I know there is already an existing question identical to this (How do I pass session to ckfinder in codeigniter 3?) but it does not help at all. There's only 1 answer and it does not work for me and very little explanation is provided.
I have a CI site in which a user can log in and edit some stuff using CKEditor. I've installed CKFinder as well, but I'm unable to pass any session data to the CKFinder config file in order to authenticate the login for security. The global $_SESSION variable just returns Array() 1 and doesn't contain any of the session data (and yes, I'm using session_start();).
Using the other post's answer as a foundation, I tried retrieving data from $_COOKIE but there didn't seem to be anything particularly useful. There is no ci_session in the cookie data. The closest thing is PHPSESSID but I couldn't get anything useful from that.
Any help would be appreciated it. I've spent too long on this project already. Thanks!
You should not be altering a config file by writing to it for each user. Since this is a commercial application I cannot view the docs for it, but this might help.
Set the link on the user page to CKfinder to only show if the user is logged in.
Set the controller CKfinder links to within CI to detect if the user is logged in or not and allowed (ie authenticated and authorized), otherwise reject the request.
Alternatively create a CI library for CKfinder that runs it from within CI.
Knowing CKeditor quite well, I am sure CKfinder will be documented quite well to integrate with frameworks and existing systems quite easily. CKeditor is a beautiful script (albeit with limitations) so I would presume the same quality applies to CKfinder.
And yes, CI session data is not available outside CI. Third party apps like this can be integrated with CI using standard includes directly or with a library etc within the CI framework. In fact one of the great things about CI is the ability to write small libraries that can easily include almost any third party app with relative ease of implementation.
This link will help:
Codeigniter 3 - Access Session from Outside Codeigniter Installation
Without further code samples or a more exact example of the problem, I am not really sure how I can help more than that. I hope it might of been of some help but it probably was not. Sorry.
Related
I'm using https://github.com/jonseg/crud-admin-generator to generate a simple back-end for database operations. However, I want to make it so that only an admin user can use the page.
I can't seem to find a good tutorial that is compatible with this framework. I've looked at Symfony and Silex tutorials, but neither one seem to be 'compatible'. This framework doesn't seem to have those files..... Is there a tutorial / something that can help me get started with this? Is there an easy/safe way to lock down some pages in PHP that is compatible with this framework?
there is a property in the firewall, named "security.access_rules"
that add the path and the role and that'll make it so you can lock down certain routes.
I'm in the middle of moving my site into the CodeIgniter framework. I've never used a MVC framework before so this is a big step.
In my old site, each page would have include("session_handler.php"); at the top of each page. This script would check session variables, authenticate sessions and store stuff in the database.
Is there a way I can have this script automatically include in every page? Can I specify it in the config? Does CI maybe have an internal way of dealing with sessions that is superior to my method?
Code Igniter has a Session class you can use.
It also has an autoload functionality.
Those two things should cover your requirements I think...
If you need additional validation to the session, you can either extend the core session class (which may be asking too much if you're only starting on the framework) or you can create your own library and auto-load it right after the session one to run some additional code..
I am a PHP and ExtJS user. I am looking into developing an application using a good PHP framework (CakePHP; good as in "I consider this good for me") and ExtJS version 3. What I would like to achieve is a complete Ext viewport with many grids and functions that would call PHP urls for retrieving data, saving data, edit/remove data (not just for grids, also for treepanel and such). I would like to use CakePHP as backend with all its capabilities for executing these functions. My first goal is to integrate the obAuth component (or any other secure authentification plugin for CakePHP) with an ExtJS 3 login interface. I am searching for the best method of combining these too so that I can easily restrict functions based on the usergroup access. I am thinking of a setup where the logged in user makes one post from Ext regarding the execution of a function and the CakePHP response made present as errors or notifiers through Ext alert boxes.
Do you think this is possible ? Any thoughts of an ideal config for this ?
Thank you.
If you're going back and forth between JavaScript and Cake a lot the first thing you might want to do is override or extend the default View class so it'll package variables you set in the controller automatically into a JSON array or whatever you prefer. That'll save you from having to make a view for each action and/or overriding the layout each time. Study cake/libs/view/view.php and/or cake/libs/view/media.php, you can create custom views in app/views/.
Make use of the RequestHandler Component a lot to reuse logic both for normal views and AJAX.
Beyond that it's normal JS with a PHP backend.
This is actually very easy. First, integrate the obAuth Component into a basic CakePHP install, to see if it works properly and doesn't have any strange quirks. Once that's done, get to work on your frontend.
Your frontend should be designed entirely with ExtJS components. Either design your frontend with ExtJS or via HTML templates, but try not to do both, as it gets confusing and hard to maintain. I recently did this, and every controller action had a view that set up the DOM with some basic elements (a header for the page, any divs I needed to bind components to, and the .js file that was specific to that page/view).
Then, make your application RESTful. All of your ExtJS components can read data from a DataStore (or can just take a URL as the data source), so you just give them the paths you'd like and you're done.
Check out Bancha, it integrates ExtJS 4 and CakePHP 2.
It does this by doing all the communication in the background using an completely implemented Ext.Direct for CakePHP.
cheers
Roland
I am writing a web application using PHP. I want to use the MVC pattern for this, and decided to go with CodeIgniter. My application will have some pages which will require authentication, and some pages won't. I want to design this in a very generic way, so that there should be no code duplication. Can any one point to some good "design/class structure" for this?
Write a custom library that you can autoload in your code igniter app on every page view. It should have functions that:
Authenticate the user ie. check if a user is logged in or not
Log you in ie. set a session variable or something
Log you out
Then in your controller classes you can do a call to the authentication function in the constructor then depending on the outcome continue as normal or redirect them to a login screen with an access denied message.
Do a search on the code igniter wiki for 'authentication' and there are a number of results that may help: http://codeigniter.com/wiki/
"Ion Auth" is lean, well-programmed, somewhat widely used and is actively maintained.
http://github.com/benedmunds/CodeIgniter-Ion-Auth
If by "some pages" you mean some controllers (the gateway to your views), then you may want to investigate controller inheritance. Extend the default CodeIgniter controller with your own and put an authentication check in the constructor (check the session for a logged in flag or something and if not logged in then redirect to login page). Then, all controllers that require authentication will need to extend your new parent controller. That's it.
Head on over to the CodeIgniter forums and search for some different ways to extend the controller. Here is one http://codeigniter.com/forums/viewthread/89768/#452890
May be you can use CL_AUTH library for CI. I've used it and it works good. You can find it here http://www.jasonashdown.co.uk/cl_auth_doc/
I was looking into the same thing recently, and I found a CodeIgniter fork called Kohana that includes a nice authentication module. If you are set on CI, maybe adapting Kohana's auth module backwards to CI would save you some time? If you have just started out on your project and PHP5 is OK to use, consider switching over; they are very similar frameworks.
Visit GitHub and search for Codeigniter Auth or Authentication, or check the CodeIgniter Wiki, you'll find many libraries with different features.. explore them and choose the one you need! But be careful, many are for CI 2, and you have to ucfirst the classes to use with CI 3, otherwise they don't work at all.
Use flexi auth a modified version of the popular Ion Auth library. It's more advanced and do all the job out-of-the-box.
flexi auth is a free open source user authentication/login library for use with the CodeIgniter 2.0+ framework.
I know it's too late but I hope someone else will find it helpful. Cheers!
I am just getting started with CodeIgniter, and I am trying to hash out my regular modules/functions to get them working properly within the MVC framework. I have a few specific questions for anyone who has a strong CodeIgniter background:
SESSIONS
The CodeIgniter session stores session data on the client side in a cookie, which just isn't going to work for me. I know there are a few replacements for it, or I could build my own library/helper; but I just don't see any benefit over just using $_SESSION.
If I just use $_SESSION, will I have any problems with the rest of the framework? Does any other part of the framework depend on using the CodeIgniter session?
I feel a bit weird about stepping outside the framework for something so basic, but I am pretty comfortable with plain PHP. I am basically just looking to use CodeIgniter for MVC, and to enforce a more modular aspect for my projects.
CODE FLOW & CONFIG
I have a few config items that need to be done before almost anything else.
For example, say I have a constant APP_LIVE, which is set true/false based on the name of the current server. This has to happen really early as paths, error reporting, the CodeIgniter system, and application folders, etc. will be set based on it.
The problem is that the system_folder, and application_folder (which will be set based on which server the code is running on) are set first thing in the index.php file, before any of the configs have loaded.
Also, I have a functions that check for things in the URL, and may redirect before the page ever loads. For example, some pages need to enfore the presence of www. in the URL (for SEO), track affiliates, visitor sources, marketing flags, etc.
Where is the best place to put things like this that have to happen really early? I know there is a config file, an autoload file, a constants file, etc., but those are too late for some items. Is it a bad practice to simply put these things into the top of the main index.php file, or to make an include there to a global config file? Again, I feel like I am stepping outside the framework, and wonder if I'm just doing that because I don't have a solid understanding of it yet?
LAYOUT / HEADER FOOTER
Like most people, I have a top header, navigation, footer, etc. I am used to just having them in files, which are included into my page template. I believe I can do that the same way by just making them views and including them into my main page view. Is that the best way to go? Some of them need a bit of data; like what page they are on for the navigation, etc. What's the best way to handle navigation, shared header/footer, etc.?
The newly released CI 1.7 handles sessions in the database (if you're using one).
However, CI is designed to be loosely coupled, so you shouldn't notice any major issues if you decide to use $_SESSION instead.
For your header / footer / navigation, you could create (for example) headerview.php, footerview.php, and contentview.php, and pass data to your views by doing something like this in the controller:
$data['title'] = 'about us';
$data['content'] = 'hello world!';
$this->load->view('headerview', $data);
$this->load->view('contentview', $data);
$this->load->view('footerview');
Basically, you can treat these views exactly like includes, but with the added benefit that you can change the variables within. I would steer clear of calling other views from within views, but that might just be me.
I've made additions to index.php myself once or twice, to set initial values and such, and have never had a problem with it.
Congratulations on your choice of framework; I'm sure you won't be disappointed. ;)
You can either have multiple load->view lines in every controller but I personally find it coupled. I strongly suggest that you take a look at hooks in CodeIgniter where you can define functions that would be automatically run after each controller/method (a fine example of AOP).
Actually the $_SESSION array seems to get unset so you can't use the native PHP sessions (at least on 1.7). However in CodeIgniter wiki there's a session class that uses the native php sessions - you can use it the same way as the other, but it stores only session_id in the cookie. Here it is:
http://codeigniter.com/wiki/Native_session/
#lacho I created my own auth library on $_SESSION. and it works fine on 1.7.
I believe $_SESSION is much more secure since CI 'sessions' are cookies that are stored on the client side which are classified as 'user-passed-information' that can't be trusted.
You can try with native using your own session class
http://www.moreofless.co.uk/using-native-php-sessions-with-codeigniter/