I am taking over a community website that was built using Kentico (an ASP.NET-based CMS).
I have PHP/CodeIgniter code that could add interesting functionality to this Kentico website. For example, my PHP code allows for uploading and posting of user-generated material such as images, which the community can then comment on.
Since I'm unfamiliar with how Kentico works, I wonder if anyone knows if this functionality exists in it (as a module). If not, either this
would have to be coded in ASP.NET or
I could have a hybrid website using my PHP code, however authentication from the Kentico side would have to be passed the PHP side of the website.
Any suggestions on how to handle this situation?
You can store the authenticated session in the DB where both ASP and PHP have access
Look into the "User contributions module" - if you've got access to a new enough version of Kentico and the appropriate license then it will probably do exactly what you need it to.
Otherwise if you needed to do authentication from a seperate PHP app, I suppose you could write a simple web service in .Net and add it into the Kentico site. In the past I've used a .ashx generic handler to do this.
Maybe you could include a hidden iframe to the other site on each page and use postMessage in JavaScript to send a session ID between the sites.
I would probably try to keep everything all in one code base unless there was reason to break it out into a seperate module though - otherwise it just seems like a lot of extra work.
Related
I manage a website. Let's name it Website A. Website A is written in PHP, procedural-style, with a few different and out-dated frameworks in it. No surprise, it is a mess to maintain and to upgrade. I want to create Website B with a clean framework (Symfony2) and using OOP. Slowly I will refactor Website A into Website B. Any new features will also be done in Website B.
The catch? I want content from Website A to appear in the layout of Website B. I can't simply include the files of Website A in Website B as the configuration of it messes with the framework of Website B. What's the best way to achieve it? Using an iframe? Using Curl? Or using another method?
When I tried using AJAX, the integration went smoothly. Since they're on the same domain the cookies are shared, so even if the user logs in on Website B, Website A is aware of it. It was, however, slow to output and I had problems with the responsive design (even though I know responsive iframe can be done).
When using Curl, it was much faster to output and no responsive problems. However, since it's PHP that connects to Website A, I need to find a way to pass the authentication from one Website to another.
Both methods need some work in order to function properly. I lean toward the curl method, but is there a "best practice" in my case?
Both websites has personalized content, it's not simply a firewall-type authentification.
I'm not sure whether you're authentication involves personalised content, which would be harder, or just firewalled content. This would make a difference. The best approach I've seen to this problem was to use nginx as a reverse proxy.
I've been working on a site (for my company) to allow selected data center users to remotely access a scheduling calendar and some pages offering information on the various servers they are coming to the site to access--on a separate site. Initially, I was under the impression that I'd be creating a database and registration page to add, authorize or track end users. My initial project coding has been a combination of HTML, PHP, CSS, and MySQL and Apache for the database side. Now I've been told that we will be using AD, tied into our company's official Active Directory, so that users can use the same IDs and passwords that they've already had approved by our company.
My question is (hopefully) simple. Is there a certain web programming language that I should use in creating the pages that works better with Active Directory than others?
If you are comfortable with PHP, you should be able to achieve the above no problem!
The beauty of PHP is that someone somewhere along the line had the same problem as you so chances are, there's an established solution already.
adLdap seems to be a good solution, a library that already does most of the hard work for you and all you'd need to do would be integrate it into your script!
See: http://adldap.sourceforge.net/wiki/doku.php?id=documentation_user_functions
Hopefully this can make it a little easier for you so you can concentrate on the other things like the actual functionality of the website itself.
I am tasked with writing a relatively small and simple PHP web app which will use a small database. Authentication for this will be through randomly generated hex keys in the query string which are generated by an administration page and emailed to desired users.
This is all fine so far, but here's the catch:
For various political reasons, we are forced to make this app a Moodle module. I can use the Moodle database in MySQL, but I will be working with my own tables which do not interact with Moodle, and Moodle will not interact with my tables. I must also to use the Moodle database abstraction rather than direct PHP->MySQL access.
I do not want my users to know they are operating within Moodle. They shouldn't need to log in to Moodle to access my web app, and they probably won't have access to Moodle anyway. Those users who do have access to Moodle shouldn't see this web app in their list of Moodle functions.
I've thrown together a few small PHP pages, included some Moodle libs, and placed the code in the moodle/mods directory. Accessing the PHP pages on the server with the URLs directly result in a Moodle error, since I'm not accessing the module through proper channels. I get the "Incorrect access detected" error.
Is what I'm tasked to do even possible? If so, how is the best way to accomplish it? Do I need to write an authentication module and then an activity module? Is there any way to bypass all of Moodle's authentication and simply use the database abstraction without editing the core Moodle configuration files? (I know it's possible by modifying the Moodle code, but that is sadly not an option).
I have plenty of PHP experience, but I only have about 4 hours of Moodle experience and I'm getting nowhere fast.
It sounds to me that you might be trying to access the script while coming in from a host other than what poodle has specified in its config file. You could try dumping you http_host and noodles wwwroot to see if the line up. I'm less familiar with 2 than 1.9 but you might be able to define abort_after_config then include config then change the cfg wwwroot then define abort_after_config_cancel then include setup. Otherwise you could spoof the host otherwise you can delete the check in Tue lib/setup.pup file
Not sure quite what you are trying to achieve here but any of the following may work.
(1) If you have a stand-alone platform you want delivered within an LMS framework then you might offer a counter proposal of developing it in your preferred environment but wrapping it in LTI. Moodle can then deliver it via the External Tool plugin and you can get two-way communications between the two for authentication and tracking.
(2) Doing it in Moodle
Create an authentication with a login_hook and make sure this is is moved to the top of the authentication plugins list so that it is checked first before the others. Use the hook to process the hex key (as GET or POST parameter) or take you to an alternate process and return true (or create session). You could also use the 'alternative login page' in the authentication settings alongside this plugin hook. This should take of authentication.
If enrolment is not an issue then create your plugin as a local plugin (not mod) and use the above hook to redirect to this page after login. This gives you a bit more flexibility in the libraries you use and you can still use front-page enrolments if necessary as a workaround. If you really need enrolments, course roles, and gradebook then use a mod to leverage these. There is a single activity course format in the latest Moodle that gives you a format to run just your bespoke activity on its own.
Finally develop your own layout type in the theme for the local plugin if using that or for the course and incourse layouts if using courses so that you can control what of the standard Moodle navigation and structure you want.
If the plugin is sharing a Moodle already being used for other activities then you'll need to be sensitive to this. If you're just running your own thing then it will be much easier.
(3) Use Web Services to get what you want from Moodle in your own App.
I've created a simple web based game (text driven) in PHP and have recently become very interested in moving this onto Android - originally i thought the game could be rewritten in Java but after some investigation i found you can embed pages straight into an Android application.
Am i missing something or will i be able to simply embed my web application into Android and expect it to work flawlessly? Is there any issues i should be aware of? My app uses a login system utilising sessions / cookies - will this pose a problem for Android users?
I'd be interested in hearing anyones thoughts that have done something similar and any issues they've encountered. The only issue i forsee is how the page renders on different phones (although this i imagine this can be somewhat nullified by good markup and well thought out javascript) and any issues in regards to sessions / cookies?
If anyone has any good resources for doing this sort of work i'd be grateful.
As a final thought it'd be good to hear peoples thoughts on whether i should rewrite it or keep it embedded, what are the benefits of rewriting it?
Thanks
The WebView class provides access to a full fledged webkit browser. As a matter of fact, the default Android Browser itself is implemented using that very same WebView implementation. Javascript, Sessions and Cookies should be no problem whatsoever, you probably just have to activate them (see WebSettings).
Even flash should more or less work on newer devices, but I don't have any experience with that.
See http://developer.android.com/reference/android/webkit/WebView.html for further details.
Generally, using Apps as so called "launchers", i.e. apps that basically only contain a browser window are somewhat frowned upon, since the android market isn't meant to replicate the world wide web. I do somewhat understand the need for that though, since visibility is much higher and Google does not yet provide a way to treat web apps as first class citizens, like they do for Chrome OS.
On the other hand, if your app already works fine using php, I don't see any need to rewrite it in native code.
Take a look at http://phpforandroid.net/
I have a client running an ASP.NET application. Inside of that, there's a self-contained PHP wiki. The problem is that the wiki won't use the .NET authentication, so requests directly to http://foobar/path/wiki/ will resolve without forcing a login.
My simple solution for this is to run the PHP application in an iFrame from an .aspx file that will force authentication, and then use PHP to detect if the page is loaded outside of a frame and redirect if so.
I know this can be done with JavaScript quite easily, but I would prefer to do this test server-side before the Wiki content loads. I need help figuring out a way that this can be done. Referrer comparison perhaps?
Any suggestions?
Thanks!
There is no way to tell on the server-side if a client's browser is loading a page within a frame, tab, or dedicated window.
What you can do is have your .NET application set a cookie after authenticating that the PHP application will read. If the cookie doesn't exist then do a redirect to the authentication page.
Even with JavaScript this is not secure. One could simply request the Wiki pages and ignore the JavaScript. For example, I could use WGET to pull down all your content without ever authenticating.
If security is important, I would highly recommend figuring out a way to make the PHP app aware of the authentication.
The simplest approach, if this is all on one server, would be to have the .NET application store some sort of token after authenticating, somewhere PHP can access it. Then set a cookie that the PHP wiki will receive and check that value is a valid session for each request.