Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hi there you guys.

 

I have recently started using Yii and I am trying to develop a couple of basic systems one of which is a simple registration and login system. I have succeeded in the registration form and entering data into the database(MYSQL). I used a hash_hmac function in a similar fashion used in Effortless e-commerce, also written by Larry.

 

A encrypted form of the password does show up in my database so I'm guessing this is not the problem. I'm using the agile application development using Yii book as a learning aid and did the login system according to this. I have however named my database table columns differently and suspect that this might perhaps be the problem but don't know how to fix it. (I suspect that it's quite similar to Larry's login example where he assigns the email to username rather than email in order not to upset the rest of the framework). Or perhaps it's a problem with the encrypt method. I really don't know if anybody could please help me I would be really grateful!

 

Here is my encryption function as located in my Users AR class:

 

 

/**
* perform one-way encryption on the user_password before we store it in
the database
*/
protected function afterValidate()
{
parent::afterValidate();
$this->user_password = $this->encrypt($this->user_password);
}
public function encrypt($value)
{
return hash_hmac('sha256', $value, 'c#haRl891', true);
}

 

 

 

 

The UserIdentity class is as follows:

 

<?php
/**
* UserIdentity represents the data needed to identity a user.
* It contains the authentication method that checks if the provided
* data can identify the user.
*/
class UserIdentity extends CUserIdentity
{
private $_id;
/**
* Authenticates a user using the User data model.
*Reference to username instead in order not to upset framework
* @return boolean whether authentication succeeds.
*/
public function authenticate()
{
$user=Users::model()->findByAttributes(array('user_email'=>$this->username));
if($user===null)
{
$this->errorCode=self::ERROR_USERNAME_INVALID;
}
else
{

if($user->user_password!==$user->encrypt($this->user_password))
{
$this->errorCode=self::ERROR_PASSWORD_INVALID;
}
else
{

//Session variables set here accesed like this anywhere in app:Yii::app()->user->userEmail;
$this->_id = $user->user_id;
$user_email = ($user->user_email);
$this->setState('userEmail', $user_email); $this->errorCode=self::ERROR_NONE;
}
}
return !$this->errorCode;
}
public function getId()
{
return $this->_id;
}
}

 

 

 

 

The login class is as follows:

 

<?php
/**
* UserIdentity represents the data needed to identity a user.
* It contains the authentication method that checks if the provided
* data can identify the user.
*/
class UserIdentity extends CUserIdentity
{
private $_id;
/**
* Authenticates a user using the User data model.
* Word username genoem om nie die res van die framework te affekteer nie
* @return boolean whether authentication succeeds.
*/
public function authenticate()
{
$user=Users::model()->findByAttributes(array('user_email'=>$this->username));
if($user===null)
{
$this->errorCode=self::ERROR_USERNAME_INVALID;
}
else
{

if($user->user_password!==$user->encrypt($this->user_password))
{
$this->errorCode=self::ERROR_PASSWORD_INVALID;
}
else
{

//Session variables set here accesed like this anywhere in app:Yii::app()->user->userEmail;
$this->_id = $user->user_id;
$user_email = ($user->user_email);$this->setState('userEmail', $user_email); $this->errorCode=self::ERROR_NONE;
}
}
return !$this->errorCode;
}
public function getId()
{
return $this->_id;
}
}

 

 

 

The LoginForm class is as follows:

 

<?php
/**
* LoginForm class.
* LoginForm is the data structure for keeping
* user login form data. It is used by the 'login' action of 'SiteController'.
*/
class LoginForm extends CFormModel
{
public $user_email;
public $user_password;private $_identity;
/**
 * Declares the validation rules.
 * The rules state that username and user_password are required,
 * and user_password needs to be authenticated.
 */
public function rules()
{
 return array(
  // username and user_password are required
  array('user_email, user_password', 'required'),
  /*
  // rememberMe needs to be a boolean
  array('rememberMe', 'boolean'),
  */
  // user_password needs to be authenticated
  array('user_password', 'authenticate'),
 );
}/**
 * Declares attribute labels.
 */
public function attributeLabels()
{
 return array(
  'user_email'=>'Email',
  'user_password'=>'Password',
 );
}
/**
 * Authenticates the user_password.
 * This is the 'authenticate' validator as declared in rules().
 */
public function authenticate($attribute,$params)
{
 if(!$this->hasErrors())
 {
  $this->_identity=new UserIdentity($this->user_email,$this->user_password);
  if(!$this->_identity->authenticate())
$this->addError('user_password','Incorrect username or Password.');
 }
}/**
 * Logs in the user using the given username and user_password in the model.
 * @return boolean whether login is successful
 */
public function login()
{
 if($this->_identity===null)
 {
  $this->_identity=new UserIdentity($this->user_email,$this->user_password);
  $this->_identity->authenticate();
 }

}
}

 

 

Trying to log in results in the following error:

 

Property "Users.user_password" is not defined.

 

 

C:\wamp\www\framework\db\ar\CActiveRecord.php(144)

 

132 */

133 public function __get($name)

134 {

135 if(isset($this->_attributes[$name]))

136 return $this->_attributes[$name];

137 else if(isset($this->getMetaData()->columns[$name]))

138 return null;

139 else if(isset($this->_related[$name]))

140 return $this->_related[$name];

141 else if(isset($this->getMetaData()->relations[$name]))

142 return $this->getRelated($name);

143 else

144 return parent::__get($name);

145 }

146

147 /**

148 * PHP setter magic method.

149 * This method is overridden so that AR attributes can be accessed like properties.

150 * @param string $name property name

151 * @param mixed $value property value

152 */

153 public function __set($name,$value)

154 {

155 if($this->setAttribute($name,$value)===false)

 

 

 

 

 

As You should be able to see, my column for passwords in the users table, is not named password but instead user_password. I would like to keep it this way. As pointed out earlier, I think that either this or the my encrypt function might be the problem.

 

 

Any help would really be greatly appreciated!!

Regards,

Hermann (Yii Newbie!!!)

Share this post


Link to post
Share on other sites

Oh and I would really like to keep the hash_hmac function as is seeing as my other site uses this exact function and I would prefer to not have to ask users to re-enter their passwords when I eventually use this Yii based site instead of the old procedural programmed site.

Share this post


Link to post
Share on other sites

I answered a similar problem some time ago. He/she solved the problem after improving upon the UserIdentity::authentificate(). I think this should also work for you.

 

Btw. Developing inside the Yii-framework does not mean you have to do it "YII's way". The most important thing is to create easy to understand logic so that bugs/similar are less likely to happen. Make your applications easy to understand, and these things won't happen that often. I'm guessing both of you found this code online and thought it was good. It's not, as it's not easy understandable.

 

Here it is

 

Good luck.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...