I have a CakePHP website with its own login system using the Auth component. I would like to know if the following is possible:
A user has logged in and is navigating the website. At one point, he can click a link that opens an external php file. With external I mean that it could be in another folder of the same server, but outside the CakePHP app folders.
The "tricky" thing (for me) is to only show the contents of that php file if the user is logged in (to prevent someone without an account accessing those contents). I can't use Auth there because I'm "outside" Cake... I don't know if maybe using $_SESSION, but I don't know how...
Is this even possible? And yes, the php has to be outside the CakePHP app folder system.
Any ideas?
I'll add you also need to set session name to "CAKEPHP" using
session_name('CAKEPHP')
just before your external app session_start() otherwise you could not apply Kashif Khan suggested solution :)
Cheers,
Yes you can access the cakephp SESSION outside cakephp folder. try this session variable
$_SESSION['Auth']
if it exists then check for user here
$_SESSION['Auth']['User']
This is not working in Cakephp3. After calling
session_name("CAKEPHP");
session_start();
Application session is expiring.
Related
I have a Moodle site, in one of the Moodle pages I have an iFrame which contains a Drupal application. I want the Drupal application to see whether the user is logged in on Moodle, and if so show extra content.
However, I cannot access the session data from Moodle (especially information on the User) to in Drupal.
I tried two things:
If the iframe was a normal PHP page, I'd pass session_start(); on the top of the page in order for the session to persists, but I have no idea HOW to do that in Drupal.
And since they are on the same server, I tried accessing the config.php file in Moodle from a plain PHP file in the Drupal directory, and, as expect, I was able to get the variable. But as soon as I do this inside the Drupal application, a clash in function name between Moodle and Drupal threw an error.
The other option is to add a plugin in Moodle which sets a cookie on user login, a cookie that Drupal can get. But I'm really against this option since anyone can set a cookie and it persists. (There's no guarantee the user will click log-out)
I've never used/touched Moodle and Drupal until today. Can anyone help me figure out how to check whether a user is logged in on Moodle, from an iframe running a Drupal application?
A quick google gives the following moodle plugin that may be useful: https://moodle.org/mod/forum/discuss.php?d=208285
Looks like it allows single sign-on between the two, I've never used moodle before, but this may be a step in the right direction.
I'm new to Laravel and I am working on an application. I am using sentry to handle users and the login system. But even though my session expiration is set very high, I keep being logged out very frequently, at random times. Is that a laravel problem or maybe an incompatibility with Sentry 2? Any ideas?
You didn't mentioned, but I have to ask, do you have more than one laravel application running on the same server? I've noticed that laravel tends to put the cookie session on the root of the server and if you have two Laravel-based applications running on it with the same location / name (by default, it is called laravel_session), they will overwrite each other.
If that is the case, try going into AppName / app / application / config / session.php and either change the path or the cookie component of the driver. I had trouble changing the path of the session, but if you change the name to, let's say, appName_session instead of laravel_Session it should solve your problem.
Hopefully that is what you meant and that it helps. Good luck.
I'm trying to build a website for myself. It has front and back end.
In the back end I have TinyMCE and I installed the standalone roxyfileman file manger and have it working perfect with my codeigniter site, but there's a catch.
I have my back end password protected via codeigniter sessions using a database
(I don't use password protected directories). I see that roxyfileman is accessible directly via browser if a user knows here to look, and a hacker could delete all pictures via file manager.
Example:
sitename/js/fileman/index.html
How can I secure the filemanager with codeigniter or any other way that will forbid direct access to the page?
In my case sessions are saved in database.
I gess I must figure out a way to connect the standalone filemanager to codeigniter and database and validate if a valid user is executing the filemanager.
Please advise on how to achieve this.
Solution for me:
Eventually I managed to find a great contribution from a developer.
Thanks to him I sorted my issue out.
Solution found here:
https://github.com/codinghamster/coreigniter
So, I have two different applications in my CodeIgniter installation. One is admin, the other is frontend. I basically just copied the index file, renamed it "admin.php", and changed the application directory to "application/admin". I then changed the application directory in index.php to "application/frontend".
What I would like to do is create a link on the frontend application that takes you to the admin application. The variable config['index_page'] in the frontend application is set to "index.php" and in the admin application it's set to "admin.php".
Is there a way to set the url helper to use "admin.php" instead of "index.php"?
You don't need to do that way.
you should make or use an authentication library and you set different roles for different
users.
you just after login can put the redirection to your admin controller.
and for other users and viewers you can redirect them to any other controllers.
for viewers you can just use something like this:
Code:
if(!$this->m_auth->is_logged_in())
{
$this->viewers();
}
else
{
$this->users();
}
In your users function you just check different roles and redirect according.
I think you are missing some codeigniter concept, and you are trying to do it the normal way, i suggest you to read this article , you will how you can use MY_Controller as same concept of front controller and how you will be able to give every use specific roles
another way is to use a ready made authentication library as #medhi said
I would recommend Tank Authentication or Ion Auth
I
Is it possible to get session outside codeigniter application folder?
It is possible, but not without some work. You can see the details of someone else's problem and their solution in the CodeIgniter forum.
Basically you need take the cookie that CodeIgniter uses to handle it's sessions and unserialize it:
$sess = unserialize($_COOKIE['ci_session']);
You may need to also change settings in your application so that cookies are set for the entire domain, not just for the folder that CodeIgniter sits in.
Its a trick but do work. Place this little naughty code just before login redirect. And now you can use ci_session with php native session too ,have fun !
<?php
session_start();
echo $_SESSION['ci_session'] = $this->session->userdata['ci_session'];
?>