i am newbie here in codeigniter. i was asked to build a-dooid-like-site or a-aboutme-like-site for my local college so they can make their own identity card. i plan building this website using codeigniter since i heard codeigniter is the most easy to understand and i dont have more than 2 weeks to complete the task.
my questions is :
if the dooid build up with codeigniter, how could i make a function
that allows people choosing their direct url. i mean, if i have a
class "User" and there is a "show" method that need
"username" as a parameter. the URL should seems like this one:
www.Mysite.com/User/show/<username>
how could they make a their own url like this one:
www.Mysite.com/<username>
i plan to restrict some "method" guest and it will
be enabled when user login into site. i mean if i have a class
"user" there is a "edit_profiles" method. guest can see the
"show" method but logged in users will be able to
"edit_profiles" after login. on the same class.
can you tell me how the codeigniter session library class concept? i confused with native session php. is there anybody that can show me some links contains session class tutorial that stores session into databases?
Yes this is possible, look into the documentation for custom routes:
http://codeigniter.com/user_guide/general/routing.html
For access control it is simplest to use a prebuilt login library
such as ionauth or tankauth both or which provide the
features you'll require.
The sessions used by CI do not use PHP native sessions. The best guide is in the dosumentation: http://codeigniter.com/user_guide/libraries/sessions.html Where the data is stored is determined by the sessions in the config file and is described in the documentation.
Related
I'm trying to build a website for myself. It has front and back end.
In the back end I have TinyMCE and I installed the standalone roxyfileman file manger and have it working perfect with my codeigniter site, but there's a catch.
I have my back end password protected via codeigniter sessions using a database
(I don't use password protected directories). I see that roxyfileman is accessible directly via browser if a user knows here to look, and a hacker could delete all pictures via file manager.
Example:
sitename/js/fileman/index.html
How can I secure the filemanager with codeigniter or any other way that will forbid direct access to the page?
In my case sessions are saved in database.
I gess I must figure out a way to connect the standalone filemanager to codeigniter and database and validate if a valid user is executing the filemanager.
Please advise on how to achieve this.
Solution for me:
Eventually I managed to find a great contribution from a developer.
Thanks to him I sorted my issue out.
Solution found here:
https://github.com/codinghamster/coreigniter
So, I have two different applications in my CodeIgniter installation. One is admin, the other is frontend. I basically just copied the index file, renamed it "admin.php", and changed the application directory to "application/admin". I then changed the application directory in index.php to "application/frontend".
What I would like to do is create a link on the frontend application that takes you to the admin application. The variable config['index_page'] in the frontend application is set to "index.php" and in the admin application it's set to "admin.php".
Is there a way to set the url helper to use "admin.php" instead of "index.php"?
You don't need to do that way.
you should make or use an authentication library and you set different roles for different
users.
you just after login can put the redirection to your admin controller.
and for other users and viewers you can redirect them to any other controllers.
for viewers you can just use something like this:
Code:
if(!$this->m_auth->is_logged_in())
{
$this->viewers();
}
else
{
$this->users();
}
In your users function you just check different roles and redirect according.
I think you are missing some codeigniter concept, and you are trying to do it the normal way, i suggest you to read this article , you will how you can use MY_Controller as same concept of front controller and how you will be able to give every use specific roles
another way is to use a ready made authentication library as #medhi said
I would recommend Tank Authentication or Ion Auth
I
I am new to cakephp development. I have create user controller to register, login & update own profile in the user table. I can access the user controller with http://local-host/my_project/user/login.
I have also a admin table in database so that admin can login and manage user in my project. I want to create a folder separate folder (ex: admin) in the controller directory so that i can access the controller files using http://local-host/my_project/admin/controller/login & http://local-host/my_project/admin/controller/manage.
You should have a look at 'prefix routing' in the manual, it seems that this is what you're looking for:
http://book.cakephp.org/2.0/en/development/routing.html#prefix-routing
With prefix routing, you'll be able to add, for example, an action admin_overview() to your User controller which is then accessible via the URL /admin/users/overview. The 'admin' prefixed action will not overlap with non-admin actions (e.g. 'overview()'), which will be accessible via the 'regular' URL; /users/overview/
Of course, you can create separate admin controller(s) for this purpose, but you may need to create custom routes. For more advanced options regarding routing, it's worth your time to read the whole chapter (or, even better) read the whole cake cookbook, it's also available as eBook for offline reading;
http://book.cakephp.org/2.0/en/index.html
Another solution is to develop the 'admin' part of your application as a plugin. This will keep your frontend and backend controllers/models/views separated. As a bonus, the backend may can be re-used for other projects as well (depending on its design of course)
http://book.cakephp.org/2.0/en/plugins.html#creating-your-own-plugins
Im evaluating orchard cms for my employer and just wanted to ask a question about login and membership.
Our users and their roles are in another database which are exposed via an API and i would need to just get pointed in the right direction if it is possible to solve this in orchard.
The users must be able to login on the orchard site and it will display different content depending on their role. The admins and editors will use the built in user db.
What would be the correct way to solve this? Some kind of module or custom membership provider?
Also, is it possible to set visibility rules in orchard admin for content based on the roles from the other external DB?
Please do ask if you find something in my question confusing.
There were not that many modules in the orchard gallery but have been playing around with a few so i am now answering my question and hope it helps others looking to build their own custom login.
The one which helped me most was the windows authentication module which was really easy to rewrite to work against an external service.
edit: typo
I want to grab the User Object in Joomla in another PHP script.
Anway, what I want to do is grab the Joomla User (JUser) on a non-Joomla page. More or less I want a way to grab the joomla username, email and name etc and throw it to a php script for use in another custom application.
What is the best way to do this? Make a specialized joomla page by importing the framework, grabbing the necessary info from the user, setting those as session variables and then redirecting to the PHP page I want to use that information in?
Or do I just make some sort of link on a Joomla page with querystring variables corresponding to the current User and when they click the link I grab the info from the Querystring?
I'm looking for a best case scenario of how to get the User info to a custom application.
Any insight would be appreciated.
Best way would be to create a User plugin that logs into your script when someone logs into Joomla: Joomla unified logins for forum and a custom made php sub-site
depends on what you want the data for.
the juser data is serialised and stored in the session, so you could reverse engineer that and pull out the juser data... That would be messy.
alternatively you could make a plugin that stores the juser data in a session variable of your own making. the session variable will be available to other php scripts.. asuming they use the same session methods. (joomla has its own)
you could make a plugin that stores the data in a database that is assessible to the other script, or a flat file etc. in essence a similar process to using a session
You could also load up enough of joomla to use the joomla functions that you need to retrieve the juser values.. (messy)