In this article I will show you how to implement a secure password hashing mechanism in your Yii projects using a bCrypt class.
In this article I will show you how to implement a secure password hashing mechanism in your Yii projects using a bCrypt class.
Lets say we have 3 modules (customer, user, admin) in an application and we need, separate logins for each module.
Like gmail, if you have tree or more unsuccessful login attemps a captcha appears
When talking about cookie-base login the Yii guide indicates the following:
In this wiki I will show how could be store last login date & time in database. First we need a field LastLoginTime (Type must be datetime). this field store a user login detalis (like - Date & Time).
This is as an extension of this wiki by Kartik V which shows to make different enableAutoLogin cookies for frontend and backend.
In this wiki I will show how could logout from all other sessions or all other places.
Getting "Expired token" errors ? Here is a solution to avoid invalid CSRF on POST or ajax requests, or user identity changes.
I am writing this guide because I struggled to find a resource that included ALL of the necessary steps to completely separate the frontend from the backend. After reading guides like Configuring different sessions for backend and frontend in yii-advanced-app and [yii2 configuring d...
Your need: You require that for shared machines, the user is authenticated again for a backend access again, if someone is logged in from frontend and vice versa.
This solution requires Yii 1.1.9 or above
The Problem: Yii2 utilizes by default UserIdentity configured in config/web.php for connection, this object apply one table to authentication ('identityClass' => 'app\panel\models\User'). How to authentication from diferent tables? Solution: Create instances in web.php to uses UserIdentify. eg: