Jump to content
Larry Ullman's Book Forums


  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by Edward

  1. The checkAccess() method performs an access check for the user we both should be using either Yii::app()->user->Name or Yii::app()->user->Id to find the actual username of the logged in user for static authentication values which you have. I hope for both of our sakes we have the correct answer this time. :D

    'visible'=>"(Yii::app()->user->Name==='admin') ? true : false;",

    This was actually the first time i had to go into investigate CWebUser a little more, i didn't understand my self why static actually work but now i do. I am using database authentication with my website but i truly understand why you are using static values, if i were in your situation i would do the same.

  2. You can fix that problem in CGridView by adding in this to the visible array key

    'visible'=>"(Yii::app()->user->checkAccess('admin')) ? true : false;",

    I would code the expression without the ! NOT and use the tenary operator, so if this is admin then visibility is true otherwise it will result in false.

  3. @Ron Which part of the code is throwing the array. Just checking you did add that code in your CGridView widget code right?


    @Larry Yeah i know what you mean, i kind of know i can do it but sometimes it doesn't always happen every time you are at the computer, i worked about 5 hours before trying to give that a bash brain was fried. I hope when my brain is fresh i can get it worked out, hahaha. I'll see what i come up with first and if i can't get it ill post up what i have so far and then you can hopefully help me find a final solution. Thanks

  4. No problem but sometimes i wonder if someone could help me also or have a Yii solutions. By the way i know what you mean about Yii and coding your website for the first time, Ive had to go back and recode a lot of stuff. I couldn't really see what was the best way of doing things until later down the line but anyway it seems like Ive taken a massive jump this year regardless of that.

  5. I have been working on other stuff and have to come back to this but as far as i know the Session tokens don't work with refreshing or clicking browser back button so you need to use POST/REDIRECT/GET design pattern. I will test both and let you know what i come up, all the online help is very iffy.

  6. I will help you with customizations CGridView as i believe one coded correctly is better than having two. You know what i mean repeated code is something we should all be avoiding.


    I did mention something about this already in post #6 which i made, i also found this post




    I have provided part of my code below and also delete parts out so not all there but that was how i customized in my CGridView. I have actually come across two things in CGridView that do not work at all but all the below works well, don't forget your CHtml::Encode i left mine out till later. You will need to identify whether the user is an admin or user then make a php expression for this in the visible array key value then the job will be done.

    		array (
                'name'=>'Payment Address',
    			'header'=>'Payment Address',
                	$checked = false;
    				if($data->payment_address === 'yes') $checked = true;
    				return CHtml::radioButton('paymentAddress',$checked,array('id'=>$data->id,'value'=>$data->id));
                		'label'=>'Update Address',
    					'url'=>'Yii::app()->createUrl("address/update", array("id"=>$data->id))',
                		'label'=>'Delete Address',
    					'click' => new CJavaScriptExpression(""),
    					'url'=>'Yii::app()->createUrl("address/delete", array("id"=>$data->id))',
    					'visible'=>'($data->registration_address === "yes") ? false : true;',
    • Upvote 1
  7. Just an update i did get some positive from this but if you redirect the browser back it still does duplicate submissions. By the way i am well aware how to stop this with Javascript, what i am looking for is a bullet proof php solution.


    1. Use PHP sessions to set a session variable (for example $_SESSION['posttimer']) to the current timestamp on post. Before actually processing the form in PHP, check if the $_SESSION['posttimer'] variable exists and check for a certain timestamp difference (IE: 2 seconds). This way, you can easily filter out double submits.


      // form.html
      <form action="foo.php" method="post">
      <input type="text" name="bar" />
      <input type="submit" value="Save">

      // foo.php
      if (isset($_POST) && !empty($_POST))
      if (isset($_SESSION['posttimer']))
      if ( (time() - $_SESSION['posttimer']) <= 2)
      // less then 2 seconds since last post
      // more than 2 seconds since last post
      $_SESSION['posttimer'] = time();

    Update what i could do is create another controller action user/createsuccess for example redirect to this after user/create, then if the user tried to click back they will be at user/createsuccess where you could then redirect them back to the page after. :)

  8. Hi Larry i know you are a busy man but i would like to see how you would implement this successfully in Yii, i need this all over my website and i haven't found any method that successfully works yet.




    If anyone has any methods that work for duplicate submission please let me know below, i tried a few and they failed to work.




    Even this forum cannot protect against it when JS is disabled, so what is the solution?

  9. This looks good but why didn't you just direct admin or the user to the same CGridView or which ever presentation grid you were using to present your data and then just disable its attributes depending on the user. I think that way you can save all the cloning.


    Gii can generate new crud functionality but it would be the same as you already have. You could just make a new controller name and generate some new crud then copy and paste over the templates deleting these files when you are finished. Personally i don't see the point in this, it would be far quicker just to make a new view.php file and just copy and paste code over and tweaking it a bit but still its not better than the above i suggested. The widgets are easily customizable its far easier to just tweak them a bit.

  10. If you go into CWebUser you can find the following, it surprises me why that worked at first but it can be explained.

    public $loginUrl=array('/site/login');
    * Returns the URL that the user should be redirected to after successful login.
    * This property is usually used by the login action. If the login is successful,
    * the action should read this property and use it to redirect the user browser.
    * @param string $defaultUrl the default return URL in case it was not set previously. If this is null,
    * the application entry URL will be considered as the default return URL.
    * @return string the URL that the user should be redirected to after login.
    * @see loginRequired
    public function getReturnUrl($defaultUrl=null)
    $defaultReturnUrl=Yii::app()->getUrlManager()->showScriptName ? Yii::app()->getRequest()->getScriptUrl() : Yii::app()->getRequest()->getBaseUrl().'/';
    return $this->getState('__returnUrl',$defaultReturnUrl);
    * @param string $value the URL that the user should be redirected to after login.
    public function setReturnUrl($value)
  11. I just had a thought while researching the above.  Could it be that, using the code you suggest above, I just copy and rename the .../protected/views/MyModel/admin.php file to something like '.../protected/views/MyModel/guest.php' in order to make the second view for the 'guest' user? Then edit the 'CButtonColumn' Class in guest.php to remove the 'update' and 'delete' buttons?


    Yes i also agree that would be a perfect method i have also done something similar you can use the 'visible' CButtonColumn feature and fill it in with php expression to disable it in a certain situation. I disabled users from being able to remove their registration address while other addresses like their shipping and payment addresses could be deleted. I think i am still learning things about CGridView but i really love it a lot now, we are truly blessed to have such great widgets.


    I used this php expression in my code, however you will have to tweak it to your situation with the users

    'visible'=>'($data->registration_address === "yes") ? false : true;',
  12. Thanks Edward,


    Do I create the two separate views with the Gii tool; when I went to do that it looked like a totally separate Controller would be created? And, this is a very simple site where I only have the 2 users 'admin' and 'guest'. So, will the 'Yii::app()->user->type === ...' work with the following:


    class UserIdentity extends CUserIdentity



         * Authenticates a user.

         * The example implementation makes sure if the username and password

         * are both 'demo'.

         * In practical applications, this should be changed to authenticate

         * against some persistent user identity storage (e.g. database).

         * @return boolean whether authentication succeeds.


        public function authenticate()



                // username => password

                // 'demo'=>'demopassword',










            return !$this->errorCode;




    If you are using static values for logging in users you can do it the way you are doing it and just use the standard rules like you are using

     array('allow', // allow admin user to perform 'admin' and 'delete' actions

    The way i suggested it was having users logged in the database but you are definitely right if its just a small site that would be ideal the way you have it.

  13. If i was you i would just create another controller action and render the view according to whether a user was an admin or user viewing the page. Here is a sample for the view action in the controller. You will also require two view files in your views folder under the controller name you wish to execute these actions admin_view.php and user_view.php.

    public function actionView($id)
    	if(Yii::app()->user->type === 'admin')

    You will also be required to set the type of user in components/userindentity.php




    This value can be given from loading up the users records from the database through active record.


    In your accessRules() in your controller you will also need to setup a little better authentication if you are using the setState and saving user type for example

    array('allow', // allow admin only for these actions
    				'expression'=>"isset(Yii::app()->user->type) && (Yii::app()->user->type === 'admin')",

    Hope this helps out.

  14. I assume your HAS_MANY relationship is correct in your Users model. I could try to make a guess as to what your $query variable holds but i would most definitely be wrong, i would take a closer look at that and the following thread. Just to brush up on working with Related models in this situation.



  15. I found a good currency api if you are interested its free if you update a couple of times a day. But you have to pay if you want updates every second. I will let you know if i find anything. What kind of percentage is your website complete now? You are actually a motivator for me to get mine done i think im about 20%.

  16. I am not clear of what you are doing here, are you creating your own widget? What is a Site model? What is the function of your forum with two text inputs? What are the vales supposed to be, why and what are you populating the remaining text input with?


    (Regarding this post 'I love the Yii widgets, it was all my fault things went wrong before, i love the them almost as much as my love for Larry himself'. Sorry for my negative attitude regarding widgets before, its all positive now.


    If you have any questions on how to do things with the CGridView, CDetailView etc Edward is the person to ask. If you have any questions bring them on, i would love to express my love from them in helping you.

  • Create New...