This article is about implementing authentication to Yii based web services.
Suppose a hacker has an account of your website He could set the PHPSESSID to empty After of that He login in your system The PHPSESSID remains blank and user has already logged with this session
By default, the expression Yii::app()->user returns a [CWebUser] [application component](http://www.yiiframework.com/doc/guide/basics.application#application-component) which represents the information that are closely related with the current user. Some information can be persistent throughout the current user session. For example, [CWebUser] already comes with a [name|CWebUser::name] property th...
This tutorial will show you how to use the Pogostick Yii Extension Library to make an HTML TEXTAREA input element into a full-fledged WYSIWYG editor pretty much with very little code.
In this wiki, I try to implement a simple authorization schema without putting much logic inside a file or into database table. We are constructing authorization hierarchy inside the controller. We are getting roles for the current user from database table and assigning only roles to user that are declared in the particular controller. We have brought down the work of loading of auth data at ma...
Todos los que hemos empezado a utilizar Yii para crear aplicaciones Web, nos hemos dado de bruces cuando hemos intentado poner a funcionar el RBAC (acceso de control basado en roles).
p.s. latest version of this tutorial is always available unter the docs/ folder of the User Management Module.
In this mini howto I would like to show how to add a required captcha field in the login form, after a defined number of unsuccessfull attempts. To do this, I will use the blog demo that you have in default Yii download package (path/to/yii/demos/blog).
This article tries to explain the steps required in integrating the HybridAuth into Yii directly, without using an extension.
Yii does not have an LDAP class itself, but its very easy to implement LDAP in the stock UserIdentity class.
Update: This wiki has been rewritten to be in line with Yii 1.1.14. Since many of the detailed complexities are now handled by Yii, the article focuses on how the
crypt() built-in function works and why it's important to use it correctly.
In this cookbook I will attempt to explain how to use the lightweight version of Role-Based Access Control using a php file. This version does not use database but a php file and is controlled by CPhpAuthManager class.
YII_DEBUGto true (by default, it is defined in
index.php) and put alongside
error_reporting(E_ALL);. Then errors and warnings will stop the execution an...