UsersController

Type
Class
Namespace
Craft
Inherits
Craft\UsersController » Craft\BaseController » CController (opens new window) » CBaseController (opens new window) » CComponent (opens new window)
Since
1.0

The UsersController class is a controller that handles various user account related tasks such as logging-in, impersonating a user, logging out, forgetting passwords, setting passwords, validating accounts, activating accounts, creating users, saving users, processing user avatars, deleting, suspending and un-suspending users.

Note that all actions in the controller, except {@link actionLogin}, {@link actionLogout}, {@link actionGetAuthTimeout}, {@link actionSendPasswordResetEmail}, {@link actionSetPassword}, {@link actionVerifyEmail} and {@link actionSaveUser} require an authenticated Craft session via {@link BaseController::allowAnonymous}.

See also http://craftcms.com

View source (opens new window)

# Public Properties

Property Description
$defaultAction (opens new window) string (opens new window) – The name of the default action.
$layout (opens new window) mixed – The name of the layout to be applied to this controller's views.

# Protected Properties

# $allowAnonymous

Signature

protected boolean $allowAnonymous = ['actionLogin', 'actionLogout', 'actionGetAuthTimeout', 'actionForgotPassword', 'actionSendPasswordResetEmail', 'actionSendActivationEmail', 'actionSaveUser', 'actionSetPassword', 'actionVerifyEmail']

# Public Methods

Method Description
__call() (opens new window) Calls the named method which is not a class method.
__construct() (opens new window)
__get() (opens new window) Returns a property value, an event handler list or a behavior based on its name.
__isset() (opens new window) Checks if a property value is null.
__set() (opens new window) Sets value of a component property.
__unset() (opens new window) Sets a component property to be null.
accessRules() (opens new window) Returns the access rules for this controller.
actionActivateUser() Manually activates a user account. Only admins have access.
actionCropUserPhoto() Crop user photo.
actionDeleteUser() Deletes a user.
actionDeleteUserPhoto() Delete all the photos for current user.
actionEditUser() Edit a user account.
actionForgotPassword() Sends a Forgot Password email.
actionGetAuthTimeout() Returns how many seconds are left in the current user session.
actionGetElevatedSessionTimeout() Returns how many seconds are left in the current elevated user session.
actionGetPasswordResetUrl() Generates a new verification code for a given user, and returns its URL.
actionImpersonate() Logs a user in for impersonation. Requires you to be an administrator.
actionLogin() Displays the login template, and handles login post requests.
actionLogout()
actionSaveFieldLayout() Saves the user field layout.
actionSaveProfile() Saves a user's profile.
actionSaveUser() Provides an endpoint for saving a user account.
actionSendActivationEmail() Sends a new activation email to a user.
actionSendPasswordResetEmail() Sends a password reset email.
actionSetPassword() Sets a user's password once they've verified they have access to their email.
actionStartElevatedSession() Starts an elevated user session.
actionSuspendUser() Suspends a user.
actionUnlockUser() Unlocks a user, bypassing the cooldown phase.
actionUnsuspendUser() Unsuspends a user.
actionUploadUserPhoto() Upload a user photo.
actionValidate() Verifies that a user has access to an email address.
actionVerifyEmail() Verifies that a user has access to an email address.
actionVerifyPassword() Verifies a password for a user.
actions() (opens new window) Returns a list of external action classes.
asa() (opens new window) Returns the named behavior object.
attachBehavior() (opens new window) Attaches a behavior to this component.
attachBehaviors() (opens new window) Attaches a list of behaviors to the component.
attachEventHandler() (opens new window) Attaches an event handler to an event.
beforeAction() Checks if a controller has overridden allowAnonymous either as an array with actions to allow anonymous access to or as a bool that applies to all actions.
beginCache() (opens new window) Begins fragment caching.
beginClip() (opens new window) Begins recording a clip.
beginContent() (opens new window) Begins the rendering of content that is to be decorated by the specified view.
beginWidget() (opens new window) Creates a widget and executes it.
behaviors() (opens new window) Returns a list of behaviors that this controller should behave as.
canGetProperty() (opens new window) Determines whether a property can be read.
canSetProperty() (opens new window) Determines whether a property can be set.
clearPageStates() (opens new window) Removes all page states.
createAbsoluteUrl() (opens new window) Creates an absolute URL for the specified action defined in this controller.
createAction() (opens new window) Creates the action instance based on the action name.
createUrl() (opens new window) Creates a relative URL for the specified action defined in this controller.
createWidget() (opens new window) Creates a widget and initializes it.
detachBehavior() (opens new window) Detaches a behavior from the component.
detachBehaviors() (opens new window) Detaches all behaviors from the component.
detachEventHandler() (opens new window) Detaches an existing event handler.
disableBehavior() (opens new window) Disables an attached behavior.
disableBehaviors() (opens new window) Disables all behaviors attached to this component.
enableBehavior() (opens new window) Enables an attached behavior.
enableBehaviors() (opens new window) Enables all behaviors attached to this component.
endCache() (opens new window) Ends fragment caching.
endClip() (opens new window) Ends recording a clip.
endContent() (opens new window) Ends the rendering of content.
endWidget() (opens new window) Ends the execution of the named widget.
evaluateExpression() (opens new window) Evaluates a PHP expression or callback under the context of this component.
filterAccessControl() (opens new window) The filter method for 'accessControl' filter.
filterAjaxOnly() (opens new window) The filter method for 'ajaxOnly' filter.
filterPostOnly() (opens new window) The filter method for 'postOnly' filter.
filters() (opens new window) Returns the filter configurations.
forward() (opens new window) Processes the request using another controller action.
getAction() (opens new window)
getActionParams() Returns the request parameters that will be used for action parameter binding.
getCachingStack() (opens new window)
getClips() (opens new window) Returns the list of clips.
getEventHandlers() (opens new window) Returns the list of attached event handlers for an event.
getId() (opens new window)
getLayoutFile() (opens new window) Looks for the layout view script based on the layout name.
getModule() (opens new window)
getPageState() (opens new window) Returns a persistent page state value.
getPageTitle() (opens new window)
getRoute() (opens new window)
getUniqueId() (opens new window)
getViewFile() (opens new window) Returns the view script file according to the specified view name.
getViewPath() (opens new window) Returns the directory containing view files for this controller.
hasEvent() (opens new window) Determines whether an event is defined.
hasEventHandler() (opens new window) Checks whether the named event has attached handlers.
hasProperty() (opens new window) Determines whether a property is defined.
init() (opens new window) Initializes the controller.
invalidActionParams() (opens new window) This method is invoked when the request parameters do not satisfy the requirement of the specified action.
isCachingStackEmpty() (opens new window) Returns whether the caching stack is empty.
missingAction() (opens new window) Handles the request whose action is not recognized.
processDynamicOutput() (opens new window) Postprocesses the dynamic output.
processOutput() (opens new window) Postprocesses the output generated by {@link render()}.
raiseEvent() (opens new window) Raises an event.
recordCachingAction() (opens new window) Records a method call when an output cache is in effect.
redirect() Redirects the browser to a given URL.
redirectToPostedUrl() Redirects to the URI specified in the POST.
refresh() (opens new window) Refreshes the current page.
render() (opens new window) Renders a view with a layout.
renderClip() (opens new window) Renders a named clip with the supplied parameters.
renderDynamic() (opens new window) Renders dynamic content returned by the specified callback.
renderDynamicInternal() (opens new window) This method is internally used.
renderFile() (opens new window) Renders a view file.
renderInternal() (opens new window) Renders a view file.
renderPartial() (opens new window) Renders a view.
renderTemplate() Renders a template, and either outputs or returns it.
renderText() (opens new window) Renders a static text string.
requireAdmin() Throws a 403 error if the current user is not an admin.
requireAjaxRequest() Throws a 400 error if this isn’t an Ajax request.
requireElevatedSession() Requires that the user has an elevated session.
requireLogin() Redirects the user to the login template if they're not logged in.
requirePostRequest() Throws a 400 error if this isn’t a POST request
requireToken() Throws a 400 error if the current request doesn’t have a valid token.
resolveViewFile() (opens new window) Finds a view file based on its name.
returnErrorJson() Responds to the request with a JSON error message.
returnJson() Responds to the request with JSON.
run() (opens new window) Runs the named action.
runAction() (opens new window) Runs the action after passing through all filters.
runActionWithFilters() (opens new window) Runs an action with the specified filters.
setAction() (opens new window)
setPageState() (opens new window) Saves a persistent page state value.
setPageTitle() (opens new window)
widget() (opens new window) Creates a widget and executes it.

# actionActivateUser()

Manually activates a user account. Only admins have access.

View source (opens new window)

Returns

null (opens new window)

Signature

public null actionActivateUser ( )

# actionCropUserPhoto()

Signature

public null actionCropUserPhoto ( )

# actionDeleteUser()

# actionDeleteUserPhoto()

Delete all the photos for current user.

View source (opens new window)

Returns

null (opens new window)

Signature

public null actionDeleteUserPhoto ( )

# actionEditUser()

Signature

public null actionEditUser ( array $variables = [], $account = null )

# actionForgotPassword()

DEPRECATED

Deprecated Deprecated in 2.3. Use {@link actionSendPasswordResetEmail()} instead.

Sends a Forgot Password email.

View source (opens new window)

Returns

null (opens new window)

Signature

public null actionForgotPassword ( )

# actionGetAuthTimeout()

Returns how many seconds are left in the current user session.

View source (opens new window)

Returns

null (opens new window)

Signature

public null actionGetAuthTimeout ( )

# actionGetElevatedSessionTimeout()

Returns how many seconds are left in the current elevated user session.

View source (opens new window)

Returns

null (opens new window)

Signature

public null actionGetElevatedSessionTimeout ( )

# actionGetPasswordResetUrl()

Generates a new verification code for a given user, and returns its URL.

View source (opens new window)

Returns

null (opens new window)

Throws

  • \Craft\HttpException|\Craft\Exception

Signature

public null actionGetPasswordResetUrl ( )

# actionImpersonate()

Logs a user in for impersonation. Requires you to be an administrator.

View source (opens new window)

Returns

null (opens new window)

Signature

public null actionImpersonate ( )

# actionLogin()

Displays the login template, and handles login post requests.

View source (opens new window)

Returns

null (opens new window)

Signature

public null actionLogin ( )

# actionLogout()

Signature

public null actionLogout ( )

# actionSaveFieldLayout()

Saves the user field layout.

View source (opens new window)

Returns

null (opens new window)

Signature

public null actionSaveFieldLayout ( )

# actionSaveProfile()

DEPRECATED

Deprecated Deprecated in 2.0. Use {@link UsersController::saveUser()} instead.

Saves a user's profile.

View source (opens new window)

Returns

null (opens new window)

Signature

public null actionSaveProfile ( )

# actionSaveUser()

Provides an endpoint for saving a user account. This action accounts for the following scenarios:

  • An admin registering a new user account.
  • An admin editing an existing user account.
  • A normal user with user-administration permissions registering a new user account.
  • A normal user with user-administration permissions editing an existing user account.
  • A guest registering a new user account ("public registration").

This action behaves the same regardless of whether it was requested from the Control Panel or the front-end site.

View source (opens new window)

Returns

null (opens new window)

Throws

  • \Craft\HttpException|\Craft\Exception

Signature

public null actionSaveUser ( )

# actionSendActivationEmail()

Sends a new activation email to a user.

View source (opens new window)

Returns

null (opens new window)

Throws

Signature

public null actionSendActivationEmail ( )

# actionSendPasswordResetEmail()

Signature

public null actionSendPasswordResetEmail ( )

# actionSetPassword()

Sets a user's password once they've verified they have access to their email.

View source (opens new window)

Returns

null (opens new window)

Throws

  • \Craft\HttpException|\Craft\Exception

Signature

public null actionSetPassword ( )

# actionStartElevatedSession()

Starts an elevated user session.

View source (opens new window)

Returns

null (opens new window)

Signature

public null actionStartElevatedSession ( )

# actionSuspendUser()

Signature

public null actionSuspendUser ( )

# actionUnlockUser()

Unlocks a user, bypassing the cooldown phase.

View source (opens new window)

Returns

null (opens new window)

Throws

Signature

public null actionUnlockUser ( )

# actionUnsuspendUser()

Signature

public null actionUnsuspendUser ( )

# actionUploadUserPhoto()

Signature

public null actionUploadUserPhoto ( )

# actionValidate()

DEPRECATED

Deprecated Deprecated in 2.3. Use {@link UsersController::actionVerifyEmail()} instead.

Verifies that a user has access to an email address.

View source (opens new window)

Returns

null (opens new window)

Signature

public null actionValidate ( )

# actionVerifyEmail()

Verifies that a user has access to an email address.

View source (opens new window)

Returns

null (opens new window)

Signature

public null actionVerifyEmail ( )

# actionVerifyPassword()

Verifies a password for a user.

View source (opens new window)

Returns

boolean (opens new window)

Signature

public boolean actionVerifyPassword ( )

# Protected Methods

Method Description
afterAction() (opens new window) This method is invoked right after an action is executed.
afterRender() (opens new window) This method is invoked after the specified view is rendered by calling {@link render()}.
beforeRender() (opens new window) This method is invoked at the beginning of {@link render()}.
createActionFromMap() (opens new window) Creates the action instance based on the action map.
loadPageStates() (opens new window) Loads page states from a hidden input.
replaceDynamicOutput() (opens new window) Replaces the dynamic content placeholders with actual content.
savePageStates() (opens new window) Saves page states as a base64 string.

# Constants

Constant Description
STATE_INPUT_NAME Name of the hidden field storing persistent page states.