I'm building up a custom component, which should only be accessible to logged in users. I'm thinking about checking JFactory::getUser()->guest and if is set, redirect them to a custom page.
Now i prefer this page to contain both register and login options, but joomla itself does not seem to have this feature. Do i have to make this functionality to my custom component, or there is an another solution?
You should really use the built in ACL to control user access instead of trying to code it in yourself. That's kind of the whole point of having the ACL to begin with. Here's the tutorial for how the ACL works in the admin and front end of a site -
http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6
Here is the tutorial for adding ACL to a component -
http://docs.joomla.org/Developing_a_Model-View-Controller_(MVC)_Component_for_Joomla!1.7_-_Part_14
I think you will be much better served using the ACL system as it allows you a lot more flexibility - like adding additional user groups and permissions later without having to touch the code.
Once you have this set up, making a custom register or login page is as easy as a template override of the default com_user login view. You would need to combine these files -
For the login part of the page:
JOOMLA/components/com_users/views/login/tmpl/default.php
For the registration part of the page:
JOOMLA/components/com_users/views/registration/tmpl.default.php
Then put the new and improved file here:
JOOMLA/templates/YOUR TEMPLATE/html/com_users/login/default.php
That would give you ACL controlled access to your component as well as a custom login/registration page without having to muck around with any unnecessary extensions.
Joomla!'s default login module/page only provide a link to a registration page.
A quick search of the JED shows about 200 login extensions, it's possible one of them does what you want.
However, if you want it integrated with the access to your component you will have to code it yourself. The normal process is that if a user tries to access an asset view the view.html.php (or similar) will check their permissions and depending on the component post an JError message and possibly redirect them to the system login.
eg. com_content
// Check the view access to the article (the model has already computed the values).
if ($item->params->get('access-view') != true && (($item->params->get('show_noauth') != true && $user->get('guest') ))) {
JError::raiseWarning(403, JText::_('JERROR_ALERTNOAUTHOR'));
return;
}
Related
I rewrote Joomla authorization using a plugin with onUserAuthenticate method to use custom service. Now i need to add custom password restore like question/answer (they already exists in db). Is there any event to fire on password reset or may be some other thing which could replace default password restore via email ?
You haven't specified a Joomla version so I'll base my answer on the current 3.x series.
Joomla's authentication works via the plug-in's as you already know, but the front-end login is handled through a combination of the component com_users and module mod_login.
On the back-end there is also com_login, all of which work with the JAuthentication.
To work in conjunction with your restore you will need to create a component (e.g. com_myauthenticator) to present the front-end views. You may be able to do it in a module but apart from space considerations a Joomla component allows you to do much more without jumping through hoops.
The starting point tutorial for Joomla 3 components is here and you can find more in the Developers Portal.
So, I have two different applications in my CodeIgniter installation. One is admin, the other is frontend. I basically just copied the index file, renamed it "admin.php", and changed the application directory to "application/admin". I then changed the application directory in index.php to "application/frontend".
What I would like to do is create a link on the frontend application that takes you to the admin application. The variable config['index_page'] in the frontend application is set to "index.php" and in the admin application it's set to "admin.php".
Is there a way to set the url helper to use "admin.php" instead of "index.php"?
You don't need to do that way.
you should make or use an authentication library and you set different roles for different
users.
you just after login can put the redirection to your admin controller.
and for other users and viewers you can redirect them to any other controllers.
for viewers you can just use something like this:
Code:
if(!$this->m_auth->is_logged_in())
{
$this->viewers();
}
else
{
$this->users();
}
In your users function you just check different roles and redirect according.
I think you are missing some codeigniter concept, and you are trying to do it the normal way, i suggest you to read this article , you will how you can use MY_Controller as same concept of front controller and how you will be able to give every use specific roles
another way is to use a ready made authentication library as #medhi said
I would recommend Tank Authentication or Ion Auth
I
I am new to cakephp development. I have create user controller to register, login & update own profile in the user table. I can access the user controller with http://local-host/my_project/user/login.
I have also a admin table in database so that admin can login and manage user in my project. I want to create a folder separate folder (ex: admin) in the controller directory so that i can access the controller files using http://local-host/my_project/admin/controller/login & http://local-host/my_project/admin/controller/manage.
You should have a look at 'prefix routing' in the manual, it seems that this is what you're looking for:
http://book.cakephp.org/2.0/en/development/routing.html#prefix-routing
With prefix routing, you'll be able to add, for example, an action admin_overview() to your User controller which is then accessible via the URL /admin/users/overview. The 'admin' prefixed action will not overlap with non-admin actions (e.g. 'overview()'), which will be accessible via the 'regular' URL; /users/overview/
Of course, you can create separate admin controller(s) for this purpose, but you may need to create custom routes. For more advanced options regarding routing, it's worth your time to read the whole chapter (or, even better) read the whole cake cookbook, it's also available as eBook for offline reading;
http://book.cakephp.org/2.0/en/index.html
Another solution is to develop the 'admin' part of your application as a plugin. This will keep your frontend and backend controllers/models/views separated. As a bonus, the backend may can be re-used for other projects as well (depending on its design of course)
http://book.cakephp.org/2.0/en/plugins.html#creating-your-own-plugins
I'm building a component for the backend. I don't want the users who will access it to access ANYTHING else in the backend except for this component.
I tried following these two instructions:
http://www.aclmanager.net/blog/general/31-how-to-add-basic-acl-support-to-your-extension
http://docs.joomla.org/Developing_a_Model-View-Controller_%28MVC%29_Component_for_Joomla!1.6_-_Part_14#Describing_the_ACL
I made a new User Group with a parent of public and allow admin login (which would lock them out of everything) and then tried adding the ACL code from those links above with permissions to create and edit but I just get a blank screen (not even a logout link). The "Debug Permissions Report" showed the correct permissions but nothing's showing up.
Any ideas? My next step is to manually go through every component and not allow access to that new User Group but it seems like there's an easier way.
Thanks!
In Joomla! 2.5 we regularly create "Content" only backend users that have access only to the 'com_content' component.
Going back through our steps the only thing you haven't specified is adding the new user group to a View Access Level. If you're using the standard sample content installed when setting up a Joomla! website you can add your new user group to the "Special" view access (although any will do).
If a new group has 'admin login' privileges it can login but without a View Access level it can't see anything.. it's a subtle difference but it's the way Joomla! works.
When a user visits a page, does the system check if the user is loggedin on every page, with every link click or is this a one time thing? The issue I am having is: The user logsin which works fine. But if i enter the URL to my signup page the system directs me to the signup page and changes my header back to as if i am a non user. And this is happening randomly on many pages. Some places without signing in it is showing me the registered user's header. So i assume the session is not working but I am not sure how the system knows or checks this or if it is auto or do we need to write code for each page, each link on each page? Platform is codelignitor php.
Thanks.
I would think this depends on what language you are using for your pages. Some more details would be helpful here. The system may be using a cookie to check if you are still valid and this cookie is expiring.
I guess you are missing the session check codes. Please check the session set in every controller class so that if logged in session is not enable just redirect to general user page else to logged in user page.
Probably there are some controllers that are protected and some public. If you are using an Auth library probably there is a method like $this->auth->logged_in() or similar. Check it in the contrsuctor of each protected controller, or, better yet, make a protected_controller class that extends CI' base controller, that does the job. Then make protected controllers to use this as base.