I saw it in a friend's project, for example, the controller that guests can access has defined a route and it can only be accessed by route.
For example, when I said default_controller/index it wouldn't open.
Do you have a resource that you know how to do this?
He even made the route changeable from the database.
For example, you made the constant "home-page" variable "new-home-page".
Even when you call home-page, it was not reachable. it sounded very professional to me
/** About Us Page Uploads */
public function about_us()
{
$data["site_settings"] = $this->site_settings_model->getSite_settings('1');
$data['title'] = "xxxx";
$data['description'] = "xxxx";
$data['keywords'] = "xxxx";
$data['author'] = "xxxx";
$this->load->view('partials/header', $data);
$this->load->view('fixed_pages/about_us', $data);
$this->load->view('partials/footer', $data);
}
My route is registered as about us but,
Turns out I had both xxxx.com/about-us and xxxx.com/default_controller/about_us open in the browser as well.
Related
I am creating API with Laravel 5.2 and Dingo API package. When a user is created, I want to return 201 response with the new $user->id.
My Code
return $this->response->created();
As per Dingo documentatio, I can provide a location and $content as parameters in the created() function.
My question is, what location information I need to return here and I tried to set my new user as $content, but it's not working or I am not sure what to expect.
Can someone please explain this created() function?
What this does is set the Location header, as seen in the source:
/**
* Respond with a created response and associate a location if provided.
*
* #param null|string $location
*
* #return \Dingo\Api\Http\Response
*/
public function created($location = null, $content = null)
{
$response = new Response($content);
$response->setStatusCode(201);
if (! is_null($location)) {
$response->header('Location', $location);
}
return $response;
}
So, in your example since you're creating a new user, you might send the users profile page as the location, something like:
return $this->response->created('/users/123');
As for the content, as you can see in the function this sets the content on the return. In your case, it would probably be a json string with the new user information, something like:
return $this->response->created('/users/123', $user); // laravel should automatically json_encode the user object
I am trying to build a server-to-server auth flow using the Facebook PHP SDK and no Javascript, as outlined here. So far, I have successfully created a LoginUrl that lets the User sign in with Facebook, then redirect back to my App and check the state parameter for CSFR protection.
My Problem is, that I can't seem to get the API-call working that should swap my Auth Code for an access token. I pillaged every similar problem anyone else that Google was able to find had encountered for possible solutions.
Yet the end result was always the same: no access token, no error message that I could evaluate.
Researching the topic yielded the following advice, which I tested:
The URL specified in the App Settings must be a parent folder of $appUrl.
use curl to make the request instead of the SDK function api()
I've been at this for 2 days straight now and really could use some help.
<?php
require '../inc/php-sdk/src/facebook.php';
// Setting some config vars
$appId = 'MY_APP_ID';
$secret = 'MY_APP_SECRET';
$appUrl = 'https://MY_DOMAIN/appFolder';
$fbconfig = array('appId'=>$appId, 'secret'=>$secret);
$facebook = new Facebook($fbconfig);
// Log User in with Facebook and come back with Auth Code if not yet done
if(!(isset($_SESSION['login']))){
$_SESSION['login']=1;
header('Location: '.$facebook->getLoginUrl());
}
// process Callback from Facebook User Login
if($_SESSION['login']===1) {
/* CSFR Protection: getLoginUrl() generates a state string and stores it
in "$_SESSION['fb_'.$fbconfig['appId'].'_state']". This checks if it matches the state
obtained via $_GET['state']*/
if (isset($_SESSION['fb_'.$fbconfig['appId'].'_state'])&&isset($_GET['state'])){
// Good Case
if ($_SESSION['fb_'.$fbconfig['appId'].'_state']===$_GET['state']) {
$_SESSION['login']=2;
}
else {
unset($_SESSION['login']);
echo 'You may be a victim of CSFR Attacks. Try logging in again.';
}
}
}
// State check O.K., swap Code for Token now
if($_SESSION['login']===2) {
$path = '/oauth/access_token';
$api_params = array (
'client_id'=>$appId,
'redirect_uri'=>$appUrl,
'client_secret'=>$secret,
'code'=>$_GET['code']
);
$access_token = $facebook->api($path, 'GET', $api_params);
var_dump($access_token);
}
The easiest way I found to do this is to extend the Facebook class and expose the protected getAccessTokenFromCode() method:
<?php
class MyFacebook extends Facebook {
/** If you simply want to get the token, use this method */
public function getAccessTokenFromCode($code, $redirectUri = null)
{
return parent::getAccessTokenFromCode($code, $redirectUri);
}
/** If you would like to get and set (and extend), use this method instead */
public function setAccessTokenFromCode($code)
{
$token = parent::getAccessTokenFromCode($code);
if (empty($token)) {
return false;
}
$this->setAccessToken($token);
if (!$this->setExtendedAccessToken()) {
return false;
}
return $this->getAccessToken();
}
}
I also included a variation on the convenience method I use to set the access token, since I don't actually need a public "get" method in my own code.
there is a custom login form that should give users access to certain contents on the same page. That works so far with Users stored as Members in the SS database and I was checking after Login if the user has permissions like this in the Page Class:
function isAllowed() {
if (Member::currentUser()) {
$PresseGroup = DataObject::get_one('Group', "Code = 'presse'");
$AdminGroup = DataObject::get_one('Group', "Code = 'administrators'");
if (Member::currentUser()->inGroup($PresseGroup->ID) || Member::currentUser()->inGroup($AdminGroup->ID)) {
return true;
}
}
}
in the Template I just did this:
<% if isAllowed %>
SecretContent
<% end_if %>
OK so far, but now the users will not be stored in the silverstripe database - they are stored on a another server.
On that external server is running a little php script accepting the username and password. The script just returns user has permission: true or false.
I´m calling that script via cURL.
I planned to overwrite the dologin Function of MemberLoginForm. Now I just wonder how to check after Login that the User got the permission and display the contents... I tried to set a variable in the controller of the Page or should I set a session Variable? Thats my attempt (CustomLoginForm extends MemberLoginForm):
public function dologin($data) {
if(userHasPermission("user1", "pw")==true){
$this->controller->Test("test");
}
$link = $this->controller->Link();
$this->performLogin($data);
$this->controller->redirect($link);
}
I hope someone can help me with that - I know very specific - problem.
Many thanx,
Florian
In SilverStripe you can create a custom authenticator, which means users can log in on your website with accounts that are stored somewhere else, or even just a hard coded user and password.
You can check out the OpenID Authentication Module for example code on how to do it
But for your task this might even be to complex of a solution, how about after login just do something like Session::set('isAllowed', true); and to check if the user is allowed to view:
function isAllowed() {
if (Member::currentUser()) {
$PresseGroup = DataObject::get_one('Group', "Code = 'presse'");
$AdminGroup = DataObject::get_one('Group', "Code = 'administrators'");
if (Member::currentUser()->inGroup($PresseGroup->ID) || Member::currentUser()->inGroup($AdminGroup->ID)) {
return true;
}
}
// if Member::currentUser() is not allowed to view,
// return the session, which is either set to true or it returns null if not set
return Session::get('isAllowed');
}
In my model, "Users", I have the following authorization after validating the username/password
$db = Zend_Db_Table::getDefaultAdapter();
$authAdapter = new Zend_Auth_Adapter_DbTable($db,'users','username','password');
$authAdapter->setIdentity($username);
$authAdapter->setCredential(md5($password));
$auth_result = $authAdapter->authenticate();
if( $auth_result->isValid() )
{
$auth = Zend_Auth::getInstance();
$storage = $auth->getStorage();
$storage->write($authAdapter->getResultRowObject(array('id','username')));
return 'logged_in';
}
return 'auth_failed';
it keeps returning 'auth_failed'. I had the code running on a localhost, and everything works fine, but when I upload it online, it fails to authorize the user. What is going on?
Thanks
I can't tell what's wrong without checkin the logs, so perhaps you might want to use the method I use for storing auth data. Basically you validate manually and set the storageThis doesn't solve the problem, but its impossible to do so without accessing your code.
function login($userNameSupplied,$passwordSupplied){
$table= new Application_Model_Dbtable_Users();//Or Whatever Table you're using
$row=$table->fetchRow($table->select()->where('username=?',$userNameSupplied)->where('password=?',md5($passwordSupplied));
if($row){
Zend_Auth::getInstance()->getStorage()->write($row->toArray());
return 'logged_in';
}
else{return 'failed';}
}
//To check if the user is logged in, use
$userInfo=Zend_Auth::getInstance()->getStorage()->read();
if($userInfo)//user is logged in
I have search and search but no answer I am using Zend Framework to create a user and on success store the record in zend auth so they are automatically logged in.
I have the create user working perfect but after the success I need to start the _getAuthAdpater() and sign the user in.
I have implemented the below code but it will not store the users data in the session. Here is my function.
public function registerAction()
$proUser = new Application_Model_DbTable_ProUser;
$userId = $proUser->addProUser($data['email'], $data['name'], $data['password']);if($userId){
// add new row into proBasic
$proBasic = new Application_Model_DbTable_proBasic;
$proBasic->addProBasic($userId);
// add new row into proService
$proService = new Application_Model_DbTable_proService;
$proService->addProService($userId);
// Create auth session for proUser
$adapter = $this->_getAuthAdapter();
$adapter->setIdentity($data['email']);
$adapter->setCredential($data['password']);
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($adapter);
if ($result->isValid()) {
$user = $adapter->getResultRowObject(array(
'proId',
'proName',
'proEmail',
));
$auth->getStorage()->write($user);
return true;
}
return $this->_redirect('/auth/probasic/');
}
Here is the _getAuthAdapter() function:
private function _getAuthAdapter()
{
$authAdapter = new Zend_Auth_Adapter_DbTable(Zend_Db_Table::getDefaultAdapter());
$authAdapter->setTableName('proUser')
->setIdentityColumn('proEmail')
->setCredentialColumn('proPassword');
return $authAdapter;
}
I am getting no errors for this code but it isnt store the users details in the Auth. I have found 100's of example of how to create a login/sign up system in Zend and none of them automatically login the user, so I am wondering if I am trying to do something different.
Cheers
J.
You don't really need to authenticate them if you're creating the session immediately after registration. What happens if you replace all your code after $proService->addProService($userId) with just this:
$auth = Zend_Auth::getInstance();
$auth->getStorage()->write($data['email']);