Prevent direct access to a page in Joomla - joomla

I have a payment gateway integrated on my website. When user is done with payment he/she is redirected to a particular page say www.example.com/redirect. I want to prevent users from directly entering this url (www.example.com/redirect) in address bar and access the page. I want it asap.
Actually the page is protected from guest users but if logged in user types that url then it will redirect him to that page and hence the payment option will be skipped. I want the user must pay the amount first and then redirected to this page.

Hard to answer precisely since you only give a non-joomla url as an example, but at the top of every Joomla script is the following line:
defined('_JEXEC') or die( 'Restricted access' );
You obviously can't prevent a user from typing in the url, so this will at least detect if a session is already in place. If the user isn't in an active Joomla session, this will fire and prevent access. You could easily adapt it to do whatever you want to happen for your requirement, depending on whatever you have to check with, i.e. if the referrer is your payment gateway, etc.

I had a similar desire. I wanted the page to only display if the users was logged in and if they had filled out the order entry page.
What I decided to do was check to see if there was data in the POST.
controller/place_order.php (snipet)
public function submitOrder()
{
$post = JRequest::get('post');
$model = $this->getModel();
if($post != null && $post != ''){
if($model->placeOrder()){
}
}
JRequest::setVar('layout', 'submitOrder');
parent::display();
}
This prevents the task from executing my placeOder function anything in the model. Then I just add something similar to the submit order page. In your case "redirect".
view/place_order/tmpl/submitOrder.php (snipet)
defined('_JEXEC') or die('Restricted access');
$user =& JFactory::getUser();
if ($user->guest) {
echo "<p>You must login to access this page.</p>";
}
else if($_POST == "" || $_POST == null){
echo "<p>You can not directly access this page.</p>";
}else {
//Your order was submitted successfully HTML (don't forget to close it at the bottom ;)
There are a lot of ways you could do it... you probably don't even need to check in the controller if you don't want to but I do to save on time. With out seeing your code it's hard to tailor the answer but if you grasp the concept here it should help (I hope...).
You might also want to check out this page from Joomla on authorization and privileges.

this should be done in your component's base controller (controller.php). if you look at this code snippet:
// Check for edit form.
if ($vName == 'form' && !$this->checkEditId('com_weblinks.edit.weblink', $id))
{
// Somehow the person just went to the form - we don't allow that.
return JError::raiseError(403,
JText::sprintf('JLIB_APPLICATION_ERROR_UNHELD_ID', $id));
}
this block of code is present in most of core components intended to do exactly what you want. how ever how this actually dos what it does is explained through the $this->checkEditId() function. I hope you are familiar with the JControllerForm class and if you are not check out the API. because creating an edit id for a page and "authorizing user for access to a specific page based on his last page" is done by JControllerForm.

Related

Magento 2 session unsetting itself

I need to be able to store some custom session variables that exist for the custom, regardless of whether they're signed in or not, but for some reason my sessions keep deleting themselves.
I have used this example to help me add my session code in.
Here's my code
Block file
<?php
namespace MyVendor\MyModel\Block;
use Magento\Framework\View\Element\Template;
class ProductSearch extends Template {
protected $_customSession;
public function __construct(
\Magento\Framework\View\Element\Template\Context $context,
\Magento\Customer\Model\Session $customSession,
array $data = []
){
parent::__construct($context, $data);
$this->_customSession = $customSession;
}
//Get the car model from the session
public function getSessionCarModel(){
return $this->_customSession->getCarModel();
}
//Unset the car model from the session
public function unsetSessionCarModel(){
return $this->_customSession->unsCarModel();
}
}
and heres the top of my template file that sorts the session when its loaded
productsearchbanner.phtml
<?php
//If the user has selected a new model, unset our session then start a new one
if(isset($_POST['modelSelect'])){
//Unset the other sessions
$block->unsetSessionCarModel();
//Set the model session
$block->setSessionCarModel($_POST['model']);
}
echo '<pre>';
var_dump($_SESSION);
echo '</pre>';
?>
The way the code is meant to work is, if the $_POST['modelSelect'] is set, the user has come from the model select page so we need to start the process again and reset their session, but if they haven't, the session should remain the same.
My issue is, when I come from the model select page, my session variable shows in the var dump no problem, as shown below.
But then as soon as I go to any another page on my site (for example, the homepage) and then back to the product search page, the session has cleared?
What am I doing wrong? Why does my session clear every time I load a page? I just need to be able to set the equivalent of $_SESSION['carModel'] and it be persistent for that user, regardless of if they're logged in or not, or where on the site they go.
Can someone please point me in the right direction?
Setting sessions in Blocks or Template files is a problem. This is because of full page cache. Magento's execution cycle changes with FPC turned on.
Controllers or Models are the best places to update session data.
But, if you need to update your session in a template / block, then you can call a custom action via AJAX and have it update the session info.
Generally, one would need to take these steps in Magento 2:
create a new controller / action pair in an existing or a new module, that would update session info. This controller should ideally accept AJAX requests only.
have a template rendered in container before_body_end and toss some jQuery code in there, that will query the controller / action pair to have the session info updated.
This way, whenever the page will load, it will trigger a session update ( or you can have it trigger on any other event, say when a user clicks something etc. ) by requesting your controller / action, say, /my-module/my-controller/my-session-updater-action.

Laravel get redirected when opening register page when logged in

I want to create users when I'm logged in on a main account.
But everytime I open the "Sign up" page I will get redirect to http://domain/home.
I've already edited the controllers and removed /home there, but that still didn't solve the problem.
Remove $this->middleware('guest'); from your App\Http\Controllers\Auth\RegisterController's __construct() method in app\Http\Controllers\Auth\RegisterController.php
If you want to create users while you're signed in, then you will need to create them programmatically through a controller. Have a UserController with a createUser method and within that put something along the lines of:
public function createUser() {
$new_user = new User;
$new_user->email = 'foo#bar.com';
$new_user->name = 'john doe';
$new_user->save();
}
As Avik said above, since the sign up page is handled by your RegisterController, it is not going to allow anyone who is authenticated to that page.

get joomla registration form variables?

I'm working on getting joomla registration form values that user enters
at the time of registration. After two days of searching I reached to the
file Joomla2.5.7\components\com_users\controllers\registration.php. In the register() method I
tried to echo $data and $requestData variables but didn't see any output, on registering a new entry. I also tried to echo javascript but was unsuccessful. I'm trying to connect joomla database with my own database, so that whenever new user registers , he is also registered to my website. How can I get the registration form variables, any kind of help is really appreciated.
Ty this
On registration controller you can find a function call to model like this
$return = $model->register($data);
after that just
echo "<pre/>";
print_r($data);
Also in the registration model
components\com_users\model\registration.php
register() method is defined you can check that for more info.
In addition if you want to add the users info to the other DB like your website DB.
The best place to write mysql query is :
// Store the data.
if (!$user->save()) {
$this->setError(JText::sprintf('COM_USERS_REGISTRATION_SAVE_FAILED', $user->getError()));
return false;
}else{
//Your custom mysql query to other DB or tables
}
find the above section in the registration model inside register()method.
Hope this may solve your problem..
I hope this tutorial helps you. You will find it explains the process of joomla registration form very well.
http://youtu.be/2AyCzb2vTaU

Magento redirected to other URL after order editting

Currently I'm experiencing a problem after editing orders in the Magento admin. The page is always redirected to another URL, the base of which belongs to the store view that the order belongs to. And this page requires re-login to the admin.
For example, I have two base URLs, each belongs to one store view:
www.example.old.com //old store view (default)
www.example.new.com //new store view
The system uses www.example.old.com as the default base URL. So under www.example.old.com I create an order for the new store and invoice it. Then on submitting the invoice, the page is redirected from
http://www.example.old.com/index.php/admin/sales_order_invoice/new/order_id/1234/
to
http://www.example.new.com/admin/sales_order/view/order_id/1234/
And it requires login for another time.
I traced the redirection code to Mage_Core_Model_Url
public function getRouteUrl($routePath=null, $routeParams=null)
...
$url = $this->getBaseUrl().$this->getRoutePath($routeParams);
public function getBaseUrl($params = array())
....
if (isset($params['_store'])) {
$this->setStore($params['_store']);
}
....
return $this->getStore()->getBaseUrl($this->getType(), $this->getSecure());
Then I don't know what to do. There is no parameter _store but it seems that Magento determines which store view to run based on the order being treated, when it is supposed to stay on the same base URL throughout the admin.
Have you tried to enable customer data sharing between the stores in the backend?
Sorry for newbie answer, still learning magento
For those who may still show interests to this old entry, I share my solution. It is not a good one, indeed it is a hard-coded redirection to avoid going back to an uncertain URL, but it fixed the problem for me.
In the controller action where the redirection happens, modify
$this->_redirect(..., array(... => ...));
to
$this->_redirect(..., array(... => ..., '_store' => Mage::app()->getStore($storeId)));
This ensures that the redirection always goes to the specified store.
Reason is that Magento switchs context to store of order because it requires to translate the email template correctly.
Look at class Mage_Core_Model_Template there are two method _applyDesignConfig and _cancelDesignConfig. First function switches context and remember old context, second function should return all back. But, there is a bug. See more at: http://www.magthemes.com/magento-blog/magento-142-multiwebsite-admin-redirect-problem-quick-workaround/#comment-1084

Joomla - Determining whether logged-in user is an Admin

I am having tons of fun working on a big project that was, for reasons hard to justify, based on Joomla! (which I don't mean to criticise, Joomla! is great, just not for the task I am faced with currently) and when I googled for a way of determining whether the currently logged-in user is an Admin, I found a post that quite boldly recommends using the following code:
$user =& JFactory::getUser();
if($user->usertype == "Super Administrator" || $user->usertype == "Administrator"){ ... }
To me, this looks like a rather strange way of checking for Admin users. I would appreciate a $user->isAdmin() method to do this rather than a couple of hard-coded strings.
I fail to find a more elegant solution to checking for admin users within the Joomla! framework. Can anyone help?
Actually, as the Access levels are hard coded into the database in Joomla! 1.5, the only way this string comparison could fail is when someone deliberately hacked new groups into it. Strings can be changed in the .ini-Files (so that non-english installations still use the english words in the database - this is not true for other tables like the names of plugins or components.)
You could get the group id via JFactory::getACL(), and then $acl->getGroupsByUser($userid, false) (see docs), but assuming that a greater id means greater privileges as well, seems a bit hacky, too (though true for a standard installation).
Other than that, you could take over a Joomla! capability: define more explicitly, what a "admin user" is: someone who can install new software? who can change the system's configuration? Just make a reasonable assumption, something related to what you want him to do as a admin user, use it in a authorize()-Call (see docs), and maybe document it in your interface.
The only clean solution (that I know of) would be to define new entries for the ACL-authorize-lookuptable (currently implemented in php only, not SQL). This is the only way to ensure that it will be Joomla! 1.6-proof, where custom user groups will be possible (and so the admin user can choose to give this authorization to a user group or not). For example:
$acl =& JFactory::getACL();
$acl->addACL('{com_nameOfExtension}', '{action}', 'users', 'super administrator');
$acl->addACL('{com_nameOfExtension}', '{action}', 'users', 'administrator');
And there we have them again, hard-coded groupnames. Well.
Peter,
I concur on the joomla sentiments, we use .net/php here as well and have a few projects that were started on joomla for some unknown reason !!
amnyway, another finer grained approach may be to examine the actual rights that the user has, rather than them being suoper admin etc. you can get to this info along the following lines:
$user =& JFactory::getUser();
if ($user->authorize('com_content', 'edit', 'content', 'all')) {
echo "<p>You may edit all content.</p>";
} else {
echo "<p>You may not edit all content.</p>";
}
if ($user->authorize('com_content', 'publish', 'content', 'own')) {
echo "<p>You may publish your own content.</p>";
} else {
echo "<p>You may not publish your own content.</p>";
}
i know it's still hardcoded but at least it's user specific, rather than priviledge specific. this approach does however allow you to target specific 'component' related priviledges, so might be useful for you.
I'll track the replies to see if there's a 'proper' answer as it definately is an omission.
jim
The following could be a hack on Joomla. I tried it and got worked.
Take the case of sessions
$_SESSION[__default][user]->usertype;
This will give the type of user logged in you can use this in any conditional statements
You can check 'assigned user groups' of the logged in user using getUser() function.
$user =& JFactory::getUser();
$assigned_usergroups = $user->groups; // Array of assigned User Group
if (in_array(8, $assigned_usergroups)) {
echo "Super Admin";
}
else if (in_array(7, $assigned_usergroups)) {
echo "Admin";
}
else {
echo "Other"; //Any of Guest/Public/Others
}
You can see the following snapshot of the Joomla's predefined IDs for each User Group in the Database:
Snapshot here
If ur joomla administrator username is admin then u can use below code aspeter described before
$user =& JFactory::getUser();
if($user->usertype == "Super Administrator" && $user->username == "admin")
{
//... do what ever
}

Resources