I would like to keep Joomla from including tracking code for Google Analytics when I am logged in to the backend. For this purpose I am trying to determine whether a user who is browsing the website is also currently logged in to Joomla's backend. The problem is - when I use methods like JUser::getAuthorisedGroups() or JUser::getAuthorisedViewLevels(), Joomla's frontend still recognizes me as an unregistered guest.
I know Joomla keeps separate information about the current user for backend and frontend. But is there a way around it?
Logging in to the admin and viewing the front end both start independent sessions that are not related so using getUser() is only going to return the info for the current session.
Luckily, there are a couple of options. First, you can block your IP from being tracked in GA. Second, you can log in to the front end, then use a plugin to filter out logged in admin users.
Related
I have a website, running on Laravel 8 and Vue.js 3. Admin panel's front-end is completely on Vue, while guest users are served with Laravel's blade.
I have worries about unauthorized client's possibility to inspect admin panel's code on login page, as it's part of Vue.
Of course, client will not get any information from server, without authentication. All she/he can see is blank panel with no information at all.
So the problem is, client can analyze a whole functionality of code, view all routes that is used to manage site content. This gives full information to security researchers where to target, what to send and what to expect.
Also, I know about Asynchronous Components, but this is not answer here, as those component's are named by predictable names. So it's possible to get whole working code anyway.
If I will make subdomain separately, those subdomains can be also scanned and exposed. As managers are working from separate locations, denying of route, based on IP address is also not solution.
How to control this from Laravel, so only authenticated users can see panel's code? Should I try to fix this at all?
The way I do is by compiling two differents files using webpack and a logical test whitin the blade file.
So, depending on the user type, the page will load differents files, but I do not mind them staying in the public directory. I put every administrator request inside an administrator middleware.
You can make laravel moving files from public directory and an another one using some sort of control. Exposing your admin files only when an administrator request a page and until the load is done. I know this is possible, I never tested it myself.
I have to integrate facebook login in an e-commerce website made in X-cart 4.7.6. There are no add-ons available for this version and I am not able to bypass login validation, I wanted to log user in just by using fb id. Until now , i have been successful in fetching permissions and data from Facebook when user clicks on fb-login button and check that if the particular user is an existing user or a new user. Based on this the data is entered into existing database.
Now I have been trying to set ($allow_login) true and bypass all visible login validation from all files i guess.But yet it doesn't work. Suggest me some ideas or ways to make it work.
You say that there is no ready-made module, but actually it exists: it is included in X-Cart GoldPlus by default, but if you use a "younger" package called X-Cart Gold, you may purchase this addon separately for $99: https://market.x-cart.com/addons/social-login.html
I'm currently implementing this library ember-simple-auth to manage authentication in the emberjs application (shopping cart) that I am currently building.
The difficulty that I encounter is that the library manages authentication rules after logging in very well but not before logging in.
So here is the scenario:
The application must talk to the backend server to retrieve a session token for every user. This is necessary so that the user can save their items temporarily in the server side using session data. Something that you would expect for a shopping cart.
Then when the user is ready to move forward the application will then display the login screen and the user can authenticate themselves to checkout their items.
However, I can't seems to figure out yet how to do this using simple-auth. If I create a custom authenticator that just fetches token id from the server, it will mark the session as authenticated and will not ask for login on the authenticatedRoute.
In general what I'm trying to do are:
Customer visit the website
The application fetches session token from the server
Customer clicks around and saves item into the shopping cart. The data is synced with the server using the session token
Customer ready to checkout and navigates to checkout page
The application intercepts the route and redirect the customer to login route, where the customer can login and resume checkout.
I hope the above information is clear enough. Any hints and help will be much appreciated. Thanks.
I would probably only use Ember Simple Auth from the point on where the user actually logs in. Before that instead of using a session token to identify the basket, I'd probably explicitly create a basket on the server side (POST /basket) and then add to that via a REST interface (PUT /baskets/:id/items or so). That way you're not sharing state between the client and the server and have a clear interface. You also don't need to "abuse" Ember Simple Auth which probably only leads to other problems later on. When the user logs in then, you simply assign the previously created basket to that user and go on.
Is it possible to implement single signon for Joomla 1.5 backend and frontend. I find it kind of redundant that when the admin for instance is logged in at the backend and needs to do some user function on the frontend has to login again. Is there a way of implementing a single signon?
Joomla! is implemented as two separate applications the front-end initiated from /index.php and the back-end administration from /administrator/index.php as such they have separate user sessions and states.
The separation is a standard security approach, while you could write your own mod_login to do this I wouldn't advise it unless you're very clear on what you're doing.
Having said that, there are 255 Joomla! extensions in the Access & Security ——> Site Access section dealing with logins. Have you tried looking there?
This joomla extension can do that.
http://www.everlive.net/joomla-extensions/15-joomla-admin-from-frontend.html
Just login to frontend as an admin user. You will be logged-in automatically to backend. Further it gives you useful direct links for various backend operations like article add, edit, publish, unpublish etc. Same kind of links are available for modules and menu items.
I have a website already running made with CakePHP, which has its own login system using the Auth component.
Now I'm going to create another website using moodle, hosted in the same server. Is there any way to share the user session between those 2 websites?
For example, if a user logs into the moodle website and clicks a link to a page of the other website, he is not asked to log in again, since the system recognises that he is already logged in.
I guess that one thing to do would be to tell moodle (somehow) to use same table of users in the database that the CakePHP website is already using. And then tell the CakePHP website to accept the sessions created in that other website. Something like this right?
But I don't know how to do those things or if they even possible, any advice on how to approach this would be very helpful.
Single sign-on (SSO) is not currently a trivial thing to do in Moodle.
Some other approaches you may consider are:
Use external authentication in Moodle and configure it to use Cake's database. Does not provide SSO but tells Moodle to use Cake's user accounts.
Configure both Moodle and Cake to use a common authentication system like LDAP, POP3 or CAS. Depending of your choice it is possible that you may achieve SSO.
More information about Moodle authentication plug-ins in this page:
http://docs.moodle.org/dev/Authentication_plugins