As you can probably tell, I am new to Magento2 and I am trying to figure out some of the basics. I'm a full-stack developer that is use to developing (frontend and backend) myself then using docker and finally hosting it on an AWS:S3/EC2 or AWS: Elastic Beanstalk. With that said, Magento seems like a completely different beast to conquer.
I have a family member who is wanting me to do some basic frontend stuff for their website (such as changing Navbar design and a potential home page overhaul later on), naturally wanting to help them out I agreed to have a look and see what I can do. I have access to their Magento 2 dashboard area and have been looking around with no sure luck thus far. I have researched online that Magento 2 allows for a "Page Builder" or a "WYSIWYG" type functionality. But I am unable to use these types of tools because my family member had the website built by a Magento 2 developer firm awhile back and everything is coded manually and could cause problems if using one of the above mentioned tools. Due to this I am trying to get access to their site directory so that I can go in and make the necessary changes and upload the files. But I am really struggling on how to access the codebase.
I have read that an admin needs to send me the code??? Or grant me access to the code or something along those lines? I do have the host, port, root, username, password, etc. for the live server but still having trouble.
Any help would be greatly appreciated.
You need to use ssh to access the server
ssh user#host -p port
After you get into the server, you should set up a git repository in the project root and push the code from the server to the repository, then clone the repo to your local environment.
From there on, it's the normal development flow. You can use a clean database with sample data or you can dump the db from the live env and use it on your local env, but this will require some changes in the db after the import.
Detailing all the steps required to do this task would take forever and would cover a lot of different issues/steps.
"I have read that an admin needs to send me the code???"
Not sure what you mean by this, but a Magento admin is just a user on the backend side of the website. He does not have access to any code.
A git repository admin(probably previous dev) could grant you access to the code repository, but this doesn't seem like an option.
Related
We are a site design team.
There is a problem in our work, when we carry out the project and deliver the client, the other programmers who work for that client are changing their project codes, that's why we plan to implement a system that creates a log in WordPress. You can create a log on the change code.
For example, there's a plugin that logs out what a person does in the WordPress panel, but there's nothing to be done when WordPress Codes change.
Have a service or solution for this issue ???
I recently obtained a domain and website through bluehost. They have Wordpress installed and I am unable to figure out how to bypass it so I can code old school. I would really rather learn Wordpress but don't know where to start.
So two questions:
1.
what wordpress files are blocking me from the site recognizing the usual Default page's code? (I create test html in Default which is bypassed somehow and will only show Wordpress default page in progress; my code is not overwritten; just ignored?)
2.
I'd be happy to learn myself, but don't know a good resource. Went to Wordpress site and they have free webpage I can play with. Should I just get the free one in order to learn whats what...or is that going to be dumbed down and different than having it installed in webhost site?
I am a fairly advanced programmer and feel that I should be able to pick this up rather quickly if I can only get past this first hurdle.
Thank you for any information or suggestions.
What loads by default at a domain (ex: www.yoursite.com) is controlled by the web server which uses a configurable list of filenames like index.html, index.php, Default.aspx etc. You can learn more about how that works here.
Normally, your web host will allow you to have some control over that list, and the precedence one file takes over another when the web server refers to the list. Perhaps you have an administrative interface or dashboard control which allows you to configure this for your site. If not, you'll have to contact support at your web host to have changes made to that list.
1) Nothing is blocking you from seeing a page on your web server at a specific address, only from allowing one page or another to be what loads by default at the root web address, as explained above. If you have FTP access to your website directory, and can upload a file there, you can still browse directly to it, even though the WordPress installation's default page is showing up at your root web address. Just enter the specific file name in your browser, and you will browse to that page, ex: www.mysite.com/somepageicreated.html
2) Learning is always good either way, but you either want to learn to make WordPress sites or you want to learn to make your own websites. I'll assume WordPress for now, since you mentioned a preference for that platform. Just remember though: working with WordPress sites is not making your own website, it is changing a WordPress template to be as close as possible to what you want your website to be. This may or may not suit your requirements.
Playing with a free example from WordPress can be very useful for picking up the basics. Once you've played there for awhile and feel a bit more aware of how things work, take what you've learned and apply it to shaping your own site into what you'd like. Just remember to always create a backup of anything you mess with, so you can always return to an earlier state if you really mess things up good :)
Good luck!
I wrote an app for my customer in Symfony2 and we went public with that. However, I am learning right now that he had a separate Wordpress app within previous server to manage some separate product.
Now, he asks that we transfer that WP app on a new server. Being all security in mind, I cannot feel but nervous about potential impact here. I am to have the following URL setup:
www.myclientapp.com
www.myclientapp.com/some-wp
What are my options here? I can think of some, but any suggestion would be helpful.
Buy separate shared hosting and put WP there. Then do redirection from our website.
My VPS server runs with nginx and php-fpm. Can I utilize separate pools which would run under different user. I would need to review access privileges to Symfony's files.
In any case I would allocate separate mysql user and database. Those wold be enforced by strict privileges which prohibit access to my primary database.
Can you guys think of anything else?
My primary goal is: If WP is vulnerable, let it be. Under no circumstances I would allow it to compromise my Symfony2 app. I am primarily concerned about configuration files (app/config/*.yml) which contain sensitive data.
I will recommend that you use something like a sub-domain eg wp.symfony.com.
They may still be hosted on the same server, but using different virtual host directories.
With that, the apps will never see each other.
A way is running symfony under a different php-fpm user than the WP website and make sure the file/directory rights are set correctly. Then a WP exploit cannot write/read to the symfony files depending on the directory/file rights.
A better way is to use the php config open_basedir and isolate the two sites into their own "jails" this way PHP prevents including/reading files from other websites. See http://php.net/manual/en/ini.core.php#ini.open-basedir for more information.
For this to work the code should be separated into different directories, you can use nginx aliases or virtualhosts to point the domainname to the correct directory.
I'm developing a Wordpress plugin that requires API credentials for Facebook.
Ordinarily I'd advise the users of the plug-in to sign up for their own API keys and allow them to be entered as plug-in options, however this plug-in requires extended permissions. Which as I'm currently in the process of finding out are an absolute ball-ache to get, take up-to 7 businesses days to have reviewed and the reviewers don't actually read the requested instructions on how the application is being used.
Can I write a plugin that is basically a wrapper around my hosted version of the code, this way I can allow users of the plugin the benefits of the extended permissions without giving away my APP ID and APP SECRET
Thinking something like...
require_once("https://www.myplugin.com/FacebookPlugin.php");
Here's the obvious problem, this wouldn't work for hosted versions of Wordpress as they don't have access to plug-ins anyway and I believe it would require the owner to allow remote file inclusion, which is putting a lot of trust in me as the host of the remote file not to execute nasty scripts on their server.
So how do I offer the functionality of my plugin to other users?
I think this question is closely related to this question.
I do not think there's more you can do, except still having your separate server which can be triggered using HttpRequest::send from within the plugin, and ship encrypted Keys from there each time somebody is accessing your plugin.
Might be a performance-Killing approach, though, especially if your server is not that fast.
I am tasked with writing a relatively small and simple PHP web app which will use a small database. Authentication for this will be through randomly generated hex keys in the query string which are generated by an administration page and emailed to desired users.
This is all fine so far, but here's the catch:
For various political reasons, we are forced to make this app a Moodle module. I can use the Moodle database in MySQL, but I will be working with my own tables which do not interact with Moodle, and Moodle will not interact with my tables. I must also to use the Moodle database abstraction rather than direct PHP->MySQL access.
I do not want my users to know they are operating within Moodle. They shouldn't need to log in to Moodle to access my web app, and they probably won't have access to Moodle anyway. Those users who do have access to Moodle shouldn't see this web app in their list of Moodle functions.
I've thrown together a few small PHP pages, included some Moodle libs, and placed the code in the moodle/mods directory. Accessing the PHP pages on the server with the URLs directly result in a Moodle error, since I'm not accessing the module through proper channels. I get the "Incorrect access detected" error.
Is what I'm tasked to do even possible? If so, how is the best way to accomplish it? Do I need to write an authentication module and then an activity module? Is there any way to bypass all of Moodle's authentication and simply use the database abstraction without editing the core Moodle configuration files? (I know it's possible by modifying the Moodle code, but that is sadly not an option).
I have plenty of PHP experience, but I only have about 4 hours of Moodle experience and I'm getting nowhere fast.
It sounds to me that you might be trying to access the script while coming in from a host other than what poodle has specified in its config file. You could try dumping you http_host and noodles wwwroot to see if the line up. I'm less familiar with 2 than 1.9 but you might be able to define abort_after_config then include config then change the cfg wwwroot then define abort_after_config_cancel then include setup. Otherwise you could spoof the host otherwise you can delete the check in Tue lib/setup.pup file
Not sure quite what you are trying to achieve here but any of the following may work.
(1) If you have a stand-alone platform you want delivered within an LMS framework then you might offer a counter proposal of developing it in your preferred environment but wrapping it in LTI. Moodle can then deliver it via the External Tool plugin and you can get two-way communications between the two for authentication and tracking.
(2) Doing it in Moodle
Create an authentication with a login_hook and make sure this is is moved to the top of the authentication plugins list so that it is checked first before the others. Use the hook to process the hex key (as GET or POST parameter) or take you to an alternate process and return true (or create session). You could also use the 'alternative login page' in the authentication settings alongside this plugin hook. This should take of authentication.
If enrolment is not an issue then create your plugin as a local plugin (not mod) and use the above hook to redirect to this page after login. This gives you a bit more flexibility in the libraries you use and you can still use front-page enrolments if necessary as a workaround. If you really need enrolments, course roles, and gradebook then use a mod to leverage these. There is a single activity course format in the latest Moodle that gives you a format to run just your bespoke activity on its own.
Finally develop your own layout type in the theme for the local plugin if using that or for the course and incourse layouts if using courses so that you can control what of the standard Moodle navigation and structure you want.
If the plugin is sharing a Moodle already being used for other activities then you'll need to be sensitive to this. If you're just running your own thing then it will be much easier.
(3) Use Web Services to get what you want from Moodle in your own App.