public function actionCreate() { $data = $_POST; //will be empty if CSRF authentication fails if (!empty($data)) { $data['description'] = trim($data['description']); $data['username'] = trim($data['username']); $data['user_group'] = trim($data['user_group']); //FORM VALIDATION HERE $errors = array(); //username is required if (strlen($data['username']) == 0) { array_push($errors, 'USERNAME_ERROR: Username is required'); //username should be unique } else { if (ApplicationPointPersons::model()->exists('username = :username AND application_id = :application_id', array(":username" => $data['username'], ":application_id" => $data['application_id']))) { array_push($errors, 'USERNAME_ERROR: Point person with this username already exists'); } } //usergroup is required if (strlen($data['user_group']) == 0) { array_push($errors, 'USERGROUP_ERROR: User Group is required'); } //data is good if (count($errors) == 0) { $point_person = new ApplicationPointPersons(); $point_person->application_id = $data['application_id']; $point_person->username = $data['username']; $point_person->user_group = $data['user_group']; $point_person->description = $data['description']; $point_person->date_created = date("Y-m-d H:i:s"); $point_person->created_by = Yii::app()->user->name; $point_person->date_updated = '0000-00-00 00:00:00'; $point_person->save(); echo CJSON::encode(array('type' => 'success', 'data' => '')); } else { echo CJSON::encode(array('type' => 'error', 'data' => implode(',', $errors))); } } else { echo CJSON::encode(array('type' => 'error', 'data' => 'CSRF_ERROR: CSRF Token did not match')); } }