First declare an attribute to store the file name in the model class (either a form model or an active record model).
Also declare a file validation rule for this attribute to ensure a file is uploaded with specific extension name.
In order to avoid bounce messages and unsolicited registrations, most webapps send automatic activation emails upon user registration, and the account remain inactive as long as it is not activated. Better yet, you can periodically purge your data by removing accounts that have not yet been activated.
Update: This wiki has been rewritten to be in line with Yii 1.1.14. Since many of the detailed complexities are now handled by Yii, the article focuses on how the crypt() built-in function works and why it's important to use it correctly.
This wiki is a step-by-step example explaining how the controller, model and the view's CGridView work together. It explains simple things - as well as more complex things that you will anyway quickly have to know. So, even if you don't use dynamic gridviews, take a morning off and thoroughly work through this tutorial. It should save you lots of struggling.
Authentication and Authorization is a good tutorial. Among other topics, it describes basic aspects of Yii's RBAC implementation. But however hard I read the tutorial, I couldn't understand how exactly the hierarchy works. I found how to define authorization hierarchy, how business rules are evaluated, how to configure authManager, but almost nothing about how I should build my hierarchy, in what sequence its nodes are checked, when the checking process stops and what would be the checking result.