Yii 1.1: Forcing login for all pages using CBehavior


In this wiki I will show how could forcing login for all pages and users must be logged in to access almost all of the site’s content.

In your main/config.php -

Within the primary array, We need to add these:

// behaviors
'behaviors' => array(
    'onBeginRequest' => array(
        'class' => 'application.components.RequireLogin'
// application components
    // enable cookie-based authentication
    'loginUrl' => array('site/login'), //login page url
// application-level parameters that can be accessed  
    'registrationUrl'=>'site/registration', //Registration page url
    'recoveryUrl'=>'site/recovery', //Recovery or change password page url
    'captchUrl'=>'site/captcha', //Captcha url

In your components -

Create a file called RequireLogin.php into components directory. In which needs to define the RequireLogin class, which should be an extension of the Yii CBehavior class. Within that class, only two methods need to be defined. The first is attach(), which will associate an event handler with the application and second is handleBeginRequest(), the method is to determine the conditions in which a login must be required of the user.

class RequireLogin extends CBehavior
public function attach($owner)
    $owner->attachEventHandler('onBeginRequest', array($this, 'handleBeginRequest'));
public function handleBeginRequest($event)
            $defaultUrl = ''; //Defualt page will show like - http://localhost/demo or http://example.com/
            $request = trim(Yii::app()->urlManager->parseUrl(Yii::app()->request), '/');
            $login = trim(Yii::app()->user->loginUrl[0], '/');
            $login = trim(is_array(Yii::app()->user->loginUrl) ? Yii::app()->user->loginUrl[0] : Yii::app()->user->loginUrl, '/'); //gets loginurl from main config file
            $registration = trim(Yii::app()->params['registrationUrl'], '/'); //gets registraion url from main config file
            $recovery = trim(Yii::app()->params['recoveryUrl'], '/'); //gets recovery url from main config file
            $captchUrl = trim(Yii::app()->params['captchUrl'], '/'); //gets captcha url from main config file/ it's show the captcha image
            // Restrict guests to public pages.
            $allowed = array($login,$registration,$recovery,$captchUrl,$defaultUrl);
            //allows users if not logged in to view only these 4 pages you can add others like above or like array($login,'site/login');
            if (Yii::app()->user->isGuest && !in_array($request, $allowed))
            // Prevent logged in users from viewing the login page.
            $request = substr($request, 0, strlen($login));
            if (!Yii::app()->user->isGuest && $request == $login)
            $url = Yii::app()->createUrl(Yii::app()->homeUrl[0]);

Reference - Forcing Login for All Pages in Yii

Total 3 comments

#17784 report it
karminski at 2014/07/22 09:26am

"Requiring login" is a base feature of Yii. Wy you dont use filters()? Just add filter 'accessControl' and set accessRules(). Thats all. http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#access-control-filter

#17777 report it
Rohit Suthar at 2014/07/22 07:09am
RE #17776

Dear Babak,

It's short and sweet codes, also new comers can be use for practice.

#17776 report it
bandpay at 2014/07/22 06:42am
Is there a specific reason for this?

Hi Rohit Suthar,

I was wondering why you chose this approach when we can use user-rights extension.

Have a nice day Sincerely Babak

Leave a comment

Please to leave your comment.

Write new article