Development - Authorization

The ApPHP framework contains a special mechanism, which allows a developer to relatively easily implement a registration and authorization system (login with a password) for both frontend and backend (website) users. The data of registered users are stored by the CHttpSession core class, and the framework CAuth helper provides a convenient interface to define controllers and actions accessible by registered users, check access rights of visitors, store and retrieve required information of registered user, etc.

For easiest way to store a data of logged user, we recommend to use a following way:

$session = A::app()->getSession();
$session->set('loggedIn', true);
$session->set('loggedId', $userId); /* $userId - user ID retrieved from database */

Using CAuth helper you may perform a check for the whole Controller of just an Action, whether user can access them or not.

Here an example for check of authorized access for whole Controller:

class AuthorsController extends CController
{
    public function __construct()
    {
        parent::__construct();
        
        // Block access to this controller for not-logged users
        CAuth::handleLogin();
    }
    
    // Other code here...
}

Here an example for check of authorized access for specified Action:

class AuthorsController extends CController
{
    public function indexAction()
    {
        // Your code here...
    }
    
    public function editProfileAction()
    {
        // Block access to this action for not-logged users
        CAuth::handleLogin();
        
        // Other code here...
    }

    public function loginAction()
    {
        // Redirect logged in authors to the specified location
        CAuth::handleLoggedIn('authors/index');
        
        // Other code here...
    }
}

Following methods allow to retrieve an important data about logged user:
(please check framework/helpers/CAuth.php for more information)

// Returns ID of logged user
CAuth::getLoggedId();
    
// Checks if user is logged in and returns a result as a boolean
CAuth::isLoggedIn();

Below you may see a simple example of how to check login form submission data:

$this->_view->username = A::app()->getRequest()->getPost('username');
$this->_view->password = A::app()->getRequest()->getPost('password');

$model = new Login();				
if($model->login($this->_view->username, $this->_view->password)){
    $this->redirect('authors/index');	
}else{
    $msg = 'Wrong username or password! Please re-enter.';
    $msgType = 'error';
    $this->_view->errorField = 'username';
}