Class craft\controllers\UsersController
- Inheritance
- craft\controllers\UsersController » craft\web\Controller » yii\web\Controller » yii\base\Controller » yii\base\Component » yii\base\BaseObject
- Implements
- yii\base\Configurable, yii\base\ViewContextInterface
- Available since version
- 3.0
- Source Code
- https://github.com/craftcms/cms/blob/master/src/controllers/UsersController.php
The UsersController class is a controller that handles various user account related tasks such as logging-in, impersonating a user, logging out, forgetting passwords, setting passwords, validating accounts, activating accounts, creating users, saving users, processing user avatars, deleting, suspending and un-suspending users.
Note that all actions in the controller, except actionLogin(), actionLogout(), actionGetRemainingSessionTime(), actionSendPasswordResetEmail(), actionSetPassword(), actionVerifyEmail() and actionSaveUser() require an authenticated Craft session via $allowAnonymous.
| Property | Type | Description | Defined By |
|---|---|---|---|
$action |
yii\base\Action | The action that is currently being executed. | yii\base\Controller |
$actionParams |
array | The parameters bound to the current action. | yii\web\Controller |
$defaultAction |
string | The ID of the action that is used when the action ID is not specified in the request. | yii\base\Controller |
$enableCsrfValidation |
boolean | Whether to enable CSRF validation for the actions in this controller. | yii\web\Controller |
$id |
string | The ID of this controller. | yii\base\Controller |
$layout |
null, string, false | The name of the layout to be applied to this controller's views. | yii\base\Controller |
$module |
yii\base\Module | The module that this controller belongs to. | yii\base\Controller |
| Property | Type | Description | Defined By |
|---|---|---|---|
$allowAnonymous |
boolean, string[] | Whether this controller’s actions can be accessed anonymously If set to false, you are required to be logged in to execute any of the given controller's actions. | craft\controllers\UsersController |
| Method | Description | Defined By |
|---|---|---|
__call() |
Calls the named method which is not a class method. | yii\base\BaseObject |
__clone() |
This method is called after the object is created by cloning an existing one. | yii\base\Component |
__construct() |
Constructor. | yii\base\BaseObject |
__get() |
Returns the value of an object property. | yii\base\BaseObject |
__isset() |
Checks if a property is set, i.e. defined and not null. | yii\base\BaseObject |
__set() |
Sets value of an object property. | yii\base\BaseObject |
__unset() |
Sets an object property to null. | yii\base\BaseObject |
actionActivateUser() |
Manually activates a user account. Only admins have access. | craft\controllers\UsersController |
actionDeleteUser() |
Deletes a user. | craft\controllers\UsersController |
actionDeleteUserPhoto() |
Delete all the photos for current user. | craft\controllers\UsersController |
actionEditUser() |
Edit a user account. | craft\controllers\UsersController |
actionGetElevatedSessionTimeout() |
Returns how many seconds are left in the current elevated user session. | craft\controllers\UsersController |
actionGetPasswordResetUrl() |
Generates a new verification code for a given user, and returns its URL. | craft\controllers\UsersController |
actionGetRemainingSessionTime() |
Returns how many seconds are left in the current user session. | craft\controllers\UsersController |
actionImpersonate() |
Logs a user in for impersonation. Requires you to be an administrator. | craft\controllers\UsersController |
actionLogin() |
Displays the login template, and handles login post requests. | craft\controllers\UsersController |
actionLogout() |
craft\controllers\UsersController | |
actionSaveFieldLayout() |
Saves the user field layout. | craft\controllers\UsersController |
actionSaveUser() |
Provides an endpoint for saving a user account. | craft\controllers\UsersController |
actionSendActivationEmail() |
Sends a new activation email to a user. | craft\controllers\UsersController |
actionSendPasswordResetEmail() |
Sends a password reset email. | craft\controllers\UsersController |
actionSetPassword() |
Sets a user's password once they've verified they have access to their email. | craft\controllers\UsersController |
actionStartElevatedSession() |
Starts an elevated user session. | craft\controllers\UsersController |
actionSuspendUser() |
Suspends a user. | craft\controllers\UsersController |
actionUnlockUser() |
Unlocks a user, bypassing the cooldown phase. | craft\controllers\UsersController |
actionUnsuspendUser() |
Unsuspends a user. | craft\controllers\UsersController |
actionUploadUserPhoto() |
Upload a user photo. | craft\controllers\UsersController |
actionVerifyEmail() |
Verifies that a user has access to an email address. | craft\controllers\UsersController |
actionVerifyPassword() |
Verifies a password for a user. | craft\controllers\UsersController |
actions() |
Declares external actions for the controller. | yii\base\Controller |
afterAction() |
This method is invoked right after an action is executed. | yii\base\Controller |
asErrorJson() |
Responds to the request with a JSON error message. | craft\web\Controller |
asJson() |
Send data formatted as JSON. | yii\web\Controller |
asJsonP() |
Sets the response format of the given data as JSONP. | craft\web\Controller |
asRaw() |
Sets the response format of the given data as RAW. | craft\web\Controller |
asXml() |
Send data formatted as XML. | yii\web\Controller |
attachBehavior() |
Attaches a behavior to this component. | yii\base\Component |
attachBehaviors() |
Attaches a list of behaviors to the component. | yii\base\Component |
beforeAction() |
{@inheritdoc} | craft\web\Controller |
behaviors() |
Returns a list of behaviors that this component should behave as. | yii\base\Component |
bindActionParams() |
Binds the parameters to the action. | yii\base\Controller |
canGetProperty() |
Returns a value indicating whether a property can be read. | yii\base\BaseObject |
canSetProperty() |
Returns a value indicating whether a property can be set. | yii\base\BaseObject |
className() |
Returns the fully qualified name of this class. | yii\base\BaseObject |
createAction() |
Creates an action based on the given action ID. | yii\base\Controller |
detachBehavior() |
Detaches a behavior from the component. | yii\base\Component |
detachBehaviors() |
Detaches all behaviors from the component. | yii\base\Component |
ensureBehaviors() |
Makes sure that the behaviors declared in behaviors() are attached to this component. | yii\base\Component |
findLayoutFile() |
Finds the applicable layout file. | yii\base\Controller |
getBehavior() |
Returns the named behavior object. | yii\base\Component |
getBehaviors() |
Returns all behaviors attached to this component. | yii\base\Component |
getModules() |
Returns all ancestor modules of this controller. | yii\base\Controller |
getRoute() |
Returns the route of the current request. | yii\base\Controller |
getUniqueId() |
Returns the unique ID of the controller. | yii\base\Controller |
getView() |
Returns the view object that can be used to render views or view files. | yii\base\Controller |
getViewPath() |
yii\base\ViewContextInterface | |
goBack() |
Redirects the browser to the last visited page. | yii\web\Controller |
goHome() |
Redirects the browser to the home page. | yii\web\Controller |
hasEventHandlers() |
Returns a value indicating whether there is any handler attached to the named event. | yii\base\Component |
hasMethod() |
Returns a value indicating whether a method is defined. | yii\base\BaseObject |
hasProperty() |
Returns a value indicating whether a property is defined. | yii\base\BaseObject |
init() |
Initializes the object. | yii\base\BaseObject |
off() |
Detaches an existing event handler from this component. | yii\base\Component |
on() |
Attaches an event handler to an event. | yii\base\Component |
redirect() |
Redirects the browser to the specified URL. | craft\web\Controller |
redirectToPostedUrl() |
Redirects to the URI specified in the POST. | craft\web\Controller |
refresh() |
Refreshes the current page. | yii\web\Controller |
render() |
Renders a view and applies layout if available. | yii\base\Controller |
renderAjax() |
Renders a view in response to an AJAX request. | yii\web\Controller |
renderContent() |
Renders a static string by applying a layout. | yii\base\Controller |
renderFile() |
Renders a view file. | yii\base\Controller |
renderPartial() |
Renders a view without applying layout. | yii\base\Controller |
renderTemplate() |
Renders a template. | craft\web\Controller |
requireAcceptsJson() |
Throws a 400 error if the request doesn't accept JSON. | craft\web\Controller |
requireAdmin() |
Throws a 403 error if the current user is not an admin. | craft\web\Controller |
requireAuthorization() |
Checks whether the current user can perform a given action, and ends the request with a 403 error if they don’t. | craft\web\Controller |
requireElevatedSession() |
Requires that the user has an elevated session. | craft\web\Controller |
requireLogin() |
Redirects the user to the login template if they're not logged in. | craft\web\Controller |
requirePermission() |
Checks whether the current user has a given permission, and ends the request with a 403 error if they don’t. | craft\web\Controller |
requirePostRequest() |
Throws a 400 error if this isn’t a POST request | craft\web\Controller |
requireToken() |
Throws a 400 error if the current request doesn’t have a valid token. | craft\web\Controller |
run() |
Runs a request specified in terms of a route. | yii\base\Controller |
runAction() |
Runs an action within this controller with the specified action ID and parameters. | craft\web\Controller |
setView() |
Sets the view object to be used by this controller. | yii\base\Controller |
setViewPath() |
Sets the directory that contains the view files. | yii\base\Controller |
trigger() |
Triggers an event. | yii\base\Component |
| Event | Type | Description | Defined By |
|---|---|---|---|
EVENT_AFTER_ACTION |
yii\base\ActionEvent | An event raised right after executing a controller action. | yii\base\Controller |
EVENT_BEFORE_ACTION |
yii\base\ActionEvent | An event raised right before executing a controller action. | yii\base\Controller |
EVENT_LOGIN_FAILURE |
craft\events\LoginFailureEvent | The event that is triggered when a failed login attempt was made | craft\controllers\UsersController |
EVENT_REGISTER_USER_ACTIONS |
craft\events\RegisterUserActionsEvent | The event that is triggered when a user’s available actions are being registered | craft\controllers\UsersController |
Property Details
$allowAnonymous
protected property
#
Whether this controller’s actions can be accessed anonymously If set to false, you are required to be logged in to execute any of the given controller's actions. If set to true, anonymous access is allowed for all of the given controller's actions. If the value is an array of action IDs, then you must be logged in for any actions except for the ones in the array list. If you have a controller that where the majority of actions allow anonymous access, but you only want require login on a few, you can set this to true and call requireLogin() in the individual methods.
protected boolean, string[] $allowAnonymous = ['login', 'logout', 'get-remaining-session-time', 'send-password-reset-email', 'send-activation-email', 'save-user', 'set-password', 'verify-email']Method Details
actionActivateUser()
public method
#
Manually activates a user account. Only admins have access.
public yii\web\Response actionActivateUser ( )
actionDeleteUser()
public method
#
Deletes a user.
public yii\web\Response, null actionDeleteUser ( )
actionDeleteUserPhoto()
public method
#
Delete all the photos for current user.
public yii\web\Response actionDeleteUserPhoto ( )
actionEditUser()
public method
#
Edit a user account.
public yii\web\Response actionEditUser ( $userId = null, craft\elements\User $user = null )$userId |
integer, string, null | The user’s ID, if any, or a string that indicates the user to be edited ('current' or 'client'). |
$user |
craft\elements\User, null | The user being edited, if there were any validation errors. |
| throws | yii\web\NotFoundHttpException | if the requested user cannot be found |
|---|---|---|
| throws | yii\web\BadRequestHttpException | if there’s a mismatch between|null $userId and|null $user |
actionGetElevatedSessionTimeout()
public method
#
Returns how many seconds are left in the current elevated user session.
public yii\web\Response actionGetElevatedSessionTimeout ( )
actionGetPasswordResetUrl()
public method
#
Generates a new verification code for a given user, and returns its URL.
public yii\web\Response actionGetPasswordResetUrl ( )| throws | yii\web\BadRequestHttpException | if the existing password submitted with the request is invalid |
|---|
actionGetRemainingSessionTime()
public method
#
Returns how many seconds are left in the current user session.
public yii\web\Response actionGetRemainingSessionTime ( )
actionImpersonate()
public method
#
Logs a user in for impersonation. Requires you to be an administrator.
public yii\web\Response, null actionImpersonate ( )
actionLogin()
public method
#
Displays the login template, and handles login post requests.
public yii\web\Response, null actionLogin ( )
actionLogout()
public method
#
public yii\web\Response actionLogout ( )
actionSaveFieldLayout()
public method
#
Saves the user field layout.
public yii\web\Response, null actionSaveFieldLayout ( )
actionSaveUser()
public method
#
Provides an endpoint for saving a user account.
This action accounts for the following scenarios:
- An admin registering a new user account.
- An admin editing an existing user account.
- A normal user with user-administration permissions registering a new user account.
- A normal user with user-administration permissions editing an existing user account.
- A guest registering a new user account ("public registration"). This action behaves the same regardless of whether it was requested from the Control Panel or the front-end site.
public yii\web\Response, null actionSaveUser ( )| throws | yii\web\NotFoundHttpException | if the requested user cannot be found |
|---|---|---|
| throws | yii\web\BadRequestHttpException | if attempting to create a client account, and one already exists |
| throws | yii\web\ForbiddenHttpException | if attempting public registration but public registration is not allowed |
actionSendActivationEmail()
public method
#
Sends a new activation email to a user.
public yii\web\Response actionSendActivationEmail ( )| throws | yii\web\BadRequestHttpException | if the user is not pending |
|---|
actionSendPasswordResetEmail()
public method
#
Sends a password reset email.
public yii\web\Response, null actionSendPasswordResetEmail ( )| throws | yii\web\NotFoundHttpException | if the requested user cannot be found |
|---|
actionSetPassword()
public method
#
Sets a user's password once they've verified they have access to their email.
public yii\web\Response actionSetPassword ( )
actionStartElevatedSession()
public method
#
Starts an elevated user session.
return Response
public void actionStartElevatedSession ( )
actionSuspendUser()
public method
#
Suspends a user.
public yii\web\Response, null actionSuspendUser ( )| throws | yii\web\ForbiddenHttpException | if a non-admin is attempting to suspend an admin |
|---|
actionUnlockUser()
public method
#
Unlocks a user, bypassing the cooldown phase.
public yii\web\Response actionUnlockUser ( )| throws | yii\web\ForbiddenHttpException | if a non-admin is attempting to unlock an admin |
|---|
actionUnsuspendUser()
public method
#
Unsuspends a user.
public yii\web\Response, null actionUnsuspendUser ( )| throws | yii\web\ForbiddenHttpException | if a non-admin is attempting to unsuspend an admin |
|---|
actionUploadUserPhoto()
public method
#
Upload a user photo.
public yii\web\Response, null actionUploadUserPhoto ( )| throws | yii\web\BadRequestHttpException | if the uploaded file is not an image |
|---|
actionVerifyEmail()
public method
#
Verifies that a user has access to an email address.
public yii\web\Response actionVerifyEmail ( )
actionVerifyPassword()
public method
#
Verifies a password for a user.
public yii\web\Response actionVerifyPassword ( )Event Details
EVENT_LOGIN_FAILURE
event of type craft\events\LoginFailureEvent
#
The event that is triggered when a failed login attempt was made
EVENT_REGISTER_USER_ACTIONS
event of type craft\events\RegisterUserActionsEvent
#
The event that is triggered when a user’s available actions are being registered