所以我尝试登录Yii中的应用程序,它似乎停在他们的站点控制器的验证或登录功能。它从不登录它从来没有做任何有用的事情。没有任何显示,没有错误,nada zip
我关注的是:http://www.larryullman.com/2010/01/04/simple-authentication-with-the-yii-framework/
UserIdentity类:
class UserIdentity extends CUserIdentity
public function authenticate()
{
$user = User::model()->findByAttributes(array('username'=>$this->username));
$saltedPW = ""; // null string for salted PW
if ($user===null) { // No user found!
$this->errorCode=self::ERROR_USERNAME_INVALID;
}
if ($user!==null){
// salt the user password string then hash
// incase $user pw is not a salted hash, rather a password string
$saltedPW = md5(Yii::app()->params["salt"] . $user->password);
//testing the password
if (($user->password !== $this->password) ||
($saltedPW !== $this->password))
{
$this->errorCode=self::ERROR_PASSWORD_INVALID;
}
else
{
$this->errorCode=self::ERROR_NONE;
}
}
return !$this->errorCode;
}
}
从站点控制器登录:
public function actionLogin()
{
$model=new LoginForm;
// if it is ajax validation request
if(isset($_POST['ajax']) && $_POST['ajax']==='login-form')
{
echo CActiveForm::validate($model);
Yii::app()->end();
}
// collect user input data
if(isset($_POST['LoginForm']))
{
$model->attributes=$_POST['LoginForm'];
// validate user input and redirect to the previous page if valid
if($model->validate() && $model->login())
{
$this->redirect(Yii::app()->user->returnUrl);
}
else
{
$this->render('login',array('model'=>$model));
}
}
// display the login form
$this->render('login',array('model'=>$model));
}
登录表单
class LoginForm extends CFormModel
{
public $username;
public $password;
public $rememberMe;
private $_identity;
/**
* Declares the validation rules.
* The rules state that username and password are required,
* and password needs to be authenticated.
*/
public function rules()
{
return array(
// username and password are required
array('username, password', 'required'),
// rememberMe needs to be a boolean
array('rememberMe', 'boolean'),
// password needs to be authenticated
array('password', 'authenticate'),
);
}
/**
* Declares attribute labels.
*/
public function attributeLabels()
{
return array(
'rememberMe'=>'Remember me next time',
);
}
/**
* Authenticates the password.
* This is the 'authenticate' validator as declared in rules().
*/
public function authenticate($attribute,$params)
{
if(!$this->hasErrors())
{
$this->_identity=new UserIdentity($this->username,$this->password);
if(!$this->_identity->authenticate())
$this->addError('password','Incorrect username or password.');
}
}
/**
* Logs in the user using the given username and password in the model.
* @return boolean whether login is successful
*/
public function login()
{
if($this->_identity===null)
{
$this->_identity=new UserIdentity($this->username,$this->password);
$this->_identity->authenticate();
}
if($this->_identity->errorCode===UserIdentity::ERROR_NONE)
{
$duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days
Yii::app()->user->login($this->_identity,$duration);
return true;
}
else
return false;
}
}
答案 0 :(得分:1)
我刚用这个及其工作替换了UserIdentity类。
保护/组件/ UserIdentity.php
<?php
/**
* UserIdentity represents the data needed to identity a user.
* It contains the authentication method that checks if the provided
* data can identity the user.
*/
class UserIdentity extends CUserIdentity {
/**
* Id for current user.
* @var type
*/
private $_id;
/**
* Email address variable.
* @var type
*/
public $email;
/**
* Custom error indicators.
*/
const ERROR_EMAIL_INVALID = 3;
const ERROR_ACCOUNT_INACTIVE = 4;
/**
* Over-ride the parent constructor and uses email for auth.
* @param type $email
* @param type $password
*/
public function __construct($email, $password) {
$this->email = $email;
$this->username = $email;
$this->password = $password;
}
public function authenticate() {
// we need to filter on email only
$attrs = array('email' => $this->email);
// obtain all users matching this criterion
$record = User::model()->findByAttributes($attrs);
// if no users are obtained, we need to set custom message.
if ($record === null)
$this->errorCode = self::ERROR_EMAIL_INVALID;
// if password does not match, indicate this via message.
else if ($record->password !== crypt($this->password, $record->password))
$this->errorCode = self::ERROR_PASSWORD_INVALID;
// check if user account is enabled.
else if ($record->is_authorised == 0)
$this->errorCode = self::ERROR_ACCOUNT_INACTIVE;
else {
// all check passed, now initiate a whatevr.
$this->_id = $record->id;
$this->email = $this->username = $record->email;
// no error occurred.
$this->errorCode = self::ERROR_NONE;
}
// return the errorCode.
return $this->errorCode;
}
/**
* Returns ID.
* @return type
*/
public function getId() {
return $this->_id;
}
/**
* Returns username, part before '@' sign.
* @return type
*/
public function getName() {
$usernameParts = explode('@', $this->email);
return $usernameParts[0];
}
}