I'm trying to build a website for myself. It has front and back end.
In the back end I have TinyMCE and I installed the standalone roxyfileman file manger and have it working perfect with my codeigniter site, but there's a catch.
I have my back end password protected via codeigniter sessions using a database
(I don't use password protected directories). I see that roxyfileman is accessible directly via browser if a user knows here to look, and a hacker could delete all pictures via file manager.
Example:
sitename/js/fileman/index.html
How can I secure the filemanager with codeigniter or any other way that will forbid direct access to the page?
In my case sessions are saved in database.
I gess I must figure out a way to connect the standalone filemanager to codeigniter and database and validate if a valid user is executing the filemanager.
Please advise on how to achieve this.
Solution for me:
Eventually I managed to find a great contribution from a developer.
Thanks to him I sorted my issue out.
Solution found here:
https://github.com/codinghamster/coreigniter
Related
I have a website developed using magento . Previously i was able to login. But right now, login is failed. Infact any operations that interacts with user table is failing. I need to know what is the issue. How do I figure it out?
First clear try to clear your log file
second make sure you have not upgraded your Magento
and 3rd make sure that you db is accessible in your Magento
-Harry P
I have a Moodle site, in one of the Moodle pages I have an iFrame which contains a Drupal application. I want the Drupal application to see whether the user is logged in on Moodle, and if so show extra content.
However, I cannot access the session data from Moodle (especially information on the User) to in Drupal.
I tried two things:
If the iframe was a normal PHP page, I'd pass session_start(); on the top of the page in order for the session to persists, but I have no idea HOW to do that in Drupal.
And since they are on the same server, I tried accessing the config.php file in Moodle from a plain PHP file in the Drupal directory, and, as expect, I was able to get the variable. But as soon as I do this inside the Drupal application, a clash in function name between Moodle and Drupal threw an error.
The other option is to add a plugin in Moodle which sets a cookie on user login, a cookie that Drupal can get. But I'm really against this option since anyone can set a cookie and it persists. (There's no guarantee the user will click log-out)
I've never used/touched Moodle and Drupal until today. Can anyone help me figure out how to check whether a user is logged in on Moodle, from an iframe running a Drupal application?
A quick google gives the following moodle plugin that may be useful: https://moodle.org/mod/forum/discuss.php?d=208285
Looks like it allows single sign-on between the two, I've never used moodle before, but this may be a step in the right direction.
I am so stumped with this and I need some help from the community. I moved my joomla site over to a new server and now the content has disappeared from the front end, I am not getting an errors.... Can someone offer any suggestions on where to look for the problem? my config is fine and I am pretty sure my database is aswell because all my original articles are there.
I am running Joomla 1.5
The URL: http://www.davidjamesmedia.ca
If you moved to a new server at a different hosting company, Joomla is probably either
not looking in the right place for the database, or
not using the right credentials (host, port, username, password, whatever) for the database.
That might also be true if you moved to a different server at the same hosting company, although it's a little less likely. Look at the configuration.php file.
Assuming you have shell access, make sure you can access the database through its command-line utility. Then make sure Joomla is using the same credentials.
This is a really odd one.
The database credentials are obviously correct otherwise the site wouldn't load at all and would result in a MySQL error. Try re-assigning a new temporary article to the homepage else download the K2 component, import your articles and assign the K2 article to the homepage.
Update:
If you have the demo package for the template you are using the follow these steps:
create a sub domain
install the demo package with sample data
export the #__content database table from the main website
replace the #__content table with the one you exported
Make sure your error reporting is on in your server's php.ini file so that you can see what errors php is giving i.e. error_reporting = E_ALL & ~E_DEPRECATED
In admin panel, can you see the articles in content menu?
If so, enter in each article and push the Save button.
After you save the article, it should appear again in frontpage (that worked for me).
i am newbie here in codeigniter. i was asked to build a-dooid-like-site or a-aboutme-like-site for my local college so they can make their own identity card. i plan building this website using codeigniter since i heard codeigniter is the most easy to understand and i dont have more than 2 weeks to complete the task.
my questions is :
if the dooid build up with codeigniter, how could i make a function
that allows people choosing their direct url. i mean, if i have a
class "User" and there is a "show" method that need
"username" as a parameter. the URL should seems like this one:
www.Mysite.com/User/show/<username>
how could they make a their own url like this one:
www.Mysite.com/<username>
i plan to restrict some "method" guest and it will
be enabled when user login into site. i mean if i have a class
"user" there is a "edit_profiles" method. guest can see the
"show" method but logged in users will be able to
"edit_profiles" after login. on the same class.
can you tell me how the codeigniter session library class concept? i confused with native session php. is there anybody that can show me some links contains session class tutorial that stores session into databases?
Yes this is possible, look into the documentation for custom routes:
http://codeigniter.com/user_guide/general/routing.html
For access control it is simplest to use a prebuilt login library
such as ionauth or tankauth both or which provide the
features you'll require.
The sessions used by CI do not use PHP native sessions. The best guide is in the dosumentation: http://codeigniter.com/user_guide/libraries/sessions.html Where the data is stored is determined by the sessions in the config file and is described in the documentation.
I have a CakePHP website with its own login system using the Auth component. I would like to know if the following is possible:
A user has logged in and is navigating the website. At one point, he can click a link that opens an external php file. With external I mean that it could be in another folder of the same server, but outside the CakePHP app folders.
The "tricky" thing (for me) is to only show the contents of that php file if the user is logged in (to prevent someone without an account accessing those contents). I can't use Auth there because I'm "outside" Cake... I don't know if maybe using $_SESSION, but I don't know how...
Is this even possible? And yes, the php has to be outside the CakePHP app folder system.
Any ideas?
I'll add you also need to set session name to "CAKEPHP" using
session_name('CAKEPHP')
just before your external app session_start() otherwise you could not apply Kashif Khan suggested solution :)
Cheers,
Yes you can access the cakephp SESSION outside cakephp folder. try this session variable
$_SESSION['Auth']
if it exists then check for user here
$_SESSION['Auth']['User']
This is not working in Cakephp3. After calling
session_name("CAKEPHP");
session_start();
Application session is expiring.