Now I will discuss the stages of the user authentication process that consists of the operation register, login, and logout.
First of all let's create a function to do the "register". This operation is an operation performed when the user wants to register in our application. Once the user to register, then user data is saved to the database on the table "user". To enter the data into a user table, we can use the action on UserController and actionCreate(). The following permissions are contained in UserController:
public function accessRules()
{
return array(
array('allow',
'actions'=>array('create','captcha'),
'users'=>array('*'),
),
array('allow',
'actions'=>array('update','view'),
'users'=>array('@'),
),
array('allow',
'actions'=>array('admin','index','delete'),
'expression'=>'$user->getLevel()<=1',
),
array('deny',
'users'=>array('*'),
),
);
}
Action "Create" is the register menu, this action can be accessed by all visitors who visit this web application. Captcha is also permitted for all types of visitors, captcha itself is a class that allows us to use a captcha on the register form. Captcha itself is used as a confirmation at the time of registration. Update and view the menu so that user can update and view profilenya profilenya. To perform this action, then the user must log in first. Admin, index and delete the menu that can only be by the admin. There are code 'expression'=>'$user->getLevel()<=1', this code will be discussed at the next.
In the user table are attribute-attribute as follows:
- Id = attribute is not inputted by the user but is automatically generated by the database
- Username = username user
- Password and saltPassword = password and saltPassword are two related attribute. Password will be inputted by the user himself, while saltPassword be generated automatically by the application. It's just the password attribute, the data entered into the database will not be the same as the data inputted by the user. The data will be entered into the password attribute itself is already encrypted data between user input and saltPassword. So do not be surprised if the next time you see the database password and saltPassword attribute is a set of characters that you never know. Why do we implement this mechanism? This was done to improve the security of the application. Even those who manage the application could not know the password of a user.
- Email = Email from user
- Joindate = date do register. This attribute will automatically take your user to register.
- Level_id = level to a user. This attribute by default will be set worth 3, the regular member
- Avatar = attribute that contains a link to a user avatar image file. In appearance, the user will be asked to select an image file to be used as avatar.
At the time of login, we will ask the user to enter the password twice. If the password1 and password2 are different, then the user is asked to repeat the process of entering a password. Then we ask the user to enter a captcha user confirmation. Therefore we need to add two variables, ie variables that we password2 and captcha verifyCode name. Therefore add the following attribute to your model:
class User extends CActiveRecord
{
public $password2;
public $verifyCode;
After that we created on the model of user validation in accordance with the business rules we have set:
public function rules()
{
return array(
array('username, password, email,password2,verifyCode', 'required','message'=>'{attribute} Not Allow Empty'),
array('verifyCode', 'captcha', 'allowEmpty'=>!extension_loaded('gd')),
array('level_id', 'numerical', 'integerOnly'=>true),
array('username', 'length', 'max'=>20),
array('password, saltPassword, email', 'length', 'max'=>50),
array('avatar','file', 'types'=>'gif,png,jpg'),
array('id, username, password, saltPassword, email, joinDate, level_id, avatar, isActive', 'safe', 'on'=>'search'),
);
}
- The first rule: attribute username, password, email, password2, verivyCode required.
- The second rule: VerifyCode must conform to the same as displayed by the captcha code.
- The third rule: level_id must be a number
- The fourth rule: maximum length is 20 characters username
- Fifth rule: The maximum length of the password, and email saltPassword maximum of 50
- Rule sixth: avatar attribute files and extensions should be allowed to file is a gif, jpg, and png.
Well, since we've added a new attribute to the rules user registers in the model, then we also need to set up the display to fit our rule:
<div>
<?php $form=$this->beginWidget('CActiveForm', array(
'id'=>'user-form',
'enableAjaxValidation'=>false,
'htmlOptions'=>array('enctype'=>'multipart/form-data'), )); ?>
<p>Fields with <span>*</span> are required.</p>
<?php echo $form->errorSummary($model); ?>
<div>
<?php echo $form->labelEx($model,'username'); ?>
<?php echo $form->textField($model,'username',array('size'=>20,'maxlength'=>20)); ?>
<?php echo $form->error($model,'username'); ?>
</div>
<div>
<?php echo $form->labelEx($model,'password'); ?>
<?php echo $form->passwordField($model,'password',array('size'=>50,'maxlength'=>50)); ?>
<?php echo $form->error($model,'password'); ?>
</div>
<div>
<?php echo $form->labelEx($model,'password2'); ?>
<?php echo $form->passwordField($model,'password2',array('size'=>50,'maxlength'=>50)); ?>
<?php echo $form->error($model,'password2'); ?>
</div>
<div>
<?php echo $form->labelEx($model,'email'); ?>
<?php echo $form->textField($model,'email',array('size'=>50,'maxlength'=>50)); ?>
<?php echo $form->error($model,'email'); ?>
</div>
<div>
<?php echo $form->labelEx($model,'avatar'); ?>
<?php echo $form->fileField($model,'avatar',array('size'=>30,'maxlength'=>30)); ?>
<?php echo $form->error($model,'avatar'); ?>
</div>
<?php if (extension_loaded('gd')): ?>
<div>
<?php echo CHtml::activeLabelEx($model, 'verifyCode') ?>
<div>
<?php $this->widget('CCaptcha'); ?><br/>
<?php echo CHtml::activeTextField($model,'verifyCode'); ?>
</div>
<div>Type in writing in the picture. Writing are not case sensitive</div>
</div>
<?php endif; ?>
<div>
<?php echo CHtml::submitButton($model->isNewRecord ? 'Create' : 'Save'); ?>
</div>
<?php $this->endWidget(); ?>
</div><!-- form -->
At the top there is a code to use to activate captcha captcha and we have to add the following code to the controller user:
public function actions()
{
return array(
'captcha'=>array(
'class'=>'CCaptchaAction',
'backColor'=>0xFFFFFF,
),
);
}
In the code above I added the input data for the attribute and verivyCode password2. I also make arrangements so that the attribute data input avatar that appears is ordered user to select an image file to be uploaded. After making the settings menu data input, we now also adjust the code to the controller in accordance with the rules of the register.
In action register, we will make the value of the attribute saltPassword generates and encrypts the password attribute corresponding to the data inputted by the user password and the value saltPassword. Therefore, we must do the settings on the Model "User". Add the following function to the model:
public function validatePassword($password)
{
return $this->hashPassword($password,$this->saltPassword)===$this->password; }
public function hashPassword($password,$salt)
{
return md5($salt.$password);
}
public function generateSalt()
{
return uniqid('',true);
}
After that, the User Controller precisely on actionCreate made to be as follows
public function actionCreate()
{
$model=new User;
// Uncomment the following line if AJAX validation is needed
// $this->performAjaxValidation($model);
if(isset($_POST['User']))
{
$model->attributes=$_POST['User'];
$dua=$model->password;
$model->saltPassword=$model->generateSalt();
$model->password=$model->hashPassword($dua,$model->saltPassword);
$model->level_id=3;
$model->isActive=0;
$sss;
if(strlen(trim(CUploadedFile::getInstance($model,'avatar'))) > 0)
{
$sss=CUploadedFile::getInstance($model,'avatar');
$model->avatar=$model->username.'.'.$sss->extensionName;
}
if($model->save()) {
if(strlen(trim($model->avatar)) > 0)
$sss->saveAs(Yii::app()->basePath . '/../avatar/' . $model->avatar);
$this->redirect(array('view','id'=>$model->id));
}
}
$this->render('create',array(
'model'=>$model,
));
}
All right, here we have managed to make actionCreate. Please you try running the function.