Is there a way to integrate elfinder with my current user permissions system? I would need some kind of hook which would be triggered before e.g. a file gets deleted. There I should be able to abort the delete command and return some kind of response if the logged in user doesn't have enough permissions.
Closest thing I found until now is this: Connector Configuration options - Bind
But it doesn't look like I'm able to abort the current action there....
It all depends on the way you implemented the server-side connector.
For example, I have a custom connector for PHP backend which saves and returns the files / folders based on a database table. This way, I can set the read and write options for each file / folder (check the Client-Server API docs).
To answer your question, you'll need to tweak the server side connector to set the read and write attributes, like stated in this wiki page.
Related
I have a JavaScript application on a page in Joomla which generates a graphic (png). I want to save this image to the image directory. Doing this with JavaScript is not possible for safety reasons. Is there in Joomla a PHP call which can be used to get this done?
You should look into the Joomla media manager file.json.php (for ajax use) or file.php controllers (from administrator/components/com_media/controllers)
Either will do, but you need to fulfill the requirements i.e.
having a valid login
passing along a security token
giving the user or user group privileges to upload (in media manager - options - permissions tab).
This should be enough to get you started.
I am facing a issue. I have to fetch data from moodle without loggin to it. I have to create a seperate php which is not a part of moodle directory. This file will fetch course from moodle database and display it.
Please help me to sought it out.
Try looking up the database credentials for moodle in the config file and use them to read straight from the database with a different PDO DSN?
The right place to start would probably be to look at using the Moodle web services (https://docs.moodle.org/en/Web_services), before you start trying to directly pull information from the Moodle database.
You will need to use Moodle web services. You can see the steps to set it up by going to yourmoodleurl/admin/settings.php?section=webservicesoverview. Basically,
Enable web services: yourmoodleurl/admin/search.php?query=enablewebservices
Choose which protocol your service will use: yourmoodleurl/admin/settings.php?section=webserviceprotocols
Create service by going to yourmoodleurl/admin/settings.php?section=externalservices and clicking the linked text "Add", give your service a name and select the box to enable, then save.
Add functions to the service you just created. You probably want something like core_course_get_contents, but you can study the list of api functions at yourmoodleurl/admin/webservice/documentation.php to see which functions will get you the data you want.
Create a user and token that will use the service. I create a user called webservice, and make the authentication method "web services authentication", and make the user a site administrator. You may not want to do that for security reasons, and just grant the webservice:createtoken privilege along with whatever privilege is necessary to access the webservice function.
Execute your webservice with your external script.
hi i am not sure if this is restful related, i think it is , but please do correct me if i am wrong.
so basically i want my server, which is written in PHP, to respond to different api requests, so for example
http://www.myweb.com/api/content/video/get?id=1 which will return a json object that has information regarding of a video of id=1
however, i can also have the following api to be called
http://www.myweb.com/api/content/music/get?name=biever
i want to create a centralized dispatcher, a php file that sits in the api directory in the server, so whenever a request is made where api appears in the RESTful link (which is in both example above), it shoudld 'intercept' these requests, and examine rest of the path to call the function accordingly. so for example
in controller.php in api directory
it will see, oh you are calling content/video, i will do some pre processing (say, adding video name or something) then direct the method call to content/video/get
how can i, in php, make sure that all the requests will go through my controller file first?
By default URLs are mapped to PHP files in your file system. You can't control this in PHP. By the time your PHP is run, you're too late. So you'll need to look into rewriting the URL at the webserver-level. If you're using Apache look into mod_rewrite.
I am tasked with writing a relatively small and simple PHP web app which will use a small database. Authentication for this will be through randomly generated hex keys in the query string which are generated by an administration page and emailed to desired users.
This is all fine so far, but here's the catch:
For various political reasons, we are forced to make this app a Moodle module. I can use the Moodle database in MySQL, but I will be working with my own tables which do not interact with Moodle, and Moodle will not interact with my tables. I must also to use the Moodle database abstraction rather than direct PHP->MySQL access.
I do not want my users to know they are operating within Moodle. They shouldn't need to log in to Moodle to access my web app, and they probably won't have access to Moodle anyway. Those users who do have access to Moodle shouldn't see this web app in their list of Moodle functions.
I've thrown together a few small PHP pages, included some Moodle libs, and placed the code in the moodle/mods directory. Accessing the PHP pages on the server with the URLs directly result in a Moodle error, since I'm not accessing the module through proper channels. I get the "Incorrect access detected" error.
Is what I'm tasked to do even possible? If so, how is the best way to accomplish it? Do I need to write an authentication module and then an activity module? Is there any way to bypass all of Moodle's authentication and simply use the database abstraction without editing the core Moodle configuration files? (I know it's possible by modifying the Moodle code, but that is sadly not an option).
I have plenty of PHP experience, but I only have about 4 hours of Moodle experience and I'm getting nowhere fast.
It sounds to me that you might be trying to access the script while coming in from a host other than what poodle has specified in its config file. You could try dumping you http_host and noodles wwwroot to see if the line up. I'm less familiar with 2 than 1.9 but you might be able to define abort_after_config then include config then change the cfg wwwroot then define abort_after_config_cancel then include setup. Otherwise you could spoof the host otherwise you can delete the check in Tue lib/setup.pup file
Not sure quite what you are trying to achieve here but any of the following may work.
(1) If you have a stand-alone platform you want delivered within an LMS framework then you might offer a counter proposal of developing it in your preferred environment but wrapping it in LTI. Moodle can then deliver it via the External Tool plugin and you can get two-way communications between the two for authentication and tracking.
(2) Doing it in Moodle
Create an authentication with a login_hook and make sure this is is moved to the top of the authentication plugins list so that it is checked first before the others. Use the hook to process the hex key (as GET or POST parameter) or take you to an alternate process and return true (or create session). You could also use the 'alternative login page' in the authentication settings alongside this plugin hook. This should take of authentication.
If enrolment is not an issue then create your plugin as a local plugin (not mod) and use the above hook to redirect to this page after login. This gives you a bit more flexibility in the libraries you use and you can still use front-page enrolments if necessary as a workaround. If you really need enrolments, course roles, and gradebook then use a mod to leverage these. There is a single activity course format in the latest Moodle that gives you a format to run just your bespoke activity on its own.
Finally develop your own layout type in the theme for the local plugin if using that or for the course and incourse layouts if using courses so that you can control what of the standard Moodle navigation and structure you want.
If the plugin is sharing a Moodle already being used for other activities then you'll need to be sensitive to this. If you're just running your own thing then it will be much easier.
(3) Use Web Services to get what you want from Moodle in your own App.
.htaccess files are not my strong point.
I have document uploads going to /uploads. The user should be able to view the documents they've just uploaded by clicking on the document link that appears via ajax after uploading is completed.
However, I would like to be able to password protect the /uploads folder BUT still enable the current user to view the clicked document without having a password request appear.
Is this possible to do in .htaccess?
Thanks for any suggestions.
Unless you are using HTTP auth to authenticate your user before the upload, this probably cannot be simply done with just .htaccess. You need to know file's owner and compare it with current user, which is way beyond the scope of usual web server's capabilities.
If you may use Nginx or Lighttpd, you may use X-Accel-Redirect/X-Sendfile header. There's also a module for Apache2 called mod_xsendfile. Make all request to /uploads transparently pass through your application, verify access then tell web server to send file. While this requires the ability to configure the web server (which is sometimes not possible) this is probably the most correct and universal solution.
Here are some useful links:
PHP and Ruby on Rails examples (and some general information on configuration)
Python/Django code snippet
You could use cookie based authentication (mod_auth_cookie) to grant access via htaccess for a particular location.
I am not sure if setting the cookie path to the specific file will work, but its worth a try.
You are better off doing this in the app layer though.
EDIT: This may be a better solution
I don't think this is possible in .htaccess - since .htaccess has no way of knowing which user uploaded which files. Even if it did (e.g. by putting files in uploads/username/), I don't think .htaccess files are the way to go. I think you'll probably want to enforce this at the application level.