Reputation: 682
yii2 Useage of user identity in index page
In yii2 is it save to use the instance of yii2 identity in index page. For instance:
Yii::$app->user->idnetity->user_fname;
Does this compromise on its security if I use this in view page or is it safe to use??
Thank you
Upvotes: 0
Views: 75
Answers (2)
Reputation: 18021
It's not clear what you mean by "safe to use" but in general you can safely display anything as long as it's sanitized (especially if it comes from user's input).
Usually it's enough to use encode() method from Html Helper.
<?php echo \yii\helpers\Html::encode(\Yii::$app->user->identity->user_fname); ?>
If you are not sure if user is logged in or not in this view it's good to check:
<?php if (\Yii::$app->user->isGuest): ?>
Welcome Guest!
<?php else: ?>
Hello, <?= \yii\helpers\Html::encode(\Yii::$app->user->identity->user_fname); ?>
<?php endif; ?>
Upvotes: 0
Reputation: 133380
The php function are performed server side .. so this part of code is not in client browser ..
in client browser eventually you send an echo of the result eg:
echo Yii::$app->user->identity->username
In this way in the browser is only showed the name of the user nothing others
Upvotes: 1
Related Questions
- Yii2 AccessControl
- How to authenticate user on index page in Yii
- Yii2 - User Identity Secure?
- AuthAction in yii2
- Yii 2.0 authentication in UserIdentity without database
- Custom authentication issue in Yii2
- How do I implement my own authentication in Yii2?
- yii authentication in page after user has logged in
- Yii Framework & user authentication
- Yii framework: AuthManager