Logging in with a username and password is both cumbersome to use and boring to write. A lot of concepts are involved in this form of user authentication. In fact, we basically repeated the authentication already shipped with the advanced Yii 2 application template, probably with different code style convention. However, if you just looked at the source code for advanced template, chances are that you would spend a lot of time trying to understand which pieces, in the form of class methods, variables, classes, and view files, are used in the login functionality and what role does each play in it.
By doing this exercise, we briefly glimpsed over such tricks of Yii 2 and PHP application development in general:
beforeSave()
method of active recordsyiiaseSecurity
helper class to not bother with securely generating hashes for stringsAgain, of course there is authorization using other means: the OAuth2 protocol, OpenID, hardware tokens, SMS codes, you name it. We cannot cover everything, so the most usual method was explained here, which you probably will be asked to implement anyway.
However, we should not forget that we covered only half of the access control. We still need to implement the user authorization after he's authenticated, which will be the topic of the next chapter.
3.14.245.167