In this mini howto I would like to show how to add a required captcha field in the login form, after a defined number of unsuccessfull attempts.
To do this, I will use the blog demo that you have in default Yii download package (path/to/yii/demos/blog).
This HowTo assumes that you have a smattering of ACL in general and of how the acl-extension works basically. It will introduce you into the abstract and give you a hint on how to use Business-Rules. If you have in-depth questions, please refer to the extension documentation.
Using ACL in an RBAC-manner cannot and should never obscure the fact that the underlying system is still ACL-based. In fact, the Business-Rules are just another layer in the permission-check plan.
I installed phpseclib because I needed to do some AES encryption in my project. After all the hassle of installing php lib, I found out that Yii already has a security module (securityManager). I finally decided to keep using phpseclib because it has one big advantage over Yii securityManager module, it does not requite mcrypt to be installed in the phpserver!