Reputation: 711
How to authenticate user on index page in Yii
I am developing a web using Yii.
When I create a module using gii code generator, it will automatically add authentication to admin page of that particular model and controller.
But I want to add user authentication on index page itself. So, when a user opens website it should ask for login.
I have index.php inside the "view\site\" directory and login.php is also in the same directory.
I have sitecontroller.php in "\controller" directory (as usually)
It's my first project in Yii framework. Someone suggest me how to apply user authentication, when website opens.
Upvotes: 3
Views: 11871
Answers (6)
Reputation: 7277
Try it for Forcing Login for All Pages in Yii:
http://www.larryullman.com/2010/07/20/forcing-login-for-all-pages-in-yii/
And for forceful login in the index page you can customize
public function handleBeginRequest($event)
{
if (Yii::app()->user->isGuest && !in_array($_GET['r'],array('site/login'))) {
Yii::app()->user->loginRequired();
}
}
Upvotes: 1
Reputation: 1
In regards to the SecurityController component suggestion :
class SecurityController extends CController
Maybe because of a newer version: I had to extend SecurityController from Controller to make it work. But then it works as a charm
Upvotes: 0
Reputation: 29
This is same as above but as a component so that it needs to be done only once and all controllers needing security can extend this component.
Add a new component in the components directory (SecurityController.php):
<?php
class SecurityController extends CController {
public $breadcrumbs=array();
public function filters()
{
return array(
'accessControl',
);
}
public function accessRules()
{
return array(
array('allow',
//'actions'=>array('admin','delete','index'),
'users'=>array('admin', '@'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
}
Now ensure all your controllers that need authentication inherits from SecurityController:
<?php
class JSController extends SecurityController {
Upvotes: 1
Reputation: 711
Okay, I've done it finally.
Here is the code, I've added to the sitecontroller.php
public function filters()
{
return array(
'accessControl',
);
}
public function accessRules()
{
return array(
array('allow', // allow all users to perform only 'login' action
'actions'=>array('login'),
'users'=>array('*'),
),
array('allow', // allow admin user to perform 'admin' AND 'delete' AND 'index' actions
'actions'=>array('admin','delete','index'),
'users'=>array('admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
So, it's working now.
thanks to all for your valuable replies
Upvotes: 1
Reputation: 1659
Just add the following at the top of the SiteController's index() action:
if(Yii::app()->user->getId()===null)
$this->redirect(array('site/login'));
It will check if the user is logged. If that's not the case, the page will redirect to login.
In order to avoid any action being accessed by not logged users, you need to modify the accessRules() functions of your controllers:
public function accessRules()
{
return array(
array('allow',
'actions'=>array(),
'users'=>array('*'),
),
array('allow',
'actions'=>array(),
'users'=>array('@'),
),
array('allow',
'actions'=>array(),
'users'=>array('admin'),
),
array('deny',
'actions'=>array(),
'users'=>array('*'),
),
);
}
In each controller, we have that function, and within it we have that four arrays. Each array declares an access rule. In the 'actions' parameter we specify which actions will be affected that access rule, and in 'users' we specify which users will be allow to access the actions. '*' means all users, authenticated or unauthenticated. '@' means only authenticated users, 'admin' means of course only admin members.
If any 'actions' parameters has no actual actions assigned, then just delete than line:
array('allow',
'users'=>array('admin'),
),
Upvotes: 9
Reputation: 5798
You can check this posts
Special Topic - Authentication and Authorization
Check sample Blog App for post controller
Upvotes: 0
Related Questions
- yii2 Useage of user identity in index page
- Directing user to the desired page
- yii authentication in page after user has logged in
- Yii Framework & user authentication
- User login in yii
- How to force a login using YII?
- Yii: Force authenticate
- Yii LOGIN without the index.php it shows the login form again
- Redirect to login page instead of index page in Yii
- How can I limit access to a single static page to authenticated users in Yii?