I'm trying to build a rather simple site, and my biggest hurdle is getting facebook login working.
I'm trying to use the authclient extension to log in with facebook. I've set everything up according to docs.. but I don't know how to initiate the process of logging in.
I've built a fb connect based on the sdk before and I'd really rather not...
Now my next question, how do I access template functions in twig and plugins through a twig template?
Such as this:
<?= yii\authclient\widgets\AuthChoice::widget([
'baseAuthUrl' => ['site/auth']
]); ?>
I've used cakephp before on a pretty big project, but I'm completely new to yii.
The twig integration isn't really the smoothest yet. You can register a namespace, and then there should be a *_begin and *_end function for twig, i.e.
{{ use('philippfrenzel/yii2masonry/Yii2masonry') }}
{{ yii2masonry_begin({
'clientOptions': {
'columnWidth' : 50,
'itemSelector' : '.item',
}
}) }}
Important is to note the json style of options, and the capitalization of the namespace and twig function.
Hope that helps :)
Related
I am not 100% sure if this is as big an issue has I seem to think it is right now but I think I may of found an issue or at else an hole within the Inspect Element viewer within Chrome.
I was using (I have now changed my settings) hidden ID's to set a number of defaults, one was users levels, another was to make the user active by default.
However when I view these ID's within the inspect Element view and then changed the values, submitting the form would submit the NEW value to the server and not the value I had given it.
For Example:
I had something like the following within my code,
<input type="hidden" name="data[user][level][id]" value="1" id="MyID">
I then changed it within the Inspect view to,
<input type="hidden" name="data[user][level][id]" value="2" id="MyID">
Then I submitted the form and was surprised that the NEW value was submitted, I was always under the inpresion that hidden ID's where not changeable and the browser should only submit the default values held within.
I have now changed this to letting the database default to a basic user and then I can change the users setting has I want to. But in some cases this may not be an option, so I was hoping for an answer or some feedback about how to make this more safe.
Am I just a bit slow, are there better methods (different ones) to passing 'hidden' data from forms to the server?
I was thinking about maybe using JQuery to add the needed hidden fields to the forms once the user had selected / submitted the form, but i am not sure if this is 100% safe or even if its a good idea.
Any ideas / feedback are very welcome.....
Many Thanks,
Glenn.
I had the same problem passing the database data into a modal,the solution i know is to use jquery ajax to get the informations from the database requesting a file,adding them into variables and compare the variables
$.ajax({
url: "test.html",
context: document.body
}).done(function() {
$(this).addClass("done");
});
I used this code sample to do it.
Of course there are a few modifications to be done depending on your script
I found a better way of doing this, at lest in CakePHP. The CakePHP framework has inbuilt security calls. These in-built functions when added give you all sorts of stuff but the main reason I used them was to stop this sort of form tampering.
I am not 100% sure how it does this, but it adds a token to all forms and it checks to see if the form being submitted is right? Again not sure how the token works.
But here is the code I used ::
public function beforeFilter() {
$this->Auth->allow('index', 'SystemAccess');
$this->Security->blackHoleCallback = 'blackhole';
}
public function blackhole($type) {
$this->Auth->logout();
$this->Session->setFlash('Sorry a security issue has been detected, please try again or contact us for support.', 'default', array(), 'bad');
$this->redirect($this->Auth->redirect('/'));
}
Now I will add that the call the Auth logout I added to this for extra added security, as the user maybe have logged in on a system and it just not be them that is trying to do things that they should not.
Hope that helps others out!
But this is only a fix for when CakePHP is in use. I would take it that other frameworks would have their options but if your only using basic HTML? or a CMS like Drupal again there might be in built security.
Many Thanks
Glenn.
The only safe and best solution that I found for this issue is to check on the server side whether the user_id sent with the form is the same user_id logged in with or not.
Although using jquery is good idea, but, did not work with my case as am using data: $(this).serialize(),
However here's my code on the server side (Note, am using Laravel 5.4, but am sure it won't matter with your case)
if ($request->user_id != Auth::user()->id)
return json_encode("F**K YOU ! Don't Play Smart -_- !");
else
raw_material_category::create($request->all());
Hope this helped ;)
I'm trying to develop a site using Zend Framework, but i have a problem:
I have the default controller which shows me a page with a link. That link uses another controller and redirects me to a start page from that controller (i have implemented startAction() in my custom controller, and the start.phtml page in the modules/default/view/scripts/disc directory).The start view contains a table which is populated from a database, and three link: Add, Edit and Delete. For the Add link i use in start.phtml the following code:
<p>Add</p>
And for the other two link something like that except the action name. First time when i use one of the links, everything works fine, but when it returns me to the start page all the links don't work anymore. They just keep me in the start page. In my addAction() i do the things i need, and at the end i use the following code to return to start page :
$this->_helper->redirector ( 'start' );
and when the start page is loaded again the 'Add' link points to the start page and not anymore to the Add page. The same thing happens with the other two links.
Can anyone help me, please ?
you are attempting to use the short hand version of the action helper Redirector()
$this->_helper->redirector ( 'start' );
To avoid confusion with the utility method version (and because I don't know what the exact defaults are) I always use the proper form.
//the redirector helper has to many options to comfortably short hand.
//gotoSimple(), gotoUrl() and gotoRoute() are all easy to use.
$this->_helper->getHelper('Redirector')->gotoSimple('action' => 'start', 'controller' => 'index')
to use the utility method _redirect(), try something like this (it acepts a url):
$this->_redirect('/index/start');
I think that start must be its own route. As a result, you need to specify the default route when using the url view helper:
In start.phtml, try this:
<p><a href="<?php echo $this->url(
array ('controller' => 'disc','action' => 'add'), 'default');
?>">Add</a></p>
I have implemented Zend_Lucene in my first Zend Framework Project, but since I have implemented Routes the Search Results does not seem to work anymore.
In my Search Result view, I have changed the URL to the Postdetails to use the Route:
<a href="<?php echo $this->url(array('post' => $value['post_id'], 'postname' => $value['post_title']), 'postdetails', true); ?>">
Unfortunately it does not seem to work, instead it shows me
<a href="/%3C%21DOCTYPE+html+PUBLIC+.......
I normally also use
$this->escape($value['post_title'])
but again, it shows something with DOCTYPE. I don't understand enough about ZF to know what goes wrong. Can someone give me a hint? Thank you very much in advance!
Have you tried using your named route without setting the reset option to true? I think you might be contradicting your self. You are telling the url helper to use a named route at the same time telling it to use the default routes. if you haven't already try:
<a href="<?php echo $this->url(array('post' => $value['post_id'], 'postname' => $value['post_title']), 'postdetails'); ?>">
you also may need to set default values for post and postname in your route(if you haven't already)
i'm using form filtering to filter data in the frontend.
The problem is that the URL is ugly
http://............./players/game/?st_player_cv_filters[location_id]=1&st_player_cv_filters[plateforme_id]=3&st_player_cv_filters[level_id]=3&st_player_cv_filters[_csrf_token]=023c5c9fb5fc7e7b6ed60d6839c36f67
(form rendered with :
<?php echo $form->renderFormTag(url_for("game_player", $game), array('method' => 'get')); ?>
<table><tr><th><label for="location_id"><?php echo __('Country'); ?></label></th><td><?php echo $form['location_id']; ?></td></tr>
How to render this url in a better way please ?
Thanks
Using the framework/API itself is a good idea if it supports your needs. By the sound of your question, you can likely use the Symfony routing API to faciliate a solution...
For example, this book chapter covers it:
How to configure the routing rules to
change the appearance of URLs
Futhermore it speaks about long querystrings that you mentioned:
For instance, a traditional URL
contains the file path to a script and
some parameters necessary to complete
the request, as in this example:
http://www.example.com/web/controller/article.php?id=123456&format_code=6532
and speaks about the associated problems:
The unintelligibility of URLs makes
them disturbing wherever they appear,
and they dilute the impact of the
surrounding content
The chapter provides HOW IT WORKS: examples of how to change your URLs using configuration and programming.
You should be able to maintain bookmarkability through easier to read/less complex/more secure URLs.
sometimes when I run into this problem I run a redirect from the receiving page for the form to itself using symfony's redirect method.
$this->redirect('.../formAction?'.http_build_query($get_vars));
OR
use the url_for() method and such as:
<form action="<?php echo url_for('.../formAction?'.http_build_query($get_vars)); ?>">
...
</form>
If you have the option, you could use POST rather than GET. That would clean up the url significantly.
I have a project in which I want to be able to call wp_list_pages() on a page that also uses the Zend Framework to power some complex interfaces manages custom data outside of wordpress.
This page should also redirect the user to the wordpress login screen if they're not already logged in with the appropriate level of authorization.
How would this work at a high level, i.e. do I need to edit the wordpress bootstrap file to conditionally implement the custom interface based on a specific URL or something, but still include certain files to be able to call wp_list_pages() on that custom interface?
I've developed a couple of WordPress plugins, and I've found it's really easy to extend. Haven't worked with Zend though.
You should check the WordPress plugin api. Mostly the part about actions, filters and hooks: http://codex.wordpress.org/Plugin_API
You can even override some functions (not sure if wp_list_pages() is overridable).
It's pretty well documented, and there's a large developer community behind it on IRC, forums, etc.
Thanks Fernando.
I just read this thread which suggests that you can use Zend in any script by just including:
require_once('Zend/Loader.php');
Zend_Loader::registerAutoload();
So given that all I need to use Zend for is on one page, can I just include that code in a custom template file that I assign to the appropriate page in the navigation? If I used javascript to submit the form via XHR, the requested URL would take the form '/controller/action' - but Zend wouldn't know the controller directory.
Could I put Zend code into the wordpress bootstrap, i.e. the above code plus the frontController configuration, and then use Zend wherever however?
So I've created a page in Wordpress and a custom template for that page, in which I've placed the following Zend Framework code:
require_once('Zend/Loader.php');
Zend_Loader::registerAutoload();
$db = Zend_Db::factory('Pdo_Mysql', array(
'host' => 'localhost',
'username' => 'username',
'password' => 'password',
'dbname' => 'dbname'
));
Zend_Db_Table::setDefaultAdapter($db);
class Users extends Zend_Db_Table_Abstract {
protected $_name = 'wp_users';
}
$users = new Users();
$users = $users->fetchAll()->toArray();
print_r($users[0]['user_login']);
This all works fine, so it's clearly possible to use Zend in conjuction with Wordpress at least to some extent.
It's becoming apparant that the problem is about who controls the URL rewriting, or the routing, or the bootstrapping (not sure of the correct terminology). If I were to put the end of the above code, starting $users = new Users();, into a controller as follows:
class UsersController extends Zend_Controller_Action {
function getUserAction() {
$this->_helper->viewRenderer->setNoRender();
$users = new Users();
$users = $users->fetchAll()->toArray();
echo $users[0]['user_login'];
}
}
How would I then call that function? My intention would be to call it from javascript via an XHR request in response to an event on the page, but requesting the URL 'index.php/Users/getUser/' returns 'No input file selected'. Trying to access the URL http://www.domain.com/Users/getUser/ produces a Wordpress 404 page.
Is there a way around this? It doesn't just apply to wordpress, of course - I expect it applies to any existing application that rewrites/routes requests via a bootstrap.
I guess you could do that, just import the framework into the one page you need it for. I don't know how Zend works, but check the paths as to where to put your directories so that Zend finds them.As I said I guess you could do that, just experiment and tell us how it went!
Beware of name conflicts for functions and/or variables, this shouldn't be much of a problem coming from such popular products as WordPress and Zend though... (which should be theoretically well coded)
I guess you could do that, just import the framework into the one page you need it for. I don't know how Zend works, but check the paths as to where to put your directories so that Zend finds them.As I said I guess you could do that, just experiment and tell us how it went!
Beware of name conflicts for functions and/or variables, this shouldn't be much of a problem coming from such popular products as WordPress and Zend though... (which should be theoretically well coded)
I've built a plugin for wordpress that has a similar goal to yours, more modeled on CodeIgniter though. Not knowing Zend terribly well, I think this should help:
Make a file named routes.php in your plugins directory with the following code:
add_action( 'init', 'add_custom_urls' );
function add_custom_urls(){
global $wp, $wp_rewrite;
$wp_rewrite->add_rule( '(.*)$', 'index.php?&cPath=$matches[1]', 'top' );
$wp->add_query_var( 'cPath' );
}
Be sure to activate both plugins in your admin. These two files will allow you to catch the url before Wordpress tries to figure out what to do with it. You can use regular expressions to have finer control over which pages to catch. You may have to delete the record in your _options db table where option_name = 'rewrite_rules' before this works.
Next, make another plugin with the following code:
add_action( 'template_redirect', 'bootstrap' );
function bootstrap(){
global $cPath;
echo( "cPath : $cPath" );
if( $cPath ){
dosomethingwith( $cPath );
}
}
Put all your code in the dosomethingwith() function. You'll need to figure out if the url requested can me mapped to a zend controller, etc. http://www.domain.com/Users/getUser/ would give you $cPath = Users/getUser/ If successful, you'll also probably want to die(), so once it is completed Wordpress won't try and take over again.