Development - Authorization
The ApPHP framework contains a special mechanism, which allows a developer to relatively easily implement a registration and authorization system (login with a password) for both frontend and backend (website) users. The data of registered users are stored by the CHttpSession core class, and the framework CAuth helper provides a convenient interface to define controllers and actions accessible by registered users, check access rights of visitors, store and retrieve required information of registered user, etc.For easiest way to store a data of logged user, we recommend to use a following way:
$session = A::app()->getSession(); $session->set('loggedIn', true); $session->set('loggedId', $userId); /* $userId - user ID retrieved from database */Using
CAuth
helper you may perform a check for the whole Controller of just an Action,
whether user can access them or not.
Here an example for check of authorized access for whole Controller:
class AuthorsController extends CController { public function __construct() { parent::__construct(); // Block access to this controller for not-logged users CAuth::handleLogin(); } // Other code here... }
Here an example for check of authorized access for specified Action:
class AuthorsController extends CController { public function indexAction() { // Your code here... } public function editProfileAction() { // Block access to this action for not-logged users CAuth::handleLogin(); // Other code here... } public function loginAction() { // Redirect logged in authors to the specified location CAuth::handleLoggedIn('authors/index'); // Other code here... } }
Following methods allow to retrieve an important data about logged user:
(please check
framework/helpers/CAuth.php
for more information)
// Returns ID of logged user CAuth::getLoggedId(); // Checks if user is logged in and returns a result as a boolean CAuth::isLoggedIn();
Below you may see a simple example of how to check login form submission data:
$this->_view->username = A::app()->getRequest()->getPost('username'); $this->_view->password = A::app()->getRequest()->getPost('password'); $model = new Login(); if($model->login($this->_view->username, $this->_view->password)){ $this->redirect('authors/index'); }else{ $msg = 'Wrong username or password! Please re-enter.'; $msgType = 'error'; $this->_view->errorField = 'username'; }