I have two CI Code base say projectX and projectY (Two Different Code Base and yes CI systems files are also separate but same version), Where ProjectX is the main site say http://projectx.com and ProjectY is http://projecty.projectx.com
Now when a user logs into the system (ProjectX) and clicks on some link that takes him to ProjectY. I want the user gets logged into SystemY with same session that was activated when he/she had logged into SystemX.
So my question is it possible and if yes then how or if 'NO' then what are possible ways to accomplish this as i don't want to show one more popup for login
Ok first of all thanks to #LuckyBurger for the link he has given in comment and yes that is a perfect solution for the problem all you have to do is to change the config file in both the code base with same values for session config array
Related
I know you can save sessions actions of user in a file (logs) or database. But this file (or line in database) is rewrited in every action that user make, for example:
If user start in login and then go to home, later go to about; this file is rewrite to from: home > to about.
I know it is not the complete quote generated in log/db. Is it possible to storage the first action (from login to home) and the second (from home to about)? How can I do it?
Thanks
I've been using Laravel Audits and it's pretty cool, give it a try.
It tracks pretty much everything you need, and shows you what was created and the old and new values when something is edited. but downfall is it does not track changes pivot tables
Check it out here: Laravel Audits
Maybe have a look at https://github.com/spatie/laravel-activitylog which allows you to specify your own logging requirements.
Laravel requests allow to get a lot of informations.
You can create a table in your database and a middleware which get the request anytime a route is called and store informations like the route called, the user id or even his referer in the table.
Check it out for more info about requests
The Project is running on CodeIgniter (v 3.1.9).
from the Login page
When two different users (A and B) try to login from two different systems at same time, both users gets the same session values.
If A log's in first(1 or 2 seconds), then the user B gets the session of A's,
After a reload the correct session are restored.
This happens in the opposite way also.
So both the users gets the same dashboard the first time, which is pretty bad,
this only happenes when we try to login with 2 users at the same time.
If anybody has any pointers that would be great.
Thanks in advance.
SO After Long sleepless nights i figured out what was causing the issue, and it is a funny one.
Posting this answer so that if anybody comes looking for this.
So my codeigniter project was loaded in a sub folder of a domain, and that was the issue, somehow the codeigniter sessions gets mixed up when using the subfolder, when i moved it to another domain and everything worked perfectly.
just so you know i did add the required .htaccess for this folder.
#AyazShah #popeye thanks..
Good day.
I have questions about the login system , that disturbed me quite a long time. For this i want you to imagine that i have 2 pages login.php and userpage.php. The login page contains fields for input of user name and password. While userpage contains all the information about the logined user. When user inputs his data, some class Connection checks him in the database and if user exists, creates a session.
When I'm creating a redirection from login.php to userpage.php, how should i redirect users data? (Should I use global arrays (like $_SESSION) to transfer the info or I should connect the db again from the user page?)
Should I create some multi-threading (Do not judge strictly, I'm a newbie) for userpage.php, to be created for multiple users, which are trying to login at the same time?
How should I protect the information (code side), for being hard to read? (For example Facebook pages source-code. because i don't want some "bad guys" to view my sources) and other things.
How can I make some users to see what the others can't ? For example userpage.php shows different links and information for different users and all the information for me .
How can i prevent membership.php from being viewed?(Is there some other way than using header?)
How can i prevent my require and require_once from being viewd at the login.php and userpage.php ?
1.) When I'm creating a redirection from login.php to userpage.php, how should i redirect users data? (Should I use global arrays (like $_SESSION) to transfer the info or I should connect the db again from the user page?)
You need to have a connection to the db everytime you want to get the user's data. You can create a session to store a unique attribute for the user, like $_SESSION['id'], when the user is successfully logged in, and you can use that value on any page to query the db and get the necessary user data.
2.) Should I create some multi-threading (Do not judge strictly, I'm a newbie) for userpage.php, to be created for multiple users, which are trying to login at the same time?
No, you don't need to worry about users connecting at the same time. The server can handle this. When you have a million users or so, you can start considering this. (Although, even then I'm not too sure. Unfortunately I've never had that problem ;) )
3.) How should I protect the information (code side), for being hard to read? (For example Facebook pages source-code. because i don't want some "bad guys" to view my sources) and other things.
You cannot prevent anyone from seeing your markup and styles, that is, your html and css, or any client side scripting, like javascript. However, your php is server side and not displayed in the source. The 'bad guys' will not be able to view source to see your db connections, php logic, etc.
4.) How can I make some users to see what the others can't ? For example userpage.php shows different links and information for different users and all the information for me .
There are different approaches to take. The simplest is probably to store the user's 'permission level' in the db, and then check that every time you load content. For example,
if ($user['permission']==1)
// Show something
elseif ($user['permission']==2)
// show something else
5.) How can i prevent membership.php from being viewed?(Is there some other way than using header?)
The easiest way to do this is by checking to see if there is an active session, and if not, redirect:
if (!isset($_SESSION['id']))
header("Location: login.php");
6.) How can i prevent my require and require_once from being viewed at the login.php and userpage.php ?
Not too sure what you mean by this, but consider this: require and require_once are the exact same as including the code directly in the file. If you are referring to them being viewed directly by the client by hitting 'view source', don't worry - see answer to question 3.
Note:
These answers are simplified, and there are plenty of other complications to consider. Some of this stuff may not make sense, but I wouldn't sweat it too much. I would recommend starting small - find a decent tutorial or two on how to create a simple user database, a registration, and login page, and start there. No answers you get here will substitute research, practice, and trial and error. Start small, and things will quickly become clearer as you progress.
Save the users state in a cookie or in a session. Note that you need the session_start() the userpage.php page as well as the rest of the page were the user is connected.
More info on http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL
See the above link.
No one can read PHP code because it is server side and not client side. So your code is secure already from its own structure.
Let users have different level from the swl-database. If a user got auth 1 they see some links, if they got user auth 2 they see other things.
See page from answer 1
See page from answer 1
Considering your stated fact that you are newbie,I will also assume that the login system is more of practice thing and not a real world app.
Now to answer your queries point-wise.
Storing data in SESSION variables is alright.However,do not store too many data in SESSIONS.I would suggest just store the userid for the user and use that to gather and display info in the userpage.php. As the app gets bigger,you will definitely need to make connections in each individual page.
Use SESSION and COOKIE combination to create multiple user logins. However,Refrain from trying to implement/allow same browser multiple logging-in.SECURITY ISSUE.
PHP source code is anyways not readable from client-side.Regarding javascript & css-u can maybe minify it.But that would still not make it client-safe.
There are many ways to implement this.Maybe have a $_SESSION['admin'] =true when a admin logs-in and use it to display/hide info on userpage.php.
Same as NEXT
What it is that u want to hide?If its HTML/JS ,u dont't have much choice. One solution may be to use if-else in ur php code and restrict display of code present in header.php and the pages included via require and require_once.
This is a very basic guide.Your strategies may vary depending on the complexity of your application and also if/when you start using framweorks . Happy logging-in !!
ADDITIONS wrt to application structure.
Considering that your end product would be a system that allows a user to register and login/logout,i would suggest a following structure to begin with.
Structure-
index.php
|--action
|---register.php
|---logged_in_user_landing.php
index.php-- This is main page and used to redirect to individual pages based on actions.
check if SESSION is set.
If yes,include action/logged_in_user_landing.php else include action/register.php.
As actions increase,you can add if-else and include more pages accordingly.
In register.php,u have the form for login. On submit, redirect to index.php (via form action).
establish db connection in index page and check username-password combination.If correct,set the SESSION for that user and include the 'action/logged_in_user_landing.php'.
Have a unique identifier sent along when redirecting from each individual page,So that u can identify what to do in index.php.
This is a very simple architecture that should get u started.Its kind of a controller based architecture and will help you in the future when u go into MVC architectures.
I had problem with session sharing. Can session be shared across domain? I'm using PHP codeigniter framework for my project.
I had this case where I got 2 domain name register in server and I use 1 application.
Eg:
domainA = www.domainA.com
domainB = www.domainB.com
for domainA, i used default application
—-application
—-images
—-system
for domainB, i create new folder named domainB
—-application
—-domainB
—-application
—-images
—-system
By using htaccess, i rewrite rule whenever link is www.domainB.com it will pointing to domainB folder. This case, it working fine.
The problem is, the session created in domainA are not same as domainB. This is troublesome if we had to gather data from both domainA and domainB. Eg, let said, I add product A to add to cart in domainA, and another product B in domainB, i want to collect these both product and call it in shopping cart in domainA. Can i do that?
Need advise on how to implement these kind of problems? Usually when coding shopping cart we have to use session to keep the products in shopping cart at certain amount of times. Are there any other methods beside this? I had searched in google mostly i read the replied was something like this:
Assume you have a sites called www.innovativephp.com and www.innovativejs.com hosted on same server. Even though both sites are on same server, domain names are different hence you will see that the cookies will not be working in another top domain. :(
Thanks.
I had the same problem and still reading about it:
Extending session in another application
you might want to look on Single Sign on, openid,or even the answer given in the link provided.
I am trying to make some changes in my Drupal 7 site's view. But it gives me this error
Changes cannot be made to a locked view.
Multiple users are not logged into the site.
Please any one can help me?
Thanks.
There is a break lock link in the view itself. click on the link.
What i observed is that when i change the name of my root folder of drupal website on localhost this error occurred.
This can be removed by clicking on break this lock link appearing on top of view itself.
delete the row for "Yourview" in the table "views_object_cache"
I faced this problem several times. Please make sure that you have logged in using only one admin account at a time even though you are using multiple browsers. Also, make sure that you have logged out of the admin account in other browsers before you close them.
If you currently logged in as the same user (admin) in more than one browser, Logging out of one fixed the problem.
After logging out if you still have the problem force logout all users (empty the session table)
TRUNCATE `sessions`;