How change the database user on the controller in Codeigniter4? - codeigniter

I'm migrating from codeignter 3 to codeigniter 4 and I'm having a hard time changing the database settings.
For example: I want the controller "Admin" to access with a configuration / database user and the controller "Site" to access with another.
I use this as a security issue, I want the "Site" controller to have access only with the query user ...
In codeigniter 3 I simply added the code at the beginning of the control to change the database as in the example below
$ this-> db = $ this-> load-> database ('admin', TRUE);
In codeigniter 4 how can I do this?
I don't want to change the database, I want to change the database user. And choose which user to use on the controller, not the model. For, when I use the admin controller I would like to use the user with access to "insert, delet, selec". When using the website controller, I would like to use the user who only has access to "select".
Thank you

If I may get you right this is what you are looking for
$db = \Config\Database::connect('admin', true);
you can have a better reference from the document Click Here to Read More

Related

How to Force Logout all users from backend Admin Panel in Laravel?

Im trying to force logout all logged users in website from admin panel .
for testing purpose i have logged in 3 different browsers , I have cleared all entries from sessions table from database , and then try to refresh page but user remains logged in like below :
and found new entries in sessions table
but i want like below , when force logout from backend .
I want to force logout user and clear all sessions please guide me how to do it ?
If you have a remember_token column in your users table, you might want to update that one as well:
DB::table('users')->update(['remember_token' => null]);
I have solved using below function :
use DB;
public function force_logout(){
DB::table('users')->update(['remember_token' => null]);
DB::table('sessions')->delete();
}

Laravel 5.1 use session to restrict direct access using urls users based on user role

I have 2 laravel projects, 1 for the front end where i m using html css angularjs. The second for api controllers. I call using http post and get the api controllers functions using angularjs to get content data.
In the front end i have a menu this menu appears differently based on user role, if admin or no.
This is done. My problem is the access for views using the url in the browser.
So I have a query where I get for each user what modules in the menu can he see. Now I'm putting the result in Laravel session.
$menu = DB::select menu by user id ... //Getting menu query based on user if admin or no
session(["menu" => $menu);
return session('menu');
I'm getting the results and the menu is showing good in the website based on the logged user if he s admin or no.
Now, to solve the direct url access issue, I want to use this session and compare the url to this session, if the url exists in the session i will let him access, if no i will redirect him to somewhere.
any idea?
I would strongly suggest looking at the Laravel documentation on Authorization before going too far down a custom implementation:
https://laravel.com/docs/5.1/authorization
Without knowing more about how your front-end and back-end applications interact with each other, it is a little difficult to get into speciifics but i shall do my best.
Each page returned by Laravel has access to a Request object which contains information about the request which returned the page. You can access this Request and its assocaited Route using Laravels helper functions (if you are not passing it to the view already). The getPrefix() method will return the root relative url which you can then use as you see fit. For example:
// Return and store the URL as a string
$url = request()->route()->getPrefix();
// Check your session for the URL/s you want to allow and compare to the stored URL
if (session()->get('URL') == $url) {
// User is allowed access to the page
// Do something ...
} else {
// User is not allowed access to this page
// Redirect back or to a route of your choice
return redirect()->back();
}
I hope this gives you some ideas, good luck!

How to globally prevent saving to database in Laravel 5

I made a PHP script in Laravel and now I want to show demo to my buyers. Since I don't want them to make any changes to the database, I was wondering if there is a way to globally disable any saving to the database?
If you have a BaseModel that extends Laravel's default Eloquent model class. And all of your applications models extend that BaseModel you can add the following to it:
public static function boot()
{
parent::boot();
static::saving(function($model)
{
return false;
});
}
This will intercept any creating or updating events from Eloquent.
This may be the technical answer for your question, but ideally just backup your db and restore it after showing to your buyers.
The easiest thing will be to create a mysql user that hasn't permissions to insert. Use the following mysql statement to create the user and use this user as the user in your database setting. I don't think there's a global method for this in laravel.
GRANT SELECT ON [database name].[table name] TO ‘[username]’#'%’;
This way, your user can view everything, but isn't able to save a bit.

Laravel Route Is not working because of Generic route

I am new to Laravel and learning just basic stuff. I am trying to create a new Route to create a user into database. So I created a Route like this -
Route::get('users/"create"', 'PagesController#create');
But I also have one Route for users trying to access their profile-
Route::get('users/{username}', 'PagesController#show');
Now when I try to access users/create it redirect me to show method instead of create method in controller. I am guessing this is because of generic nature of users/{username}. So my question is how to deal with such situation.
The order that you define routes is important. If you define your routes like this - in this order, it will work.
Route::get('users/create', 'PagesController#create');
Route::get('users/{username}', 'PagesController#show');
Note - I noticed you used 'users/"create"' - that is an error - it should be 'users/create' like in my example.
p.s. make sure you dont allow a user with the username called 'create' - or they will never be able to get to their profile page.

Change group of a newly created User in PyroCMS

Using PyroCMS 2.2, how can I have a registration form assign a user to one of the new Groups I created. Within the admin panel, I have a created a user group called client. When my registration form within my module is sent, it creates the client, but sets the type for group to $config['default_group'] = 'user'; within the core module.
Is there a way for me to set the group to client for this specific registration form in this module?
I suggest this:
When you redirect the user to the costum registration form, set a session variable with value of your costume module name for example
Use PyroCMS events (Events::trigger('post_user_register', $id)) and build a events.php file for your module so that, after every user registration this event will be triggered and since you have set the session variable, you can decide to change the user group of newly created user to an appropriate one and be sure to unset the session variable after you are done.
Hope you get the idea.
It doesn't look like there is an inbuilt way to do this.
system/cms/modules/users/controllers/users.php:384
// We are registering with a null group_id so we just
// use the default user ID in the settings.
$id = $this->ion_auth->register($username, $password, $email, null, $profile_data);
It also appears it isn't possible to override the core modules.
Seems like you have 2 options:
Modify the core module
Try to port the user module into your own module

Resources