I try to use one copy of Yii2 as multisite engine (one CMS, several domain-depended configs).
But when I send some ActiveForm in a controller action, I see Bad Request 400.
When I add _csrf field in simple HTML form and try to send it in an action, it works fine.
How can I resolve it?
Here is a solution: I just name session with unique string for every domain.
This is done by editing domain-depended configs.
return [
'components' => [
...
'session' => [
'name' => 'domain_name_session',
],
...
],
];
Related
i have a little problem.
I'm developing a php application using Yii2 framework and i want to save a log messagges into db table.
I'm coding my own component witch extends DbTarget, in this component i rewrite export() function to save data into my table. It's works fine, but i can't get the log message.
For example, when i call Yii:log('message log'), all my data are saved in my db except 'message log' because i don't know how to get this value in my component.
Any solutions?
thanks
P.s. I'm newbee with yii2 and i have read the official documentation, but i didn't find any solution.
It seems you should specify level of the message
Yii:log('message log', Logger::LEVEL_TRACE);
or use shortcut methods
Yii::info('message log');
Yii::trace('message log');
Yii::error('message log');
Check your config for another targets. May be your message goes to level or category of another target. Notice that default category is 'application'.
To be shure you can make this configuration
'components' => [
'log' => [
'targets' => [
[
'class' => 'YourDbTarget',
'levels' => ['info'],
'categories' => ['application'],
],
],
],
],
And try to log info message
Yii::info('message log'); // target = info, category = application
We are working on a project where are 4 roles. But in cakephp 3.x Auth component holds authenticate user data in session with Auth.User indexing using
$this->Auth->setUser($user);
Due to this we are not able to access front-end user account from admin panel for some purpose, because of when we login to front-end user from admin panel, front-end login action performs and over write of session value.
So if there is any process to handle this please suggest us.
Thank you in advance.
As well I have understood that you are not using prefix to manage back-end and front-end user then may be you worked with separate folder structure for back-end, May I right?
You are right that $this->Auth->setUser($user); always holds session with Auth.User indexing. So you need to write different session indexing for back-end, and you can do it as follow :
For back-end user authentication :
**
$this->loadComponent('Auth', [
'authorize' => ['Controller'], // Added this line
'loginRedirect' => [
'controller' => 'Users',
'action' => 'dashboard',
'prefix' => 'admin_panel'
],
'logoutRedirect' => [
'controller' => 'Users',
'action' => 'login',
'prefix' => 'admin_panel'
],
'storage' => [
'className' => 'Session',
'key' => 'Auth.Admin',
]
]);
**
Here you can pass your desired index in 'storage' array key value.
I think it'll works for you.
Check out the section Authentication and Authorization in this curated list of CakePHP Plugins.
You could, for example, use dereuromarks TinyAuth Plugin to authorize your users and configure what they are able to see.
This way you can use the same authentication (be aware of the differences between Authentication and Authorization) and the same users table, which will prevent the Session conflict you mentioned.
The Auth component overwrite the previous session because it store the session in Auth.users all the time so we have to change the session key for different role.
If you are using URL prefix for the different roles to access then you can do like this.
AppController.php
public function beforeFilter(Event $event)
{
if($this->request->params['prefix']){
$this->Auth->config('storage', [
'key'=>'Auth.'.$this->request->params['prefix'],
'className'=>'Session'
]);
}
return parent::beforeFilter($event); // TODO: Change the autogenerated stub
}
This will create different roles in Auth as you required.
The session will be like this
[
'Auth'=>[
'User'=>['id'=>''],
'Admin'=>['id'=>''],
]
]
Tested it, working great for me.
Right now I'm trying to implement themming for my Yii2 based project.
How I see the thing now:
User chooses an application theme from the list on the settings
page in backend.
Using yii2-settings I'm saving all the
configuration data in DB (pretty easy).
In the application
bootstrap.php I'm creating new alias called #theme. Basically it
should lead us to a application theme base path (used in search
paths, assets manager, e.t.c.).
According to official
documentation, that's how I configured my view component:
'view' => [
'theme' => [
'basePath' => '#theme',
'baseUrl' => '#theme',
'pathMap' => [
'#app/views' => '#theme',
'#app/widgets' => '#theme/widgets',
'#app/modules' => '#theme/modules',
],
],
],
An issue I have is with p.3. According to yii2-settings documentation that's how I supposed to read the settings:
$theme = Yii::$app->settings->get('name', 'general');
Yii::setAlias('#theme', realpath(dirname(__FILE__)."/../../themes/$theme"));
But obviously, it's not working for me because of yii2-settings component didn't initialized yet when bootstrap.php is called. I've been trying to initialize it later in the init() method of my base controller, then adjust other aliases manually, but I feel that way being somewhat 'unclean', and also it still fails because of #theme alias is also used in asset file which is Yii2 starting to publish before calling the controller's init method.
So does anyone has any thoughts of how to do that 'hacking' the code as less as possible? I know I could just move configuration to some file, then read it manually before the application initialization, but it's still not the way I want to go.
Maybe there's some way to override some system component to set the alias after db component is loaded, but before view component configuration? Or Yii loads this components in a different order? Anyway. Any help would be appreciated!
You could try an Application Event in bootstrap:
\Yii::$app->on(\yii\base\Application::EVENT_BEFORE_REQUEST, function ($event) {
$theme = Yii::$app->settings->get('name', 'general');
Yii::setAlias('#theme', realpath(dirname(__FILE__)."/../../themes/$theme"));
});
OR in configuration file:
[
'on beforeRequest' => function ($event) {
// ...
},
]
From Yii 2 docs:
EVENT_BEFORE_REQUEST This event is triggered before an application
handles a request. The actual event name is beforeRequest.
When this event is triggered, the application instance has been
configured and initialized. So it is a good place to insert your
custom code via the event mechanism to intercept the request handling
process. For example, in the event handler, you may dynamically set
the yii\base\Application::$language property based on some parameters.
Here's the final solution:
config/bootstrap.php:
// Setting a temporary path for components configuration - will be changed later
Yii::setAlias('#theme', realpath(dirname(__FILE__)."/../../themes/"));
config/main.php
'components' => [
'view' => [
'theme' => [
'basePath' => '#theme',
'baseUrl' => '#theme',
'pathMap' => [
'#app/views' => '#theme',
'#app/widgets' => '#theme/widgets',
'#app/modules' => '#theme/modules',
],
],
],
],
'on beforeRequest' => function ($event) {
$theme = Yii::$app->settings->get('theme', 'general');
Yii::setAlias('#theme', realpath(dirname(__FILE__)."/../../themes/$theme"));
},
I have this very weird thing going on when trying to make post to an external API, I try to make a POST request to the URL but Guzzle make a GET request instead (which is a legal action on this API but returns something different).
Here is the code:
$request = $this->client->createRequest('POST', 'sessions', [
'json' => [
'agent_id' => $agentId,
'url' => $url
],
'query' => [
'api_key' => $this->apiKey
]
]);
echo $request->getMethod(); // comes out as POST
$response = $this->client->send($request);
echo $request->getMethod(); // suddenly becomes GET
Same thing happens when I use $this-client->post(…)
I really have no idea what to do next.
I run into the same problem.
the reason is that Guzzle Changes the Request-Method to 'GET' when there is a location Redirect with code 301 or 302.
I found the 'Problem-Code' in the RedirectMiddleware.php.
But when you see the if-condition you can disable this behavior by adding 'allow_redirects'=>['strict'=>true] to your options.
After finding this option, I discovered that the option is listed in the Guzzle Options Documentation
So yust rewrite your createRequest like this:
$request = $this->client->createRequest('POST', 'sessions', [
'json' => [
'agent_id' => $agentId,
'url' => $url
],
'query' => [
'api_key' => $this->apiKey
],
'allow_redirects'=> ['strict'=>true]
]);
And it should stay Method POST after the redirect.
You're probably getting a 3xx status code so that that the Redirect subscriber kicks in (redirect is enabled by default). From the docs:
[...] Pass an associative array containing the ‘max’ key to specify
the maximum number of redirects and optionally provide a ‘strict’ key
value to specify whether or not to use strict RFC compliant redirects
(meaning redirect POST requests with POST requests vs. doing what
most browsers do which is redirect POST requests with GET requests).
//edit Just saw you kinda answered that yourself in the question comments - still leaving this answer online as it provides some context.
Try to change the key 'query' to 'body'.
Please switch query to form_params. In Guzzle 6 it works.
Here is my problem.
I have a few pages in my application who uses SSL, like the lggin page. When i am in the main page (who doens't have SSL), every link created by the view ( href=$this->url(...) ) is plain html, even the login page. On the other hand, when i am in the login page, every other links displays with https.
In the controller, i manipulate if the page uses SSL or not, that is OK. But i want to show the correct link for the user when he navigates through the site, https for ssl pages and http for non-ssl ones.
Thanks.
First of all, if you have HTTPS available, you should use it on any page. It is really against the web of trust when you have some pages available via HTTPS, but others not. Sure, you might enforce HTTPS on some pages (so there is no HTTP), but vice versa is always a bad idea.
That being said, you can create a scheme route. With the scheme you are able to specify HTTPS on some routes:
'secure' => [
'type' => 'scheme',
'options' => [
'scheme' => 'https',
'defaults' => [
// the usual stuff
],
],
'may_terminate' => false,
'child_routes' => [
// all your https routes here
],
],
Because some of these "secure" routes might be defined at vendor level (e.g. you use ZfcUser), you can use "prototyping" of routes. For example all ZfcUser routes should only be accessible via HTTPS. The "main" route of ZfcUser is zfcuser:
'router' => [
'prototypes' => [
// Define "secure" prototype to add to routes
'secure' => [
'type' => 'scheme',
'options' => ['scheme': 'https'],
],
],
// Apply the scheme route to ZfcUser
'routes' => [
'zfcuser' => [
'chain_routes' => ['secure'],
],
],
],
Prototyping "prepends" the secure route to zfcuser. So this makes zfcuser and all its childs a child-route of secure. Therefore, all zfcuser routes are defined with HTTPS.
When you've come this far: if you now assemble the routes, they will get HTTPS automatically. When you have a route login inside the secure route of my first example, you get the url via $this->url('secure/login');.
In the second case (prototyping) you don't need to mention the prototype, just use $this->url('zfcuser'); for the user's route.