Advanced application enhancements.

- Turned on CSRF validation by default.
- Added access control for login, signup and logout for frontend application.
- Added access control for login, logout and index for backend application.
- YII_ENV is now defined for all applications.
- No trace is writted to logs if debug is turned off.
- Added default error view for frontend and backend.
- In frontend application captcha will always ask for "testme" if YII_ENV is defined as "test".

apps/advanced/backend/config/main.php

@@ -17,13 +17,16 @@ return array(
 	'modules' => array(
 	),
 	'components' => array(
+		'request' => array(
+			'enableCsrfValidation' => true,
+		),
 		'db' => $params['components.db'],
 		'cache' => $params['components.cache'],
 		'user' => array(
-			'class' => 'yii\web\User',
 			'identityClass' => 'common\models\User',
 		),
 		'log' => array(
+			'traceLevel' => YII_DEBUG ? 3 : 0,
 			'targets' => array(
 				array(
 					'class' => 'yii\log\FileTarget',
@@ -31,6 +34,9 @@ return array(
 				),
 			),
 		),
+		'errorHandler' => array(
+			'errorAction' => 'site/error',
+		),
 	),
 	'params' => $params,
 );

apps/advanced/backend/controllers/SiteController.php

@@ -8,6 +8,36 @@ use common\models\LoginForm;
 
 class SiteController extends Controller
 {
+	public function behaviors()
+	{
+		return array(
+			'access' => array(
+				'class' => \yii\web\AccessControl::className(),
+				'rules' => array(
+					array(
+						'actions' => array('login'),
+						'allow' => true,
+						'roles' => array('?'),
+					),
+					array(
+						'actions' => array('logout', 'index'),
+						'allow' => true,
+						'roles' => array('@'),
+					),
+				),
+			),
+		);
+	}
+
+	public function actions()
+	{
+		return array(
+			'error' => array(
+				'class' => 'yii\web\ErrorAction',
+			),
+		);
+	}
+
 	public function actionIndex()
 	{
 		return $this->render('index');

apps/advanced/backend/views/site/error.php

@@ -0,0 +1,29 @@
+<?php
+
+use yii\helpers\Html;
+
+/**
+ * @var yii\base\View $this
+ * @var string $name
+ * @var string $message
+ * @var Exception $exception
+ */
+
+$this->title = $name;
+?>
+<div class="site-error">
+
+	<h1><?php echo Html::encode($this->title); ?></h1>
+
+	<div class="alert alert-danger">
+		<?php echo nl2br(Html::encode($message)); ?>
+	</div>
+
+	<p>
+		The above error occurred while the Web server was processing your request.
+	</p>
+	<p>
+		Please contact us if you think this is a server error. Thank you.
+	</p>
+
+</div>

apps/advanced/environments/dev/backend/web/index.php

@@ -1,6 +1,6 @@
 <?php
-// comment out the following line to disable debug mode
 defined('YII_DEBUG') or define('YII_DEBUG', true);
+defined('YII_ENV') or define('YII_ENV', 'dev');
 
 require(__DIR__ . '/../../vendor/autoload.php');
 require(__DIR__ . '/../../vendor/yiisoft/yii2/yii/Yii.php');

apps/advanced/environments/dev/frontend/web/index.php

@@ -1,7 +1,6 @@
 <?php
-
-// comment out the following line to disable debug mode
 defined('YII_DEBUG') or define('YII_DEBUG', true);
+defined('YII_ENV') or define('YII_ENV', 'dev');
 
 require(__DIR__ . '/../../vendor/autoload.php');
 require(__DIR__ . '/../../vendor/yiisoft/yii2/yii/Yii.php');

apps/advanced/environments/dev/yii

@@ -9,6 +9,7 @@
  */
 
 defined('YII_DEBUG') or define('YII_DEBUG', true);
+defined('YII_ENV') or define('YII_ENV', 'dev');
 
 // fcgi doesn't have STDIN defined by default
 defined('STDIN') or define('STDIN', fopen('php://stdin', 'r'));

apps/advanced/environments/prod/backend/web/index.php

@@ -1,6 +1,6 @@
 <?php
-// comment out the following line to disable debug mode
 defined('YII_DEBUG') or define('YII_DEBUG', false);
+defined('YII_ENV') or define('YII_ENV', 'prod');
 
 require(__DIR__ . '/../../vendor/autoload.php');
 require(__DIR__ . '/../../vendor/yiisoft/yii2/yii/Yii.php');

apps/advanced/environments/prod/frontend/web/index.php

@@ -1,7 +1,6 @@
 <?php
-
-// comment out the following line to disable debug mode
 defined('YII_DEBUG') or define('YII_DEBUG', false);
+defined('YII_ENV') or define('YII_ENV', 'prod');
 
 require(__DIR__ . '/../../vendor/autoload.php');
 require(__DIR__ . '/../../vendor/yiisoft/yii2/yii/Yii.php');

apps/advanced/environments/prod/yii

@@ -9,6 +9,7 @@
  */
 
 defined('YII_DEBUG') or define('YII_DEBUG', false);
+defined('YII_ENV') or define('YII_ENV', 'prod');
 
 // fcgi doesn't have STDIN defined by default
 defined('STDIN') or define('STDIN', fopen('php://stdin', 'r'));

apps/advanced/frontend/config/main.php

@@ -17,13 +17,16 @@ return array(
 		'gii' => 'yii\gii\Module'
 	),
 	'components' => array(
+		'request' => array(
+			'enableCsrfValidation' => true,
+		),
 		'db' => $params['components.db'],
 		'cache' => $params['components.cache'],
 		'user' => array(
-			'class' => 'yii\web\User',
 			'identityClass' => 'common\models\User',
 		),
 		'log' => array(
+			'traceLevel' => YII_DEBUG ? 3 : 0,
 			'targets' => array(
 				array(
 					'class' => 'yii\log\FileTarget',
@@ -31,6 +34,9 @@ return array(
 				),
 			),
 		),
+		'errorHandler' => array(
+			'errorAction' => 'site/error',
+		),
 	),
 	'params' => $params,
 );

apps/advanced/frontend/controllers/SiteController.php

@@ -12,11 +12,37 @@ use yii\helpers\Security;
 
 class SiteController extends Controller
 {
+	public function behaviors()
+	{
+		return array(
+			'access' => array(
+				'class' => \yii\web\AccessControl::className(),
+				'only' => array('login', 'logout', 'signup'),
+				'rules' => array(
+					array(
+						'actions' => array('login', 'signup'),
+						'allow' => true,
+						'roles' => array('?'),
+					),
+					array(
+						'actions' => array('logout'),
+						'allow' => true,
+						'roles' => array('@'),
+					),
+				),
+			),
+		);
+	}
+
 	public function actions()
 	{
 		return array(
+			'error' => array(
+				'class' => 'yii\web\ErrorAction',
+			),
 			'captcha' => array(
 				'class' => 'yii\captcha\CaptchaAction',
+				'fixedVerifyCode' => YII_ENV_TEST ? 'testme' : null,
 			),
 		);
 	}

apps/advanced/frontend/views/site/error.php

@@ -0,0 +1,29 @@
+<?php
+
+use yii\helpers\Html;
+
+/**
+ * @var yii\base\View $this
+ * @var string $name
+ * @var string $message
+ * @var Exception $exception
+ */
+
+$this->title = $name;
+?>
+<div class="site-error">
+
+	<h1><?php echo Html::encode($this->title); ?></h1>
+
+	<div class="alert alert-danger">
+		<?php echo nl2br(Html::encode($message)); ?>
+	</div>
+
+	<p>
+		The above error occurred while the Web server was processing your request.
+	</p>
+	<p>
+		Please contact us if you think this is a server error. Thank you.
+	</p>
+
+</div>