Jump to content
Larry Ullman's Book Forums
Sign in to follow this  
shivakumar karunakar

Authorization And Authentication

Recommended Posts

Hi

I am new to Yii Framework

I am trying to add authentications to my website and trying to take username(email) and password from database instead of demodemo or admin/admin which are default

 

I have completed the coding but when i am trying to manage users table it is displaying a message "Error 403--You are not authorized to perform this action."

 

 

This is my site controller.php

 

<?php

class SiteController extends Controller
{
/**
 * Declares class-based actions.
 */
public function actions()
{
	return array(
		// captcha action renders the CAPTCHA image displayed on the contact page
		'captcha'=>array(
			'class'=>'CCaptchaAction',
			'backColor'=>0xFFFFFF,
		),
		// page action renders "static" pages stored under 'protected/views/site/pages'
		// They can be accessed via: index.php?r=site/page&view=FileName
		'page'=>array(
			'class'=>'CViewAction',
		),
	);
}

/**
 * This is the default 'index' action that is invoked
 * when an action is not explicitly requested by users.
 */
public function actionIndex()
{
	// renders the view file 'protected/views/site/index.php'
	// using the default layout 'protected/views/layouts/main.php'
	$this->render('index');
}

/**
 * This is the action to handle external exceptions.
 */
public function actionError()
{
    if($error=Yii::app()->errorHandler->error)
    {
    	if(Yii::app()->request->isAjaxRequest)
    		echo $error['message'];
    	else
        	$this->render('error', $error);
    }
}

/**
 * Displays the contact page
 */
public function actionContact()
{
	$model=new ContactForm;
	if(isset($_POST['ContactForm']))
	{
		$model->attributes=$_POST['ContactForm'];
		if($model->validate())
		{
			$headers="From: {$model->email}\r\nReply-To: {$model->email}";
			mail(Yii::app()->params['adminEmail'],$model->subject,$model->body,$headers);
			Yii::app()->user->setFlash('contact','Thank you for contacting us. We will respond to you as soon as possible.');
			$this->refresh();
		}
	}
	$this->render('contact',array('model'=>$model));
}

/**
 * Displays the login page
 */
public function actionLogin()
{
	$model=new LoginForm;
	// if it is ajax validation request
	if(isset($_POST['ajax']) && $_POST['ajax']==='login-form')
	{
		echo CActiveForm::validate($model);
		Yii::app()->end();
	}

	// collect user input data
	if(isset($_POST['LoginForm']))
	{

		$model->attributes=$_POST['LoginForm'];


		// validate user input and redirect to the previous page if valid
		if($model->login())
		{
			//echo "userlogins";
			//print_r($_SESSION);
			//die;
			//$this->redirect(Yii::app()->user->returnUrl);

			$this->redirect('index.php?r=userrolestbl/create');
			//$this->render('userrolestbl/create',array('model'=>$model));
			//echo"success";die;
		}
	}
	// display the login form
	$this->render('login',array('model'=>$model));
}

/**
 * Logs out the current user and redirect to homepage.
 */
public function actionLogout()
{
	Yii::app()->user->logout();
	$this->redirect(Yii::app()->homeUrl);
}
}

 

User controller.php

 

<?php

class UserrolestblController extends Controller
{

public function accessRules()
{
	return array(
		array('allow',  // allow all users to perform 'index' and 'view' actions
			'actions'=>array('index','view'),
			'users'=>array('*'),
		),
		array('allow', // allow authenticated user to perform 'create' and 'update' actions
			'actions'=>array('create','update'),
			'users'=>array('@'),
		),
		array('allow', // allow admin user to perform 'admin','update' and 'delete' actions
			'actions'=>array('admin','delete','update'),
			'users'=>array('admin'),
		),
		array('deny',  // deny all users
			'users'=>array('*'),
		),
	);
}

/**
 * Displays a particular model.
 * @param integer $id the ID of the model to be displayed
 */
public function actionView($id)
{
	//echo "im view";die;
	$this->render('view',array(
		'model'=>$this->loadModel($id),
	));
}

/**
 * Creates a new model.
 * If creation is successful, the browser will be redirected to the 'view' page.
 */
public function actionCreate()
{
	//echo " 	im create";die;
	$model=new Userrolestbl;

	// Uncomment the following line if AJAX validation is needed
	// $this->performAjaxValidation($model);

	if(isset($_POST['Userrolestbl']))
	{
		$model->attributes=$_POST['Userrolestbl'];
		if($model->save())
			$this->redirect(array('view','id'=>$model->id));
	}

	$this->render('create',array(
		'model'=>$model,
	));
}

/**
 * Updates a particular model.
 * If update is successful, the browser will be redirected to the 'view' page.
 * @param integer $id the ID of the model to be updated
 */
public function actionUpdate($id)
{
	//echo "im update";die;

	$model=$this->loadModel($id);

	// Uncomment the following line if AJAX validation is needed
	// $this->performAjaxValidation($model);

	if(isset($_POST['Userrolestbl']))
	{
		$model->attributes=$_POST['Userrolestbl'];
		if($model->save())
			$this->redirect(array('view','id'=>$model->id));
	}

	$this->render('update',array(
		'model'=>$model,
	));
}

/**
 * Deletes a particular model.
 * If deletion is successful, the browser will be redirected to the 'admin' page.
 * @param integer $id the ID of the model to be deleted
 */
public function actionDelete($id)
{
	//echo "hi,im delete";die;

	if(Yii::app()->request->isPostRequest)
	{
		// we only allow deletion via POST request
		$this->loadModel($id)->delete();

		// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser
		if(!isset($_GET['ajax']))
			$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));
	}
	else
		throw new CHttpException(400,'Invalid request. Please do not repeat this request again.');
}

/**
 * Lists all models.
 */
public function actionIndex()
{
	//echo "im list";die;

	$dataProvider=new CActiveDataProvider('Userrolestbl');
	$this->render('index',array(
		'dataProvider'=>$dataProvider,
	));
}

/**
 * Manages all models.
 */
public function actionAdmin()
{
	$model=new Userrolestbl('search');
	$model->unsetAttributes();  // clear any default values
	if(isset($_GET['Userrolestbl']))
		$model->attributes=$_GET['Userrolestbl'];

	$this->render('admin',array(
		'model'=>$model,
	));
}

/**
 * Returns the data model based on the primary key given in the GET variable.
 * If the data model is not found, an HTTP exception will be raised.
 * @param integer the ID of the model to be loaded
 */
public function loadModel($id)
{
	$model=Userrolestbl::model()->findByPk((int)$id);
	if($model===null)
		throw new CHttpException(404,'The requested page does not exist.');
	return $model;
}

/**
 * Performs the AJAX validation.
 * @param CModel the model to be validated
 */
protected function performAjaxValidation($model)
{
	if(isset($_POST['ajax']) && $_POST['ajax']==='userrolestbl-form')
	{
		echo CActiveForm::validate($model);
		Yii::app()->end();
	}
}
}

 

can anyone help me out plzzzzzzzzzz

Share this post


Link to post
Share on other sites

UserIdentity.php

 

public function authenticate()
{	

	//print_r($this); exit;
	$user = Userrolestbl::model()->findByAttributes(array('email'=>$this->username));
	//echo "userlogins";die;
	//print_r($user); exit;

	//print_r($user); exit;
	if ($user===null) { // No user found!
		$this->errorCode=self::ERROR_USERNAME_INVALID;
	} else if ($user->password !== $this->password ) { 
	//echo "pass";die;// Invalid password!
		$this->errorCode=self::ERROR_PASSWORD_INVALID;
	} else { // Okay!
	//echo "okay";exit;

	    $this->errorCode=self::ERROR_NONE;
	    // Store the role in a session:
	    $this->setState('role', $user->role);
		$this->_id = $user->id;
	}
	return !$this->errorCode;
}

public function getId()
{
 return $this->_id;
}


 

 

LoginForm.php

 

public function authenticate($attribute,$params)
{
	if(!$this->hasErrors())
	{

		$this->_identity=new UserIdentity($this->email,$this->password);
		$this->_identity->authenticate();
		switch($this->_identity->errorCode)
		{
		    case UserIdentity::ERROR_NONE:
		        Yii::app()->user->login($this->_identity);
		        break;
		    case UserIdentity::ERROR_STATUS_NOTACTIV:
		        $this->addError("status","Your account is not activated.");
		        break;
		    default:
		    default:	
		   $this->addError('password','Incorrect username or password.');

		}


		//if(!$this->_identity->authenticate())
		//print_r($this);exit;
			//$this->addError('password','Incorrect username or password.');
			//print_r($this);exit;
	}
}

/**
 * Logs in the user using the given username and password in the model.
 * @return boolean whether login is successful
 */
public function login()
{
	if($this->_identity===null)
	{			
		//print_r($this);exit;
		$this->_identity=new UserIdentity($this->email,$this->password);
		$temp = $this->_identity->authenticate();

			Yii::app()->user->login($this->_identity,$duration);
			//print_r($tt);
			//die;

		return true;

	}
	if($this->_identity->errorCode===UserIdentity::ERROR_NONE)
	{	
		print "i m herer"; die;
		//$duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days
		Yii::app()->user->login($this->_identity,$duration);
		return true;
	}
	else
		return false;
}

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...