Building the Create Action View and Logic for Custom Authentication in Yii
Yii has given us everything we need with the blog demo to build a extremely secure authentication system, provided we use all of it. This is the beauty of Yii; the extra security measures are in place, but do not hamper us if they are not necessary for what may want to do.
In the last tutorial, we created a user model and CRUD component for our user table in our database. I used Gii to do this. Using the command line would also work, if you prefer that over Gii. The next step is to customize the model/User.php file. Yii will create several things based off our tbl_user database that we will not want or are worthless for creating a full account system for our web site.
The first controller to be adjusted is the ‘create’ action. Yii does a wonderful job of building us models, controllers and views for our ‘Create User’ page, which where new sign-ups to our website will create their new accounts. However, when Yii created our model file, all it did was go into our user table and build to the specifications of our database table. When the CRUD was created, it simply made a create form based on all the possible fields in our database.
Looking at this create view, we see that there are some problems. Yii built a form that allows user inputs into all the fields in our database. This is fine except for the id and salt fields. In the protected/views/user folder, we want to open the _form.php file, not the create.php file. In the _form.php file, we want to get rid of the id and salt input fields. In no case do we want our users to select their own primary key, nor would we want them to have any input on the salt, should we happen to use it.
Re-organize and style the form the way you want. In my case, I also got rid of the profile text area. I changed it to a drop-down box. This allows our users to select the profile they want to purchase on the site, in this case ‘basic’, ‘plus’, or ‘premium’ memberships. I assigned a number to each level, which will be used in role-based access levels later on in the development.
Also, on a side note, I changed the data base column to be an integer value, as the default for profile is text in the database. Just remember: if you change the structure of your database after creating your CRUD and model , then you’ll need to update the data relations in your user model manually or create a new model in Gii or the command line.
