Opencart module controller index function data source - model-view-controller

Some module controllers on a website I work with have data passed to their index function. How is it done? I can't find the source file that sends data to controller.

The $this->config->get object is set initially from index.php file as a current setting and not as a module tracking. The $setting array passed into the index method is the one initialized whenever the current module is loaded at that point in the loop. The $setting object should be initialized automatically by ensuring that the same basic key names are being added from the admin modules before loading the array on the store-front end. Additional key names can be added along with the basic key names as there should be no problem to re-catch those additional keys by using the $setting array either. This methodology should not interfere with other modules nor with other basic key names since each $setting array are being fetched accordingly from the database.
You can also check module table in your opencart database to understand it more clearly.
Source Link

Related

Encrypt Decrypt data by creating random keys and values

In codeigniter,
whenever a user is authenticated, I want to create a random session. This mechanism will be used to encrypt/decrypt the data between views-controllers. For example, I look to open a form as below:
<?php echo form_open('targetcontrollerfunction/'.encryptionfunction(data_to_be_secured)); ?>
Thus if anyone goes to inspect element, they is not able to understand the data that is being passed to the controller.
What I have tried:
I have gone through Codeigniter documentation and several articles on stackoverflow and google too. They suggest using encryption library to generate a random key and encrypt library to encode/decode the data using that key. But the challenge is that they want me to store the newly generated key in $config["encryption_key"]
Here the problem begins. In my Controller function I am validating the user account and setting some session variables. At the same time, I want random key to be generated so that the key is 100% unique for every user, but when I use the following code inside my controller function:
$randomkey=bin2hex($this->encryption->create_key(16));
$config["encryption_key"]=$randomkey;
$this->session->set_userdata('somekey', $this->encrypt->encode("somevalue"));
I also changed it to :
$randomkey=bin2hex($this->encryption->create_key(16));
$config=array(
'encryption_key'=>$randomkey
);
$this->encryption->initialize($config);
$this->session->set_userdata('somekey', $this->encrypt->encode("somevalue"));
I get an error:
In order to use the encryption class requires that you set an
encryption key in your config file.
libraries cannot be loaded into config.php file, encryption_key cannot be set inside the controller, I am totally confused. What else is the way to generate a random key and use the same for every logged in session?
If you are using CI 3, go to folder /application/config, edit config.php, then enter the encryption key (32 characters)
Search the below line:
$config[‘encryption_key’] = ‘yourkeyhere’;

OData service password validation in ABAP

How do I validate password using function module which is stored in Z*** table against the sy-uname in ABAP?
I am using function module to create OData service for Fiori app where in the moment user hits on enter button it should display successful else unsuccessful based on sy-uname?
First,
you never ever shouldn't store passwords for your application in plain text.
It is so obvious that never should be mentioned, but nevertheless. Only hash functions from your passwords should be stored.
Second, following function module should be used for generating hash and validation against it:
CALL FUNCTION 'MD5_CALCULATE_HASH_FOR_CHAR'
EXPORTING
DATA = LV_PASSWORD
IMPORTING
HASH = STRU-PASSHS.
Also, you can check SECH function group and modules contained there, but consider that some of them are deprecated.

Does the ParseFile have an ACL

It appears that the ParseFile does not have an ACL, or put another way, once the URL of the ParseFile gets out in the wild, the file is available to anybody who can make a GET http request.
I hope I'm missing something in the documentation, because this does not sound like a great idea. As best as I can understand it, this means that the URL is "protected" only by the ACL of the ParseObject that holds the reference to the ParseFile.
Perhaps it's relevant to know that I'm reading/using the .NET+Xamarin bits.
I think you've summed it up best yourself:
"protected" only by the ACL of the ParseObject that holds the reference to the ParseFile
If someone does happen to know your url for that particular file then kudos to them, because they are uniquely created, just like objectId's:
.. containing the name of the file, which is the original file name prefixed with a unique identifier in order to prevent name collisions. This means you can save files with the same name, and the files will not overwrite one another...
So in other words, the last path component will always be unique:
tfss-db295fb2-8a8b-49f3-aad3-dd911142f64f-airlines.txt
Even if you re-upload a new airlines.txt document:
tfss-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-airlines.txt
To summarize ACL:
An ACL, or Access Control List can be added to any Parse.Object to restrict access to only a subset of users of your application.
So according to Parse, it's purposes are intended for the object itself, not specific parameters of that object. As of now, they do not support say, setting a specific read/write ACL on the objects 'Title' column or 'Email' column or a specific column type, the ACL's are object or User dependent.
For those that are interested in reading more about Parses ACLs can see their resource here: http://blog.parse.com/learn/engineering/parse-security-i-are-you-the-key-master/

Other way to pass data from block to controller Magento

I'm pretty new to PHP programming and Magento. I wanna to pass the current ProductId from a form within a custom block to a controller (new action).
Yes I know that one method would be to add an input hidden (with my product id) in the custom block form and then to retrieve the Value through a regular:
$this->getRequest()->getPost('myvalue'))
Is there a better way in Magento to retrieve the value within the controller without having to declare extra secret input fields ?
Good for you for wanting to adhere to best practices within Magento! The passing of data to controllers is pretty standard, however. If we look at how the product is added from a product page, we'll actually see the product ID in the form action URL's parameters:
http://domain.com/checkout/cart/add/uenc/uenc_value/product/45573/
...where 45573 is the product ID. Of course this can also be sent to the controller via a hidden input field, which I use all the time. Note that the above is the same as http://domain.com/checkout/cart/add/?uenc=uenc_value&product=45573 in Magento.
Another way of storing data for use in controllers for future use is setting data into a session. For posting data to a controller I wouldn't recommend this method but it's something to keep in mind:
$session = Mage::getSingleton('core/session');
$session->setMyValue(true);
We can then retrieve the data from my_value later just by instantiating the session. Good luck!
Passing your data could be done in different ways :
You could use Magento's magic setters and getters.
So you would have to do this to set the value :
Mage::getSingleton('core/session')->setSomeVariable($value);
and this to retrieve it :
Mage::getSingleton('core/session')->getSomeVariable();
Or you could use the register.
Mage::register('key', $value); //to set your data
Mage::registry('key'); //to get your data
Magento provides a way to construct a URL with the necessary values, calculated against the configuration DOM. Blocks (and therefore block templates) can call Mage_Core_Block_Abstract::getUrl() directly:
$this->getUrl('some_handle/foo/test',array('id'=>'some_value'));
// Mage::getUrl() will work as well
The above would result in the following URL:
http://base_url/frontname/foo/action/id/some_value/
...which can be read in the FooController testAction() as
$this->getRequest()->getParam('id') // 'some_value'

CakePHP Auth Loads Too Many Session Variables

Using CakePHP2.0 Beta I managed to write a custom login handler for my existing database schema. All's well, except that upon logging in I printed out the session variables stored and what Cake's Auth component did is store the entire record from the "Member" table (where my usernames+hashes come from) in session. It is storing an array with data fields that are totally irrelevant to the session. For instance it stores the date the member was created, their address, etc. All pretty useless information for me as I basically only need their ID and maybe username, name, email address.
The offending lines for me are found in: /lib/Cake/Controller/Component/AuthComponent.php line 512. It states,
$this->Session->write(self::$sessionKey, $user);
So my custom authenticate component returns $user and it throws this whole thing into the session. Now, I don't want to go about editing in the core libraries because this project is definitely going to be upgraded when 2.0 comes out. Is there any way to store less information in sessions? I want to keep this whole thing more lightweight.
Possible solution: Change my custom authentication component to only return the fields I need into the $user variable. Are there any concerns about what data I should/shouldn't be returning?
I've solved the problem using my "possible solution". In /app/Controller/Component/auth/MyController.php, I changed the "ClassRegistry::init($userModel)->find" method to have a parameter for 'fields' where I specify only the fields I need. Works like a charm.

Resources