Suppose a hacker has an account of your website He could set the PHPSESSID to empty After of that He login in your system The PHPSESSID remains blank and user has already logged with this session
Suppose a hacker has an account of your website He could set the PHPSESSID to empty After of that He login in your system The PHPSESSID remains blank and user has already logged with this session
Update: This wiki has been rewritten to be in line with Yii 1.1.14. Since many of the detailed complexities are now handled by Yii, the article focuses on how the crypt()
built-in function works and why it's important to use it correctly.
After creating an yii app . we need to implement permission, Authentication and Authorization .so the best way is to use the Yii users and Rights modules.
If you need simple Role based access control without the long RBAC process then this article is just for you. Lets jump to the point.
Please note that this article is a simple example and good security should be taken into account when we play with authentication systems.
Todos los que hemos empezado a utilizar Yii para crear aplicaciones Web, nos hemos dado de bruces cuando hemos intentado poner a funcionar el RBAC (acceso de control basado en roles).
If you want to add module based login to a site without using RBAC, please follow these guidelines.
p.s. latest version of this tutorial is always available unter the docs/ folder of the User Management Module.
Yii does not have an LDAP class itself, but its very easy to implement LDAP in the stock UserIdentity class.
After adding proper form to the main layout, like:
This tutorial will show you how to use the Pogostick Yii Extension Library to make an HTML TEXTAREA input element into a full-fledged WYSIWYG editor pretty much with very little code.
By default, the expression Yii::app()->user returns a [CWebUser] [application component](http://www.yiiframework.com/doc/guide/basics.application#application-component) which represents the information that are closely related with the current user. Some information can be persistent throughout the current user session. For example, [CWebUser] already comes with a [name|CWebUser::name] property th...