If anyone is having trouble with this and if you tying to force users login before they can view/do anything. You can do something like this:
Forcing login
Pretty much what seenlvasas said.
I use a variation of this and works well. I also added something like this to my main config file to manage sessions.
'components'=>array(
//forces user to login after 20 minutes of inactivity.
'session' => array(
'class' => 'CDbHttpSession',
'timeout' => 1200,
),
'user'=>array(
// enable cookie-based authentication
'class' => 'WebUser',
'allowAutoLogin'=>false,
'autoRenewCookie' => true,
'authTimeout' => 86400, //kills session after 24 hours just in case above fails or if a user clicks remember me it will only last for this duration.
'loginUrl' => array('/user/login'),
),
here is my exact RequireLogin.php note i’m using yii-user and the captcha image dosen’t render on login but i don’t use it anyways.
<?php
class RequireLogin extends CBehavior
{
public function attach($owner)
{
$owner->attachEventHandler('onBeginRequest', array($this, 'handleBeginRequest'));
}
public function handleBeginRequest($event)
{
$app = Yii::app();
$user = $app->user;
$recovery = trim(is_array(Yii::app()->getModule('user')->recoveryUrl) ? Yii::app()->getModule('user')->recoveryUrl[0] : Yii::app()->getModule('user')->recoveryUrl, '/'); //gets recovery url for yii-user
$registration = trim(is_array(Yii::app()->getModule('user')->registrationUrl) ? Yii::app()->getModule('user')->registrationUrl[0] : Yii::app()->getModule('user')->registrationUrl, '/'); //gets reistraion url for yii-user
$captchUrl = trim(is_array(Yii::app()->getModule('user')->captchaUrl) ? Yii::app()->getModule('user')->captchaUrl[0] : Yii::app()->getModule('user')->captchaUrl, '/'); //gets captcha url for yii-user..dosen't work?!?
$request = trim($app->urlManager->parseUrl($app->request), '/');
$login = trim($user->loginUrl[0], '/');
$login = trim(is_array($user->loginUrl) ? $user->loginUrl[0] : $user->loginUrl, '/'); //gets loginurl from main config file
// Restrict guests to public pages.
$allowed = array($login,$recovery,$registration,$captchUrl);//allows users if not logged in to view only these 4 pages you can add others like above or like array($login,'site/login'); either way works. This is easier than adding to each controller if you only want users to be able to view a few pages w/o logging in.
if ($user->isGuest && !in_array($request, $allowed))
$user->loginRequired();
// Prevent logged in users from viewing the login page.
$request = substr($request, 0, strlen($login));
if (!$user->isGuest && $request == $login)
{
$url = $app->createUrl($app->homeUrl[0]);
$app->request->redirect($url);
}
}
}
?>
My url manager also looks like this (displays urls like : myproject.com/products/create)
// uncomment the following to enable URLs in path-format
'urlManager'=>array(
'urlFormat'=>'path',
'showScriptName'=>false,
'caseSensitive'=>false,
'rules'=>array(
'<controller:\w+>/<id:\d+>'=>'<controller>/view',
'<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',
'<controller:\w+>/<action:\w+>'=>'<controller>/<action>',
),
),
This should help someone out!