:11 PM

I've tested your extension and I think that some "tableName" functions in some models should be modified to detect automatically the tablename from srbac configuration or maybe should be inherited from main Users model and only this model implements this code. Also, I think i18n for this ext will be very useful.
I can give you a hand, I like this extension very much, contact me and maybe we implement a SVN (e.g. Google Code) and it will e easier to modify and maintain. (I'm testing with Yii 1.1-dev and Srbac 1.1-dev)
Best regards and merry christmas.
Ricardo Obregón
LinkedIn Profile
YiiFramework en Español - http://yiiframework.co/ - Yii Code Generator for Bootstrap
http://obregon.co/ - https://1server.co/
PHP 5.5+, nginx, MySQL, PostgreSQL, Yii 1.x & 2.x, CanJS and more.
Follow me: @robregonm & @obregonco & @1ServerCo.
0

Share this topic:


  • (4 Pages)
  • +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users