Did you remember to set those fields as safe as well?
public function rules() {
return array(
array('month, year, day', 'safe'),
...
If you do not, this does not 'copy' the values over from the form to the model in the controller:
$model->attributes = $_GET['User'];