Authentication and Authorization
Before we set off to implement the user pages, we need to do some work to enable authentication and authorization.
We add two new modules to the application configuration as follows:
...TDataSourceConfig and TActiveRecordConfig modules...
The TAuthManager module manages the whole authentication and authorization workflow. It uses the users module as its user manager (see below). By specifying the LoginPage property, we inform the auth manager to redirect user's browser to the LoginUser page when an authorization fails. We will describe how to create LoginUser in the next subsection.
The user module is of class TDbUserManager which is responsible to verify the validity of a user and keep basic user data in the PHP session. The UserClass property is initialized as Application.BlogUser, which indicates the user manager would look for a BlogUser class under the directory protected (remember the alias Application refers to the protected directory) and use it to keep user's session data.
As we will see in later sections, in controls and pages, we can use $this->User to obtain the BlogUser object which contains the information of the user currently accessing the system.
Below is the implementation detail of BlogUser. Notice Active Record is used to perform DB query. For example, we use UserRecord::finder()->findByPk($username) to look for the primary key specified by $username in the users table.
class BlogUser extends TDbUser
public function createUser($username)
if($userRecord instanceof UserRecord)
@param @param @return
public function validateUser($username,$password)
public function getIsAdmin()