Download the PHP package nordsoftware/yii2-account without Composer

yii2-account

A module for the Yii framework that provides common account functionality.

Why do I want this

This project was inspired by both the http://github.com/mishamx/yii-user and https://github.com/dektrium/yii2-user modules and was carefully developed with our expertise in Yii following the best practices of the framework. The module uses Yii's own password methods in , alternatively you can implement our to hash passwords differently. Other features include interfaces for sending mail and creating authentication tokens; various password security features and much more. For more details refer to the features section below.

Features

• Secure accounts (bcrypt encryption) DONE
• Optional sign-up process (enabled by default) DONE
• Captcha support on sign up DONE
• Optional account activation (enabled by default) DONE
• Log in / Log out DONE
• Sign up and log in through third-party services DONE
• Reset password DONE
• Email sending (with token validation) DONE
• Require new password every x days (disabled by default) DONE
• Password history (encrypted) to prevent from using same password twice DONE
• Lock accounts after x failed login attempts (disabled by default) DONE
• Console command for creating accounts DONE

Installation

The preferred way to install this extension is through composer.

Either run

or add

to the require section of your composer.json file.

Before you can start using the module you need to apply its database migrations. To do so run the following command:

Usage

Once the extension is installed, simply modify your application configuration as follows:

Configuration

The following configurations are available for the class:

• classMap array map over classes to use within the module.
• enableActivation bool whether to enable account activation (defaults to ).
• enableSignup bool whether to enable the sign-up process (defaults to ).
• enableCaptcha bool whether to enable CAPTCHA when signing up (defaults to ).
• enableClientAuth bool whether to enable client authentication (defaults to ).
• userConfig array configuration passed to .
• passwordConfig array configuration passed to .
• captchaConfig array configuration passed to .
• clientAuthConfig array configuration passed to .
• urlConfig array configuration for the URLs used by the module.
• usernameAttribute string name of the username attribute (defaults to ).
• emailAttribute string name of the email attribute (defaults to ).
• passwordAttribute string name of the password attribute (defaults to ).
• messageSource string message source component to use for the module.
• messagePath string message path to use for the module.

Parameters

The following parameters are available for the class:

• fromEmailAddress string from e-mail address used when sending e-mail.
• numAllowedFailedLoginAttempts int number of failed login attempts before the account is locked (defaults to 10)
• minUsernameLength int minimum length for usernames (defaults to 4).
• minPasswordLength int minimum length for passwords (defaults to 6).
• loginExpireTime int number of seconds for login cookie to expire (defaults to 30 days).
• activateExpireTime int number of seconds for account activation to expire (defaults to 30 days).
• resetPasswordExpireTime int number of seconds for password reset to expire (defaults to 1 day).
• passwordExpireTime int number of seconds for passwords to expire (defaults to disabled).
• lockoutExpireTime int number of seconds for account lockout to expire (defaults to 10 minutes).
• tokenExpireTime int number of seconds for the authorization tokens to expire (defaults to 1 hour).

Usage

Now you should be able to see the login page when you go to the following url:

You can run the following command to generate an account from the command line:

Extending

This project was developed with a focus on re-usability, so before you start copy-pasting take a moment of your time and read through this section to learn how to extend this module properly.

Custom account model

You can use your own account model as long as you add the following fields to it:

• username varchar(255) not null account username
• password varchar(255) not null account password
• authKey varchar(255) not null authentication key used for cookie authentication
• email varchar(255) not null account email
• lastLoginAt datetime null default null when the user last logged in
• createdAt datetime null default null when the account was created
• status int(11) default '0' account status (e.g. unactivated, activated)

Changing the model used by the extension is easy, simply configure it to use your class instead by adding it to the class map for the module:

Custom models

You can use the class map to configure any classes used by the module, here is a complete list of the available classes:

• account models\Account account model
• token models\AccountToken account token model
• provider models\AccountProvider account provider model
• loginHistory models\AccountLoginHistory login history model
• passwordHistory models\AccountPasswordHistory password history model
• loginForm models\LoginForm login form
• passwordForm models\PasswordForm base form that handles passwords
• signupForm models\SignupForm signup form
• connectForm models\ConnectForm connect form
• forgotPassword models\ForgotPasswordForm forgot password form
• passwordBehavior behaviors/PasswordAttributeBehavior password attribute behavior
• passwordValidator validators/PasswordStrengthValidator password strength validator
• webUser yii\web\User web user component
• captcha yii\captcha\Captcha captcha widget
• captchaAction yii\captcha\CaptchaAction captcha action

Custom controllers

If you want to use your own controllers you can map them using the module's controller map:

Custom components

If you want to change the components used by the module, here is a complete list of the available interfaces:

• dataContract components\datacontract\DataContractInterface abstraction layer between the module and its data model (defaults to )
• mailSender components\mailsender\MailSenderInterface component used for sending e-mail (defaults to )
• passwordHasher components\passwordhasher\PasswordHasherInterface component used for hashing password (defaults to )
• tokenGenerator components\tokengenerator\TokenGeneratorInterface component used for generating random tokens (default to )

You might want to look at the bundled implementations before making your own because we already support e.g. sending mail through Mandrill.

Contribute

If you wish to contribute to this project feel free to create a pull-request to the branch.

Running tests

Coming soon ...

Translate

If you wish to translate this project you can find the translation templates under . When you are done with your translation you should create a pull-request to the branch.