/** * Action: Index * * @access public * @return void */ public function actionIndex() { // Only go ahead with the logout if the end-user is logged in, if the end-user is a guest then we can skip // the entire logout procedure, and skip to the redirect back home! if (!Yii::app()->user->isGuest) { // Has the "authUser" persistent state been set, which contains the user's true authenticated ID, and is // it different to the user's current ID? if (is_int(Yii::app()->user->getState('authUser')) && Yii::app()->user->getState('authUser') != Yii::app()->user->getState('id') && is_object($authUser = User::model()->findByPk(Yii::app()->user->getState('authUser')))) { $model = new \application\model\form\Logout(); $form = new CForm('application.forms.logout', $model); if ($form->submitted() && $form->validate()) { // Has the user opted to switch back to their original account? if ($model->switch) { // Create a new user identity instance, but since we aren't going to use any credentials to // authenticate the user, we can just pass in empty strings. $identity = new UserIdentity('', ''); // Attempt to load the identitiy of the user defined by the ID in the "authUser" persistent // state. if ($identity->load(Yii::app()->user->getState('authUser')) && Yii::app()->user->login($identity)) { // The original user account was successfully logged in, redirect to the homepage. $this->redirect(Yii::app()->homeUrl); } else { throw new CException(Yii::t('application', 'An error occured whilst attempting to load your original user account. You have been logged out for security reasons.')); } } else { // Log out the current user. Pass bool(false) as an argument to prevent the entire session // from being destroyed, and instead only delete the persistent states that were created // specifically for the user logged in. An example of why this is the behaviour we want is // storing the language selection in a session - if the website visitor selects French as // the language to view the website in (regardless of whether this functionality is actually // implemented), we don't want that session variable destroyed causing the entire website to // switch back to the default language of English just because the user wanted to log out. // Personally I believe that this should be the default behaviour, but it's not. Yii::app()->user->logout(false); $this->redirect(Yii::app()->homeUrl); } } // Render the logout page, so that the end-user may be presented with a choice instead of // automatically logged out (as if the default). $this->render('index', array('form' => $form, 'displayName' => $authUser->displayName)); // End the application here to prevent any redirection. Yii::app()->end(); } else { // Log out the current user. Please refer to the lengthy explaination earlier in this method for why // we pass bool(false). Yii::app()->user->logout(false); } } // We don't want the user to stay on the logout page. Redirect them back to the homepage. $this->redirect(Yii::app()->homeUrl); }