有没有办法强制yii在不查阅数据库的情况下通过给定的用户名对用户进行身份验证?
我的应用程序将使用api登录,在未编写该api之前,我们不能使用该app。
由于这种api我们没有user模型,因此,尝试使用User::model()时身份验证过程会破裂
public function authenticate()
{
if (strpos($this->username,"@")) {
$user=User::model()->findByAttributes(array('email'=>$this->username));
} else {
$user=User::model()->findByAttributes(array('username'=>$this->username));
}
if($user===null)
if (strpos($this->username,"@")) {
$this->errorCode=self::ERROR_EMAIL_INVALID;
} else {
$this->errorCode=self::ERROR_USERNAME_INVALID;
}
else if(Yii::app()->getModule('user')->encrypting($this->password)!==$user->password)
$this->errorCode=self::ERROR_PASSWORD_INVALID;
else if($user->active==0&&Yii::app()->getModule('user')->loginNotActiv==false)
$this->errorCode=self::ERROR_STATUS_NOTACTIV;
else if($user->active==-1)
$this->errorCode=self::ERROR_STATUS_BAN;
else {
$this->_id=$user->id;
$this->errorCode=self::ERROR_NONE;
$user->saveState($this);
}
return !$this->errorCode;
}
以下代码显示了 yiic 生成的默认UserIdentity.php。它根据需要使用硬编码的用户和密码。
<?php
/**
* UserIdentity represents the data needed to identity a user.
* It contains the authentication method that checks if the provided
* data can identity the user.
*/
class UserIdentity extends CUserIdentity
{
/**
* Authenticates a user.
* The example implementation makes sure if the username and password
* are both 'demo'.
* In practical applications, this should be changed to authenticate
* against some persistent user identity storage (e.g. database).
* @return boolean whether authentication succeeds.
*/
public function authenticate()
{
$users=array(
// username => password
'demo'=>'demo',
'admin'=>'admin',
);
if(!isset($users[$this->username]))
$this->errorCode=self::ERROR_USERNAME_INVALID;
elseif($users[$this->username]!==$this->password)
$this->errorCode=self::ERROR_PASSWORD_INVALID;
else
$this->errorCode=self::ERROR_NONE;
return !$this->errorCode;
}
}