Package | system.web.auth |
---|---|
Inheritance | class CWebUser » CApplicationComponent » CComponent |
Implements | IApplicationComponent, IWebUser |
Since | 1.0 |
Source Code | framework/web/auth/CWebUser.php |
Yii::app()->user
.
Property | Type | Description | Defined By |
---|---|---|---|
absoluteAuthTimeout | integer | timeout in seconds after which user is logged out regardless of activity. | CWebUser |
allowAutoLogin | boolean | whether to enable cookie-based login. | CWebUser |
authTimeout | integer | timeout in seconds after which user is logged out if inactive. | CWebUser |
autoRenewCookie | boolean | whether to automatically renew the identity cookie each time a page is requested. | CWebUser |
autoUpdateFlash | boolean | whether to automatically update the validity of flash messages. | CWebUser |
behaviors | array | the behaviors that should be attached to this component. | CApplicationComponent |
flashes | array | Returns all flash messages. | CWebUser |
guestName | string | the name for a guest user. | CWebUser |
id | mixed | Returns a value that uniquely represents the user. | CWebUser |
identityCookie | array | the property values (in name-value pairs) used to initialize the identity cookie. | CWebUser |
isGuest | boolean | Returns a value indicating whether the user is a guest (not authenticated). | CWebUser |
isInitialized | boolean | Checks if this application component has been initialized. | CApplicationComponent |
loginRequiredAjaxResponse | string | value that will be echoed in case that user session has expired during an ajax call. | CWebUser |
loginUrl | string|array | the URL for login. | CWebUser |
name | string | Returns the unique identifier for the user (e.g. username). | CWebUser |
returnUrl | string | Returns the URL that the user should be redirected to after successful login. | CWebUser |
stateKeyPrefix | string | a prefix for the name of the session variables storing user session data. | CWebUser |
Method | Description | Defined By |
---|---|---|
__call() | Calls the named method which is not a class method. | CComponent |
__get() | PHP magic method. | CWebUser |
__isset() | PHP magic method. | CWebUser |
__set() | PHP magic method. | CWebUser |
__unset() | PHP magic method. | CWebUser |
asa() | Returns the named behavior object. | CComponent |
attachBehavior() | Attaches a behavior to this component. | CComponent |
attachBehaviors() | Attaches a list of behaviors to the component. | CComponent |
attachEventHandler() | Attaches an event handler to an event. | CComponent |
canGetProperty() | Determines whether a property can be read. | CComponent |
canSetProperty() | Determines whether a property can be set. | CComponent |
checkAccess() | Performs access check for this user. | CWebUser |
clearStates() | Clears all user identity information from persistent storage. | CWebUser |
detachBehavior() | Detaches a behavior from the component. | CComponent |
detachBehaviors() | Detaches all behaviors from the component. | CComponent |
detachEventHandler() | Detaches an existing event handler. | CComponent |
disableBehavior() | Disables an attached behavior. | CComponent |
disableBehaviors() | Disables all behaviors attached to this component. | CComponent |
enableBehavior() | Enables an attached behavior. | CComponent |
enableBehaviors() | Enables all behaviors attached to this component. | CComponent |
evaluateExpression() | Evaluates a PHP expression or callback under the context of this component. | CComponent |
getEventHandlers() | Returns the list of attached event handlers for an event. | CComponent |
getFlash() | Returns a flash message. | CWebUser |
getFlashes() | Returns all flash messages. | CWebUser |
getId() | Returns a value that uniquely represents the user. | CWebUser |
getIsGuest() | Returns a value indicating whether the user is a guest (not authenticated). | CWebUser |
getIsInitialized() | Checks if this application component has been initialized. | CApplicationComponent |
getName() | Returns the unique identifier for the user (e.g. username). | CWebUser |
getReturnUrl() | Returns the URL that the user should be redirected to after successful login. | CWebUser |
getState() | Returns the value of a variable that is stored in user session. | CWebUser |
getStateKeyPrefix() | Returns a prefix for the name of the session variables storing user session data. | CWebUser |
hasEvent() | Determines whether an event is defined. | CComponent |
hasEventHandler() | Checks whether the named event has attached handlers. | CComponent |
hasFlash() | Determines whether the specified flash message exists | CWebUser |
hasProperty() | Determines whether a property is defined. | CComponent |
hasState() | Returns a value indicating whether there is a state of the specified name. | CWebUser |
init() | Initializes the application component. | CWebUser |
login() | Logs in a user. | CWebUser |
loginRequired() | Redirects the user browser to the login page. | CWebUser |
logout() | Logs out the current user. | CWebUser |
raiseEvent() | Raises an event. | CComponent |
setFlash() | Stores a flash message. | CWebUser |
setId() | Sets the unique identifier for the user. If null, it means the user is a guest. | CWebUser |
setName() | Sets the unique identifier for the user (e.g. username). | CWebUser |
setReturnUrl() | Sets the URL that the user should be redirected to after login. | CWebUser |
setState() | Stores a variable in user session. | CWebUser |
setStateKeyPrefix() | Sets a prefix for the name of the session variables storing user session data. | CWebUser |
Method | Description | Defined By |
---|---|---|
afterLogin() | This method is called after the user is successfully logged in. | CWebUser |
afterLogout() | This method is invoked right after a user is logged out. | CWebUser |
beforeLogin() | This method is called before logging in a user. | CWebUser |
beforeLogout() | This method is invoked when calling logout to log out a user. | CWebUser |
changeIdentity() | Changes the current user with the specified identity information. | CWebUser |
createIdentityCookie() | Creates a cookie to store identity information. | CWebUser |
loadIdentityStates() | Loads identity states from an array and saves them to persistent storage. | CWebUser |
renewCookie() | Renews the identity cookie. | CWebUser |
restoreFromCookie() | Populates the current user object with the information obtained from cookie. | CWebUser |
saveIdentityStates() | Retrieves identity states from persistent storage and saves them as an array. | CWebUser |
saveToCookie() | Saves necessary user data into a cookie. | CWebUser |
updateAuthStatus() | Updates the authentication status according to authTimeout. | CWebUser |
updateFlash() | Updates the internal counters for flash messages. | CWebUser |
timeout in seconds after which user is logged out regardless of activity.
whether to enable cookie-based login. Defaults to false.
timeout in seconds after which user is logged out if inactive. If this property is not set, the user will be logged out after the current session expires (c.f. CHttpSession::timeout).
whether to automatically renew the identity cookie each time a page is requested. Defaults to false. This property is effective only when allowAutoLogin is true. When this is false, the identity cookie will expire after the specified duration since the user is initially logged in. When this is true, the identity cookie will expire after the specified duration since the user visits the site the last time.
whether to automatically update the validity of flash messages. Defaults to true, meaning flash messages will be valid only in the current and the next requests. If this is set false, you will be responsible for ensuring a flash message is deleted after usage. (This can be achieved by calling getFlash with the 3rd parameter being true).
Returns all flash messages. This method is similar to getFlash except that it returns all currently available flash messages.
the name for a guest user. Defaults to 'Guest'. This is used by getName when the current user is a guest (not authenticated).
Returns a value that uniquely represents the user.
the property values (in name-value pairs) used to initialize the identity cookie. Any property of CHttpCookie may be initialized. This property is effective only when allowAutoLogin is true.
Returns a value indicating whether the user is a guest (not authenticated).
value that will be echoed in case that user session has expired during an ajax call.
When a request is made and user session has expired, loginRequired redirects to loginUrl for login.
If that happens during an ajax call, the complete HTML login page is returned as the result of that ajax call. That could be
a problem if the ajax call expects the result to be a json array or a predefined string, as the login page is ignored in that case.
To solve this, set this property to the desired return value.
If this property is set, this value will be returned as the result of the ajax call in case that the user session has expired.
the URL for login. If using array, the first element should be the route to the login action, and the rest name-value pairs are GET parameters to construct the login URL (e.g. array('/site/login')). If this property is null, a 403 HTTP exception will be raised instead.
Returns the unique identifier for the user (e.g. username). This is the unique identifier that is mainly used for display purpose.
Returns the URL that the user should be redirected to after successful login. This property is usually used by the login action. If the login is successful, the action should read this property and use it to redirect the user browser.
a prefix for the name of the session variables storing user session data.
public mixed __get(string $name)
| ||
$name | string | property name |
{return} | mixed | property value |
public function __get($name)
{
if($this->hasState($name))
return $this->getState($name);
else
return parent::__get($name);
}
PHP magic method. This method is overridden so that persistent states can be accessed like properties.
public boolean __isset(string $name)
| ||
$name | string | property name |
{return} | boolean |
public function __isset($name)
{
if($this->hasState($name))
return $this->getState($name)!==null;
else
return parent::__isset($name);
}
PHP magic method. This method is overridden so that persistent states can also be checked for null value.
public void __set(string $name, mixed $value)
| ||
$name | string | property name |
$value | mixed | property value |
public function __set($name,$value)
{
if($this->hasState($name))
$this->setState($name,$value);
else
parent::__set($name,$value);
}
PHP magic method. This method is overridden so that persistent states can be set like properties.
public void __unset(string $name)
| ||
$name | string | property name |
public function __unset($name)
{
if($this->hasState($name))
$this->setState($name,null);
else
parent::__unset($name);
}
PHP magic method. This method is overridden so that persistent states can also be unset.
protected void afterLogin(boolean $fromCookie)
| ||
$fromCookie | boolean | whether the login is based on cookie. |
protected function afterLogin($fromCookie)
{
}
This method is called after the user is successfully logged in. You may override this method to do some postprocessing (e.g. log the user login IP and time; load the user permission information).
protected void afterLogout()
|
This method is invoked right after a user is logged out. You may override this method to do some extra cleanup work for the user.
protected boolean beforeLogin(mixed $id, array $states, boolean $fromCookie)
| ||
$id | mixed | the user ID. This is the same as returned by getId(). |
$states | array | a set of name-value pairs that are provided by the user identity. |
$fromCookie | boolean | whether the login is based on cookie |
{return} | boolean | whether the user should be logged in |
protected function beforeLogin($id,$states,$fromCookie)
{
return true;
}
This method is called before logging in a user. You may override this method to provide additional security check. For example, when the login is cookie-based, you may want to verify that the user ID together with a random token in the states can be found in the database. This will prevent hackers from faking arbitrary identity cookies even if they crack down the server private key.
protected boolean beforeLogout()
| ||
{return} | boolean | whether to log out the user |
protected function beforeLogout()
{
return true;
}
This method is invoked when calling logout to log out a user. If this method return false, the logout action will be cancelled. You may override this method to provide additional check before logging out a user.
protected void changeIdentity(mixed $id, string $name, array $states)
| ||
$id | mixed | a unique identifier for the user |
$name | string | the display name for the user |
$states | array | identity states |
protected function changeIdentity($id,$name,$states)
{
Yii::app()->getSession()->regenerateID(true);
$this->setId($id);
$this->setName($name);
$this->loadIdentityStates($states);
}
Changes the current user with the specified identity information. This method is called by login and restoreFromCookie when the current user needs to be populated with the corresponding identity information. Derived classes may override this method by retrieving additional user-related information. Make sure the parent implementation is called first.
public boolean checkAccess(string $operation, array $params=array (
), boolean $allowCaching=true)
| ||
$operation | string | the name of the operation that need access check. |
$params | array | name-value pairs that would be passed to business rules associated with the tasks and roles assigned to the user. Since version 1.1.11 a param with name 'userId' is added to this array, which holds the value of getId() when CDbAuthManager or CPhpAuthManager is used. |
$allowCaching | boolean | whether to allow caching the result of access check.
When this parameter
is true (default), if the access check of an operation was performed before,
its result will be directly returned when calling this method to check the same operation.
If this parameter is false, this method will always call CAuthManager::checkAccess
to obtain the up-to-date access result. Note that this caching is effective
only within the same request and only works when $params=array() . |
{return} | boolean | whether the operations can be performed by this user. |
public function checkAccess($operation,$params=array(),$allowCaching=true)
{
if($allowCaching && $params===array() && isset($this->_access[$operation]))
return $this->_access[$operation];
$access=Yii::app()->getAuthManager()->checkAccess($operation,$this->getId(),$params);
if($allowCaching && $params===array())
$this->_access[$operation]=$access;
return $access;
}
Performs access check for this user.
public void clearStates()
|
public function clearStates()
{
$keys=array_keys($_SESSION);
$prefix=$this->getStateKeyPrefix();
$n=strlen($prefix);
foreach($keys as $key)
{
if(!strncmp($key,$prefix,$n))
unset($_SESSION[$key]);
}
}
Clears all user identity information from persistent storage. This will remove the data stored via setState.
protected CHttpCookie createIdentityCookie(string $name)
| ||
$name | string | the cookie name |
{return} | CHttpCookie | the cookie used to store identity information |
protected function createIdentityCookie($name)
{
$cookie=new CHttpCookie($name,'');
if(is_array($this->identityCookie))
{
foreach($this->identityCookie as $name=>$value)
$cookie->$name=$value;
}
return $cookie;
}
Creates a cookie to store identity information.
public mixed getFlash(string $key, mixed $defaultValue=NULL, boolean $delete=true)
| ||
$key | string | key identifying the flash message |
$defaultValue | mixed | value to be returned if the flash message is not available. |
$delete | boolean | whether to delete this flash message after accessing it. Defaults to true. |
{return} | mixed | the message message |
public function getFlash($key,$defaultValue=null,$delete=true)
{
$value=$this->getState(self::FLASH_KEY_PREFIX.$key,$defaultValue);
if($delete)
$this->setFlash($key,null);
return $value;
}
Returns a flash message. A flash message is available only in the current and the next requests.
public array getFlashes(boolean $delete=true)
| ||
$delete | boolean | whether to delete the flash messages after calling this method. |
{return} | array | flash messages (key => message). |
public function getFlashes($delete=true)
{
$flashes=array();
$prefix=$this->getStateKeyPrefix().self::FLASH_KEY_PREFIX;
$keys=array_keys($_SESSION);
$n=strlen($prefix);
foreach($keys as $key)
{
if(!strncmp($key,$prefix,$n))
{
$flashes[substr($key,$n)]=$_SESSION[$key];
if($delete)
unset($_SESSION[$key]);
}
}
if($delete)
$this->setState(self::FLASH_COUNTERS,array());
return $flashes;
}
Returns all flash messages. This method is similar to getFlash except that it returns all currently available flash messages.
public mixed getId()
| ||
{return} | mixed | the unique identifier for the user. If null, it means the user is a guest. |
public function getId()
{
return $this->getState('__id');
}
Returns a value that uniquely represents the user.
public boolean getIsGuest()
| ||
{return} | boolean | whether the current application user is a guest. |
public function getIsGuest()
{
return $this->getState('__id')===null;
}
Returns a value indicating whether the user is a guest (not authenticated).
public string getName()
| ||
{return} | string | the user name. If the user is not logged in, this will be guestName. |
public function getName()
{
if(($name=$this->getState('__name'))!==null)
return $name;
else
return $this->guestName;
}
Returns the unique identifier for the user (e.g. username). This is the unique identifier that is mainly used for display purpose.
public string getReturnUrl(string $defaultUrl=NULL)
| ||
$defaultUrl | string | the default return URL in case it was not set previously. If this is null, the application entry URL will be considered as the default return URL. |
{return} | string | the URL that the user should be redirected to after login. |
public function getReturnUrl($defaultUrl=null)
{
if($defaultUrl===null)
{
$defaultReturnUrl=Yii::app()->getUrlManager()->showScriptName ? Yii::app()->getRequest()->getScriptUrl() : Yii::app()->getRequest()->getBaseUrl().'/';
}
else
{
$defaultReturnUrl=CHtml::normalizeUrl($defaultUrl);
}
return $this->getState('__returnUrl',$defaultReturnUrl);
}
Returns the URL that the user should be redirected to after successful login. This property is usually used by the login action. If the login is successful, the action should read this property and use it to redirect the user browser.
public mixed getState(string $key, mixed $defaultValue=NULL)
| ||
$key | string | variable name |
$defaultValue | mixed | default value |
{return} | mixed | the value of the variable. If it doesn't exist in the session, the provided default value will be returned |
public function getState($key,$defaultValue=null)
{
$key=$this->getStateKeyPrefix().$key;
return isset($_SESSION[$key]) ? $_SESSION[$key] : $defaultValue;
}
Returns the value of a variable that is stored in user session.
This function is designed to be used by CWebUser descendant classes
who want to store additional user information in user session.
A variable, if stored in user session using setState can be
retrieved back using this function.
public string getStateKeyPrefix()
| ||
{return} | string | a prefix for the name of the session variables storing user session data. |
public function getStateKeyPrefix()
{
if($this->_keyPrefix!==null)
return $this->_keyPrefix;
else
return $this->_keyPrefix=md5('Yii.'.get_class($this).'.'.Yii::app()->getId());
}
public boolean hasFlash(string $key)
| ||
$key | string | key identifying the flash message |
{return} | boolean | whether the specified flash message exists |
public function hasFlash($key)
{
return $this->getFlash($key, null, false)!==null;
}
public boolean hasState(string $key)
| ||
$key | string | state name |
{return} | boolean | whether there is a state of the specified name. |
public function hasState($key)
{
$key=$this->getStateKeyPrefix().$key;
return isset($_SESSION[$key]);
}
Returns a value indicating whether there is a state of the specified name.
public void init()
|
public function init()
{
parent::init();
Yii::app()->getSession()->open();
if($this->getIsGuest() && $this->allowAutoLogin)
$this->restoreFromCookie();
elseif($this->autoRenewCookie && $this->allowAutoLogin)
$this->renewCookie();
if($this->autoUpdateFlash)
$this->updateFlash();
$this->updateAuthStatus();
}
Initializes the application component. This method overrides the parent implementation by starting session, performing cookie-based authentication if enabled, and updating the flash variables.
protected void loadIdentityStates(array $states)
| ||
$states | array | the identity states |
protected function loadIdentityStates($states)
{
$names=array();
if(is_array($states))
{
foreach($states as $name=>$value)
{
$this->setState($name,$value);
$names[$name]=true;
}
}
$this->setState(self::STATES_VAR,$names);
}
Loads identity states from an array and saves them to persistent storage.
public boolean login(IUserIdentity $identity, integer $duration=0)
| ||
$identity | IUserIdentity | the user identity (which should already be authenticated) |
$duration | integer | number of seconds that the user can remain in logged-in status. Defaults to 0, meaning login till the user closes the browser. If greater than 0, cookie-based login will be used. In this case, allowAutoLogin must be set true, otherwise an exception will be thrown. |
{return} | boolean | whether the user is logged in |
public function login($identity,$duration=0)
{
$id=$identity->getId();
$states=$identity->getPersistentStates();
if($this->beforeLogin($id,$states,false))
{
$this->changeIdentity($id,$identity->getName(),$states);
if($duration>0)
{
if($this->allowAutoLogin)
$this->saveToCookie($duration);
else
throw new CException(Yii::t('yii','{class}.allowAutoLogin must be set true in order to use cookie-based authentication.',
array('{class}'=>get_class($this))));
}
if ($this->absoluteAuthTimeout)
$this->setState(self::AUTH_ABSOLUTE_TIMEOUT_VAR, time()+$this->absoluteAuthTimeout);
$this->afterLogin(false);
}
return !$this->getIsGuest();
}
Logs in a user.
The user identity information will be saved in storage that is
persistent during the user session. By default, the storage is simply
the session storage. If the duration parameter is greater than 0,
a cookie will be sent to prepare for cookie-based login in future.
Note, you have to set allowAutoLogin to true
if you want to allow user to be authenticated based on the cookie information.
public void loginRequired()
|
public function loginRequired()
{
$app=Yii::app();
$request=$app->getRequest();
if(!$request->getIsAjaxRequest())
{
$this->setReturnUrl($request->getUrl());
if(($url=$this->loginUrl)!==null)
{
if(is_array($url))
{
$route=isset($url[0]) ? $url[0] : $app->defaultController;
$url=$app->createUrl($route,array_splice($url,1));
}
$request->redirect($url);
}
}
elseif(isset($this->loginRequiredAjaxResponse))
{
echo $this->loginRequiredAjaxResponse;
Yii::app()->end();
}
throw new CHttpException(403,Yii::t('yii','Login Required'));
}
Redirects the user browser to the login page. Before the redirection, the current URL (if it's not an AJAX url) will be kept in returnUrl so that the user browser may be redirected back to the current page after successful login. Make sure you set loginUrl so that the user browser can be redirected to the specified login URL after calling this method. After calling this method, the current request processing will be terminated.
public void logout(boolean $destroySession=true)
| ||
$destroySession | boolean | whether to destroy the whole session. Defaults to true. If false, then clearStates will be called, which removes only the data stored via setState. |
public function logout($destroySession=true)
{
if($this->beforeLogout())
{
if($this->allowAutoLogin)
{
Yii::app()->getRequest()->getCookies()->remove($this->getStateKeyPrefix());
if($this->identityCookie!==null)
{
$cookie=$this->createIdentityCookie($this->getStateKeyPrefix());
$cookie->value=null;
$cookie->expire=0;
Yii::app()->getRequest()->getCookies()->add($cookie->name,$cookie);
}
}
if($destroySession)
Yii::app()->getSession()->destroy();
else
$this->clearStates();
$this->_access=array();
$this->afterLogout();
}
}
Logs out the current user. This will remove authentication-related session data. If the parameter is true, the whole session will be destroyed as well.
protected void renewCookie()
|
protected function renewCookie()
{
$request=Yii::app()->getRequest();
$cookies=$request->getCookies();
$cookie=$cookies->itemAt($this->getStateKeyPrefix());
if($cookie && !empty($cookie->value) && ($data=Yii::app()->getSecurityManager()->validateData($cookie->value))!==false)
{
$data=@unserialize($data);
if(is_array($data) && isset($data[0],$data[1],$data[2],$data[3]))
{
$this->saveToCookie($data[2]);
}
}
}
Renews the identity cookie. This method will set the expiration time of the identity cookie to be the current time plus the originally specified cookie duration.
protected void restoreFromCookie()
|
protected function restoreFromCookie()
{
$app=Yii::app();
$request=$app->getRequest();
$cookie=$request->getCookies()->itemAt($this->getStateKeyPrefix());
if($cookie && !empty($cookie->value) && is_string($cookie->value) && ($data=$app->getSecurityManager()->validateData($cookie->value))!==false)
{
$data=@unserialize($data);
if(is_array($data) && isset($data[0],$data[1],$data[2],$data[3]))
{
list($id,$name,$duration,$states)=$data;
if($this->beforeLogin($id,$states,true))
{
$this->changeIdentity($id,$name,$states);
if($this->autoRenewCookie)
{
$this->saveToCookie($duration);
}
$this->afterLogin(true);
}
}
}
}
Populates the current user object with the information obtained from cookie. This method is used when automatic login (allowAutoLogin) is enabled. The user identity information is recovered from cookie. Sufficient security measures are used to prevent cookie data from being tampered.
protected array saveIdentityStates()
| ||
{return} | array | the identity states |
protected function saveIdentityStates()
{
$states=array();
foreach($this->getState(self::STATES_VAR,array()) as $name=>$dummy)
$states[$name]=$this->getState($name);
return $states;
}
Retrieves identity states from persistent storage and saves them as an array.
protected void saveToCookie(integer $duration)
| ||
$duration | integer | number of seconds that the user can remain in logged-in status. Defaults to 0, meaning login till the user closes the browser. |
protected function saveToCookie($duration)
{
$app=Yii::app();
$cookie=$this->createIdentityCookie($this->getStateKeyPrefix());
$cookie->expire=time()+$duration;
$data=array(
$this->getId(),
$this->getName(),
$duration,
$this->saveIdentityStates(),
);
$cookie->value=$app->getSecurityManager()->hashData(serialize($data));
$app->getRequest()->getCookies()->add($cookie->name,$cookie);
}
Saves necessary user data into a cookie. This method is used when automatic login (allowAutoLogin) is enabled. This method saves user ID, username, other identity states and a validation key to cookie. These information are used to do authentication next time when user visits the application.
public void setFlash(string $key, mixed $value, mixed $defaultValue=NULL)
| ||
$key | string | key identifying the flash message |
$value | mixed | flash message |
$defaultValue | mixed | if this value is the same as the flash message, the flash message will be removed. (Therefore, you can use setFlash('key',null) to remove a flash message.) |
public function setFlash($key,$value,$defaultValue=null)
{
$this->setState(self::FLASH_KEY_PREFIX.$key,$value,$defaultValue);
$counters=$this->getState(self::FLASH_COUNTERS,array());
if($value===$defaultValue)
unset($counters[$key]);
else
$counters[$key]=0;
$this->setState(self::FLASH_COUNTERS,$counters,array());
}
Stores a flash message. A flash message is available only in the current and the next requests.
public void setId(mixed $value)
| ||
$value | mixed | the unique identifier for the user. If null, it means the user is a guest. |
public function setId($value)
{
$this->setState('__id',$value);
}
public void setName(string $value)
| ||
$value | string | the user name. |
public function setName($value)
{
$this->setState('__name',$value);
}
Sets the unique identifier for the user (e.g. username).
public void setReturnUrl(string $value)
| ||
$value | string | the URL that the user should be redirected to after login. |
public function setReturnUrl($value)
{
$this->setState('__returnUrl',$value);
}
public void setState(string $key, mixed $value, mixed $defaultValue=NULL)
| ||
$key | string | variable name |
$value | mixed | variable value |
$defaultValue | mixed | default value. If $value===$defaultValue, the variable will be removed from the session |
public function setState($key,$value,$defaultValue=null)
{
$key=$this->getStateKeyPrefix().$key;
if($value===$defaultValue)
unset($_SESSION[$key]);
else
$_SESSION[$key]=$value;
}
Stores a variable in user session.
This function is designed to be used by CWebUser descendant classes
who want to store additional user information in user session.
By storing a variable using this function, the variable may be retrieved
back later using getState. The variable will be persistent
across page requests during a user session.
public void setStateKeyPrefix(string $value)
| ||
$value | string | a prefix for the name of the session variables storing user session data. |
public function setStateKeyPrefix($value)
{
$this->_keyPrefix=$value;
}
protected void updateAuthStatus()
|
protected function updateAuthStatus()
{
if(($this->authTimeout!==null || $this->absoluteAuthTimeout!==null) && !$this->getIsGuest())
{
$expires=$this->getState(self::AUTH_TIMEOUT_VAR);
$expiresAbsolute=$this->getState(self::AUTH_ABSOLUTE_TIMEOUT_VAR);
if ($expires!==null && $expires < time() || $expiresAbsolute!==null && $expiresAbsolute < time())
$this->logout(false);
else
$this->setState(self::AUTH_TIMEOUT_VAR,time()+$this->authTimeout);
}
}
Updates the authentication status according to authTimeout. If the user has been inactive for authTimeout seconds, or {link absoluteAuthTimeout} has passed, he will be automatically logged out.
protected void updateFlash()
|
protected function updateFlash()
{
$counters=$this->getState(self::FLASH_COUNTERS);
if(!is_array($counters))
return;
foreach($counters as $key=>$count)
{
if($count)
{
unset($counters[$key]);
$this->setState(self::FLASH_KEY_PREFIX.$key,null);
}
else
$counters[$key]++;
}
$this->setState(self::FLASH_COUNTERS,$counters,array());
}
Updates the internal counters for flash messages. This method is internally used by CWebApplication to maintain the availability of flash messages.
checkAccess method works on roles, tasks, and operations
The checkAccess method description implies that the parameter named $operation can only be an operation. In fact it can be any type of auth item: a role, task, or operation. The corresponding parameter in IAuthManager->checkAccess() is called $itemName, which is a bit less misleading.
Cookie-based Login
I have seen examples of Yii authentication code that check whether a user is valid in a CUserIdentity subclass' authenticate() method.
If you allow cookie-based login, though, the authenticate() method is bypassed and the code simply uses the User ID that is securely kept in the cookie. This becomes an issue if you keep inactive users in your database, which is common in applications that need to maintain a history or audit record.
To solve this problem, use a beforeLogin() method in your CWebUser subclass that does your extended check. For example, you can check to see if it's a cookie-based login, and if so, query the user in the database to confirm that they're still active.
Signup or Login in order to comment.