Answer the question
In order to leave comments, you need to log in
Yii2 authorization not working?
Good afternoon Toasters. Faced such a problem. Yii2 does not want to authorize the user, writes "Invalid login or password". Although the login and password are 100% correct, and even match after hashing the password.
Here is the User Model
<?php
namespace app\models;
use Yii;
use yii\db\ActiveRecord;
use yii\web\IdentityInterface;
/**
* User model
*
* @property integer $id
* @property string $username
* @property string $role
* @property string $name
* @property string $surname
* @property string $middle_name
* @property string $password write-only password
* @property string $salt
* @property string $access_token
* @property string $create_date
*/
class User extends ActiveRecord implements IdentityInterface
{
public static function tableName()
{
return 'users';
}
public function rules()
{
return [
[['username', 'role', 'password'], 'required'],
['username', 'unique']
];
}
public function attributeLabels()
{
return [
'id' => _('ID'),
'role' => _('Роль'),
'name' => _('Имя'),
'surname' => _('Фамилия'),
'middle_name' => _('Отчество'),
'password' => _('Пароль'),
'salt' => _('Соль'),
'access_token' => ('Ключ авторизации'),
];
}
public function beforeSave($insert)
{
if (parent::beforeSave($insert)) {
if ($this->getIsNewRecord() && !empty($this->password)) {
$this->salt = $this->saltGenerator();
}
if (!empty($this->password)) {
$this->password = $this->passWithSalt($this->password, $this->salt);
} else {
unset($this->password);
}
return true;
} else {
return false;
}
}
public function saltGenerator()
{
return hash("sha512", uniqid('salt_', true));
}
public function passWithSalt ($password, $salt)
{
return hash('sha512', $password . $salt);
}
public static function findIdentity($id)
{
return static::findOne(['id' => $id]);
}
public static function findIdentityByAccessToken($token, $type = null)
{
return static::findOne(['access_token' => $token]);
}
/**
* Finds user by username
*
* @param $username
* @return null|static
*/
public static function findByUsername($username)
{
return static::findOne(['username' => $username]);
}
public function getId()
{
return $this->getPrimaryKey()["id"];
}
public function getAuthKey()
{
return $this->access_token;
}
public function validateAuthKey($authKey)
{
return $this->getAuthKey() === $authKey;
}
public function validatePassword ($password)
{
return $this->password === $this->passWithSalt($password, $this->salt);
}
public function setPassword ($password)
{
$this->password = $this->passWithSalt($password, $this->saltGenerator());
}
public function generateAuthKey ()
{
$this->access_token = Yii::$app->security->generateRandomString();
}
}
<?php
namespace app\models;
use Yii;
use yii\base\Model;
/**
* LoginForm is the model behind the login form.
*
* @property User|null $user This property is read-only.
*
*/
class LoginForm extends Model
{
public $username;
public $password;
public $rememberMe = true;
private $_user = false;
/**
* @return array the validation rules.
*/
public function rules()
{
return [
// username and password are both required
[['username', 'password'], 'required'],
// rememberMe must be a boolean value
['rememberMe', 'boolean'],
// password is validated by validatePassword()
['password', 'validatePassword'],
];
}
/**
* Validates the password.
* This method serves as the inline validation for password.
*
* @param string $attribute the attribute currently being validated
* @param array $params the additional name-value pairs given in the rule
*/
public function validatePassword($attribute, $params)
{
if (!$this->hasErrors()) {
$user = $this->getUser();
if (!$user || !$user->validatePassword($this->password)) {
$this->addError($attribute, 'Incorrect username or password.');
}
}
}
/**
* Logs in a user using the provided username and password.
* @return boolean whether the user is logged in successfully
*/
public function login()
{
if ($this->validate()) {
return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600*24*30 : 0);
}
return false;
}
/**
* Finds user by [[username]]
*
* @return User|null
*/
public function getUser()
{
if ($this->_user === false) {
$this->_user = User::findByUsername($this->username);
}
return $this->_user;
}
}
<?php
/* @var $this yii\web\View */
/* @var $form yii\bootstrap\ActiveForm */
/* @var $model app\models\LoginForm */
use yii\helpers\Html;
use yii\bootstrap\ActiveForm;
$this->title = 'Login';
$this->params['breadcrumbs'][] = $this->title;
?>
<div class="site-login">
<h1><?= Html::encode($this->title) ?></h1>
<p>Please fill out the following fields to login:</p>
<?php $form = ActiveForm::begin([
'id' => 'login-form',
'options' => ['class' => 'form-horizontal'],
'fieldConfig' => [
'template' => "{label}\n<div class=\"col-lg-3\">{input}</div>\n<div class=\"col-lg-8\">{error}</div>",
'labelOptions' => ['class' => 'col-lg-1 control-label'],
],
]); ?>
<?= $form->field($model, 'username')->textInput(['autofocus' => true]) ?>
<?= $form->field($model, 'password')->passwordInput() ?>
<?= $form->field($model, 'rememberMe')->checkbox([
'template' => "<div class=\"col-lg-offset-1 col-lg-3\">{input} {label}</div>\n<div class=\"col-lg-8\">{error}</div>",
]) ?>
<div class="form-group">
<div class="col-lg-offset-1 col-lg-11">
<?= Html::submitButton('Login', ['class' => 'btn btn-primary', 'name' => 'login-button']) ?>
</div>
</div>
<?php ActiveForm::end(); ?>
<div class="col-lg-offset-1" style="color:#999;">
You may login with <strong>admin/admin</strong> or <strong>demo/demo</strong>.<br>
To modify the username/password, please check out the code <code>app\models\User::$users</code>.
</div>
</div>
Answer the question
In order to leave comments, you need to log in
You have your own password generation method, but the standard one for checking it, namely the validatePassword method in loginForm. Add the same logic to validatePassword as in beforeSave on the USer model.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question