Summary

Logging in with a username and password is both cumbersome to use and boring to write. A lot of concepts are involved in this form of user authentication. In fact, we basically repeated the authentication already shipped with the advanced Yii 2 application template, probably with different code style convention. However, if you just looked at the source code for advanced template, chances are that you would spend a lot of time trying to understand which pieces, in the form of class methods, variables, classes, and view files, are used in the login functionality and what role does each play in it.

By doing this exercise, we briefly glimpsed over such tricks of Yii 2 and PHP application development in general:

  • Writing stuff to the view file depending on whether the user is authenticated or not
  • Making the non-active record models in Yii and using them to generate input forms
  • The beforeSave() method of active records
  • The yiiaseSecurity helper class to not bother with securely generating hashes for strings
  • Inline validators
  • Lazy object loading
  • Probably something other which is hard to decouple

Again, of course there is authorization using other means: the OAuth2 protocol, OpenID, hardware tokens, SMS codes, you name it. We cannot cover everything, so the most usual method was explained here, which you probably will be asked to implement anyway.

However, we should not forget that we covered only half of the access control. We still need to implement the user authorization after he's authenticated, which will be the topic of the next chapter.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.14.245.167