Hi All,
I want to create two different login session for one for normal web user and another one for backend(CMS).
Backend CMS I’ve created as a module.
Thanks in Advance
Hi All,
I want to create two different login session for one for normal web user and another one for backend(CMS).
Backend CMS I’ve created as a module.
Thanks in Advance
I am not sure, but I think you can set different session name for your backend application, please check:
http://www.yiiframework.com/doc/api/1.1/CHttpSession#setSessionName-detail
Why not make it one user session but use role based permission to control what the user can do and access.
I think your suggestion will work. Let me try.
Thanks Ivica
This what I would also suggest…
if you need (for some security reasons) to have two separate auth areas - try to implement admin as separate application.
Thanks NaX,
But I think this is not a good idea to search max 10 CMS user in millions of user.
This is also a good idea.
But cons is I’ve to re-create all that model classes and something others for it also.
By the way
Thanks a lot
Models you can share, just configure import directory in config file so that both applications look for them in same directory. But of course you are right - there will be still two applications to maintain…
Maybe this helps:
Since role-based access seems to me overcomplicated, I solved the problem like this:
Create a field ‘admin_level’ in the ‘users’ table. Values 0: regular user, >0: admin. Example: 0: regular user, 1: power_user, 2: admin;
In the components/controller.php declare $userData, create the init() function and load the user: [font="Courier New"]$this->userData = Users::model()->findByPk(Yii::app()->user->id);[/font] From now on $this->userData is null for guests, not null for logged in users
In the components/controller.php create a function allowUser($admin_level), where $admin_level can be: -1: guests, 0…?: the userData->admin_level. The function throws a ‘403 Acces denied’ error if the $user_level is lower than expected.
In any action the first statement is $this->allowUser(x); This terminates the execution with 403 if the user hasn’t the required level
In views, for sensitive outputs do the test: if ($this->userData !== null) if ($this->userData->admin_level >= ADMIN) display_something_for_admins;
In menus do the same test. Extract the user level to $userLevel and write: array(‘label’=>‘Settings’, ‘url’=>array(’/management/settings’), ‘visible’=>$admin_level >= ADMIN),
The userData is handy for displaying/modifying all kind of information all around the page, like account_status, date_registered, last_active, total_posts, total_credits, etc., etc. For example if an admin changes the account_state of the user to disabled, at the next page load this can be checked and the user can be forced to log out. Due to cookie system, this can happen even days after…
just read the classic gii . you will find the solution .
gii use another login system . :
'user'=>array(
'class'=>'CWebUser',
'stateKeyPrefix'=>'gii',
'loginUrl'=>Yii::app()->createUrl($this->getId().'/default/login'),
),
notice the "stateKeyPrefix" . and the defaultController::logout:
/**
* Logs out the current user and redirect to homepage.
*/
public function actionLogout()
{
Yii::app()->user->logout(false);
$this->redirect(Yii::app()->createUrl('gii/default/index'));
}
logout(false) -------- here you go! 
Thank you yiqing95, that solved the problem for me 