I have this code in Yii2, where I define users (in models/Users.php):
<?php
namespace app\models;
class User extends \yii\base\Object implements \yii\web\IdentityInterface
{
public $id;
public $username;
public $password;
public $authKey;
public $accessToken;
private static $users = [
'100' => [
'id' => '100',
'username' => 'admin',
'password' => 'my_password',
'authKey' => 'my_authkey',
'accessToken' => 'my_accessyoken',
And this is my code in SiteController.php:
<?php
namespace app\controllers;
use Yii;
use yii\filters\AccessControl;
use yii\web\Controller;
use yii\filters\VerbFilter;
use app\models\LoginForm;
use app\models\ContactForm;
class SiteController extends Controller
{
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['logout'],
'rules' => [
[
'actions' => ['logout'],
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
The problem is:
1) Right now, visitors can view any page in my website without being logged. Which is the easiest way to force users to be logged in to see any pages?
2) How can I let only specific users view some private pages?
I've already tried some options with no luck...
Thanks!