Jump to content
Larry Ullman's Book Forums

Authorization And Authentication


Recommended Posts

Hi

I am new to Yii Framework

I am trying to add authentications to my website and trying to take username(email) and password from database instead of demodemo or admin/admin which are default

 

I have completed the coding but when i am trying to manage users table it is displaying a message "Error 403--You are not authorized to perform this action."

 

 

This is my site controller.php

 

<?php

class SiteController extends Controller
{
/**
 * Declares class-based actions.
 */
public function actions()
{
	return array(
		// captcha action renders the CAPTCHA image displayed on the contact page
		'captcha'=>array(
			'class'=>'CCaptchaAction',
			'backColor'=>0xFFFFFF,
		),
		// page action renders "static" pages stored under 'protected/views/site/pages'
		// They can be accessed via: index.php?r=site/page&view=FileName
		'page'=>array(
			'class'=>'CViewAction',
		),
	);
}

/**
 * This is the default 'index' action that is invoked
 * when an action is not explicitly requested by users.
 */
public function actionIndex()
{
	// renders the view file 'protected/views/site/index.php'
	// using the default layout 'protected/views/layouts/main.php'
	$this->render('index');
}

/**
 * This is the action to handle external exceptions.
 */
public function actionError()
{
    if($error=Yii::app()->errorHandler->error)
    {
    	if(Yii::app()->request->isAjaxRequest)
    		echo $error['message'];
    	else
        	$this->render('error', $error);
    }
}

/**
 * Displays the contact page
 */
public function actionContact()
{
	$model=new ContactForm;
	if(isset($_POST['ContactForm']))
	{
		$model->attributes=$_POST['ContactForm'];
		if($model->validate())
		{
			$headers="From: {$model->email}\r\nReply-To: {$model->email}";
			mail(Yii::app()->params['adminEmail'],$model->subject,$model->body,$headers);
			Yii::app()->user->setFlash('contact','Thank you for contacting us. We will respond to you as soon as possible.');
			$this->refresh();
		}
	}
	$this->render('contact',array('model'=>$model));
}

/**
 * Displays the login page
 */
public function actionLogin()
{
	$model=new LoginForm;
	// if it is ajax validation request
	if(isset($_POST['ajax']) && $_POST['ajax']==='login-form')
	{
		echo CActiveForm::validate($model);
		Yii::app()->end();
	}

	// collect user input data
	if(isset($_POST['LoginForm']))
	{

		$model->attributes=$_POST['LoginForm'];


		// validate user input and redirect to the previous page if valid
		if($model->login())
		{
			//echo "userlogins";
			//print_r($_SESSION);
			//die;
			//$this->redirect(Yii::app()->user->returnUrl);

			$this->redirect('index.php?r=userrolestbl/create');
			//$this->render('userrolestbl/create',array('model'=>$model));
			//echo"success";die;
		}
	}
	// display the login form
	$this->render('login',array('model'=>$model));
}

/**
 * Logs out the current user and redirect to homepage.
 */
public function actionLogout()
{
	Yii::app()->user->logout();
	$this->redirect(Yii::app()->homeUrl);
}
}

 

User controller.php

 

<?php

class UserrolestblController extends Controller
{

public function accessRules()
{
	return array(
		array('allow',  // allow all users to perform 'index' and 'view' actions
			'actions'=>array('index','view'),
			'users'=>array('*'),
		),
		array('allow', // allow authenticated user to perform 'create' and 'update' actions
			'actions'=>array('create','update'),
			'users'=>array('@'),
		),
		array('allow', // allow admin user to perform 'admin','update' and 'delete' actions
			'actions'=>array('admin','delete','update'),
			'users'=>array('admin'),
		),
		array('deny',  // deny all users
			'users'=>array('*'),
		),
	);
}

/**
 * Displays a particular model.
 * @param integer $id the ID of the model to be displayed
 */
public function actionView($id)
{
	//echo "im view";die;
	$this->render('view',array(
		'model'=>$this->loadModel($id),
	));
}

/**
 * Creates a new model.
 * If creation is successful, the browser will be redirected to the 'view' page.
 */
public function actionCreate()
{
	//echo " 	im create";die;
	$model=new Userrolestbl;

	// Uncomment the following line if AJAX validation is needed
	// $this->performAjaxValidation($model);

	if(isset($_POST['Userrolestbl']))
	{
		$model->attributes=$_POST['Userrolestbl'];
		if($model->save())
			$this->redirect(array('view','id'=>$model->id));
	}

	$this->render('create',array(
		'model'=>$model,
	));
}

/**
 * Updates a particular model.
 * If update is successful, the browser will be redirected to the 'view' page.
 * @param integer $id the ID of the model to be updated
 */
public function actionUpdate($id)
{
	//echo "im update";die;

	$model=$this->loadModel($id);

	// Uncomment the following line if AJAX validation is needed
	// $this->performAjaxValidation($model);

	if(isset($_POST['Userrolestbl']))
	{
		$model->attributes=$_POST['Userrolestbl'];
		if($model->save())
			$this->redirect(array('view','id'=>$model->id));
	}

	$this->render('update',array(
		'model'=>$model,
	));
}

/**
 * Deletes a particular model.
 * If deletion is successful, the browser will be redirected to the 'admin' page.
 * @param integer $id the ID of the model to be deleted
 */
public function actionDelete($id)
{
	//echo "hi,im delete";die;

	if(Yii::app()->request->isPostRequest)
	{
		// we only allow deletion via POST request
		$this->loadModel($id)->delete();

		// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser
		if(!isset($_GET['ajax']))
			$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));
	}
	else
		throw new CHttpException(400,'Invalid request. Please do not repeat this request again.');
}

/**
 * Lists all models.
 */
public function actionIndex()
{
	//echo "im list";die;

	$dataProvider=new CActiveDataProvider('Userrolestbl');
	$this->render('index',array(
		'dataProvider'=>$dataProvider,
	));
}

/**
 * Manages all models.
 */
public function actionAdmin()
{
	$model=new Userrolestbl('search');
	$model->unsetAttributes();  // clear any default values
	if(isset($_GET['Userrolestbl']))
		$model->attributes=$_GET['Userrolestbl'];

	$this->render('admin',array(
		'model'=>$model,
	));
}

/**
 * Returns the data model based on the primary key given in the GET variable.
 * If the data model is not found, an HTTP exception will be raised.
 * @param integer the ID of the model to be loaded
 */
public function loadModel($id)
{
	$model=Userrolestbl::model()->findByPk((int)$id);
	if($model===null)
		throw new CHttpException(404,'The requested page does not exist.');
	return $model;
}

/**
 * Performs the AJAX validation.
 * @param CModel the model to be validated
 */
protected function performAjaxValidation($model)
{
	if(isset($_POST['ajax']) && $_POST['ajax']==='userrolestbl-form')
	{
		echo CActiveForm::validate($model);
		Yii::app()->end();
	}
}
}

 

can anyone help me out plzzzzzzzzzz

Link to comment
Share on other sites

UserIdentity.php

 

public function authenticate()
{	

	//print_r($this); exit;
	$user = Userrolestbl::model()->findByAttributes(array('email'=>$this->username));
	//echo "userlogins";die;
	//print_r($user); exit;

	//print_r($user); exit;
	if ($user===null) { // No user found!
		$this->errorCode=self::ERROR_USERNAME_INVALID;
	} else if ($user->password !== $this->password ) { 
	//echo "pass";die;// Invalid password!
		$this->errorCode=self::ERROR_PASSWORD_INVALID;
	} else { // Okay!
	//echo "okay";exit;

	    $this->errorCode=self::ERROR_NONE;
	    // Store the role in a session:
	    $this->setState('role', $user->role);
		$this->_id = $user->id;
	}
	return !$this->errorCode;
}

public function getId()
{
 return $this->_id;
}


 

 

LoginForm.php

 

public function authenticate($attribute,$params)
{
	if(!$this->hasErrors())
	{

		$this->_identity=new UserIdentity($this->email,$this->password);
		$this->_identity->authenticate();
		switch($this->_identity->errorCode)
		{
		    case UserIdentity::ERROR_NONE:
		        Yii::app()->user->login($this->_identity);
		        break;
		    case UserIdentity::ERROR_STATUS_NOTACTIV:
		        $this->addError("status","Your account is not activated.");
		        break;
		    default:
		    default:	
		   $this->addError('password','Incorrect username or password.');

		}


		//if(!$this->_identity->authenticate())
		//print_r($this);exit;
			//$this->addError('password','Incorrect username or password.');
			//print_r($this);exit;
	}
}

/**
 * Logs in the user using the given username and password in the model.
 * @return boolean whether login is successful
 */
public function login()
{
	if($this->_identity===null)
	{			
		//print_r($this);exit;
		$this->_identity=new UserIdentity($this->email,$this->password);
		$temp = $this->_identity->authenticate();

			Yii::app()->user->login($this->_identity,$duration);
			//print_r($tt);
			//die;

		return true;

	}
	if($this->_identity->errorCode===UserIdentity::ERROR_NONE)
	{	
		print "i m herer"; die;
		//$duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days
		Yii::app()->user->login($this->_identity,$duration);
		return true;
	}
	else
		return false;
}

Link to comment
Share on other sites

  • 1 month later...
 Share

×
×
  • Create New...