For the first time I need an admin panel for my PHP application and I thought I had it figured but now I am not so sure. My initial thought was this.
I would create a function to test whether $username, $password are in the database. If they are then I would set $_SESSION to TRUE. Given the site has multiple access levels it would also need to check the user role.
This is all fine, on arriving at the admin panel you enter your username and password then role, if all is ok you get to the admin panel, if not you are redirected to the login page.
What I am thinking though is that in the interest of reusable elements I would want to adopt the same principles in the admin section as on the main site, that is to have a header.php, footer.php and a content.php that will contain whatever it is the admin has chosen to view or do.
There is my issue. If in the header.php I call the doesUserExist function, even if the user is not logged in they can still access the content.php or footer.php pages.
I must be missing something really simple here, the option of checking if the user exists on all 3 pages appears somewhat bloated.
Am I looking at this the wrong way? Is there a method whereby you can check if the user exists and it they do apply user control to the entire admin directory regardless of what they access?
All the examples I could see did not cover this and that makes me wonder if there is a good reason..
Thanks in advance for any suggestions.
Maybe you do something like this:
In another inlcuded PHP page, or maybe in header.php, run all of your checks, like doesUserExist() and such, and assign variables based on your results. Then use those variable to create the page's content.
$content = "Content for a non-logged in user.";
if (doesUserExist()) {
if (getUserType() == 'admin')
$content = "Conent for Admin user";
else
$content = "Content for non-Admin user";
}
Then, use $content, and any other related variables that you created, to fill in your html:
<h1><?=$content?></h1>
Obviously this code is very simplified and just for illustration. getUserType() is just my arbitrary example of a function to determine the user type, and the code here would certainly require more complexity to get all the data you need to build the appropriate page.
Related
I am working on a simple website that requires users to enter information in order over 3 different pages. So they need to go from page A to B to C. How can I stop them from typing in www.example.com/pageB.php, which skips page A?
Also, I'm not even sure what you call pages that must be visited in order, so any suggestions for google search terms on this also appreciated.
You can store vars in session to check whether the user has visited previous pages.
page1.php
<?php
$_SESSION['has_visited_page1'] = true;
....
page2.php
<?php
if (empty($_SESSION['has_visited_page1'])) {
exit('You must visit page 1 first');
}
If it's a form, you can store in session the field values from previous page.
you can check page refer info if the page refer not your expected then redirect it or show something you wanted
edited1
in PHP, you can try the code in your pages
var_dump(#$_SERVER["HTTP_REFERER"])
you'll know how to write it.
I'm working with MVC (php) for a tiny website.
For the moment, each view is included from the controller, but just one HTML file per controller.
To begin to optimize (I think), I want to cut some files in two/three parts :
header.php (just html headers).
Headband : this part is my problem, because if a user is connected, I want to display user informations, if he's not connected, I want to display "Register/Login" links. Am I forced to create two different files for this headband ? Is it really a good practice ? it seems not to be a proper way...
If you know some best practices or exemples, thank you.
Footer.php, not important.
I'm certainly no expert when it comes to MVC architecture, but I believe that you should have some logic in your controller to determine whether you need to display the register link or whether you need to display account info. You'd save this in a variable. Then, in your view, depending on the value of the variable you've set, you display one or the other, which can be included as other views themselves.
A bit of pseudocode:
Controller:
if (user is logged in) {
display = 'register link'
}
else {
display = 'account info'
}
View:
print display
I am facing pretty specific problem right now. I am redoing a forum so there are reply buttons even though the user is not logged in. I am using Kunena. When user who is not logged in clicks the button a Core Design login popup will pop up and after the login the user will be redirected to the reply page.
Now I have this all working except one thing. I am not able to pass the correct redirect address to each of the modules.
Here is the code the render the plugin, I am passing the message id variable (different for each comment and crucial to get to go to correct reply page) :
jimport( 'joomla.application.module.helper' );
$module = &JModuleHelper::getModule('mod_cdlogin');
echo $this->message->id;
$attribs = array('comment_id'=>$this->message->id);
echo JModuleHelper::renderModule($module,$attribs);
This is inside a foreach loop for each comment on the page. The reply address is:
forum/forum-category-alias/2141-topic-alias/reply/2889.html
The last number being the ID is crucial for me. I am not able to pass this id to the module. I am but only the first one 2889 gets through. All of the login form modules has this same id, even though it should be higher.
So my question is: why does this module gets the same ID every time it is rendered? Cache somewhere? I have run out of options. Thanks for your help!
Does anyone know how I can manipulate joomla to only allow one view per user to certain articles? I am looking to make the article gray out and not allow the user to click on it after it has been viewed for the first time. Any help would be much appreciated.
Thank you,
Dave
This is would probably have to be a plugin. This could only really be reliably done on a page that requires a user to be logged in and you can't just register new accounts. Also someone could just copy the text the first time and then your security is moot. Nevertheless, the plugin would have to track the page ID and the user ID and when the visit the page a row gets added to table. Then you could have a page template where you check that table and if the row exists for that page id and user you do whatever to the content otherwise display it as normal.
I'm not sure why you would want to do this, but it would take a plugin that does several things. First, your content would have to be available to registered users only. Cookies would work, but it would be really easy to clear your cookies to regain access to the content. Next, the plugin would need to record every visit to the page, the record would need to include the userID. Last, the plugin would need to look up the specific user that is trying to access an article and check to see if they have been to the page before.
However, all of that work would not prevent anyone from registering another account to access the content again. Or copying and pasting the content or saving the page locally. Why would you want to limit your users to a single page view?
The only correct way to do is create a plugin "content" that will check the database in the field "hits". If it is greater than X, you can redirect Joomla to block his access:
$mainframe->redirect('index.php', JText::_('AN ERROR HAS OCCURED'));
The advantage of this method is that you have the option to reset the counter in the administration of articles
As for the display of the results list, I advise you to use your html file of your template to make such audit and carried away those who are no longer available.
Using the profile module I've created a textfield called profile_real_name which the user fills out when registering. How do I access this variable in the node.tpl.php?
I used the dsm($user) function to output the user variables and it contained everything except the data for the profile_real_name
I also ran dsm($vars) on the phptemplate_preprocess_user_profile and I could see it contained an object called account which did contain the info I needed but this object isn't available in the $user variable.
Many thanks
If you want to access the author's profile information in node.tpl.php, then you want to work with a phptemplate_preprocess_node function rather than the user_profile one. The node preprocess function doesn't have an $account object by default though, so you'll have to load it in:
This goes in the phptemplate_preprocess_node function in your template.php file:
if ($vars['uid']) {
$vars['account'] = user_load(array('uid' => $vars['uid']));
}
Then you would be able to access the author's profile values in your node.tpl.php. The value you asked about specifically would be:
print($account->profile_real_name);
However, it sounds like you might want the node author's name to appear as the profile_real_name value rather than their account name?
If so, a MUCH more efficient way would be to override the theme_username function.
That's not directly what you asked about so I won't go into it here, but this post on the drupal.org forums would be an excellent place to start for Drupal 5 or 6:
http://drupal.org/node/122303#comment-204277
$account is what you usually call a user that isn't the global user to avoid accidently overwriting the global user which would result in the user be get logged in as that user.
I just did a bit of checking and the easiest way to solve your problem is to use $account in the template instead of $user.
Using $user in the template or doing like WmasterJ suggests is faulty. You will post the wrong data. You will post the data of the logged in user not the data of the user who's profile is being watched. This bug will happen when you view all other users' profile than your own.
Preprocess functions is not hard to make, in your template.php file in your theme you just replace phptemplate with your theme's name defined the code. In this case you wont need to alter the preprocess function, since you already have what you need.
If you want to do this within for instance the user-profile.tpl.php all the information you need exists within the $account array.
Otherwise you can access user data by loading a user object based on it's id (of the currently logged in person that is, or if you can query the DB and get uid that way).
First get the uid of the current user:
$uid = $user->uid;
Then load the a user object:
// Create user objets based on uid ()
$user_obj = user_load($user->uid);
Then load that users profile variables:
// Load profile
profile_load_profile($user_obj);
Now the $user_obj variable (which is passed by reference to profile_load_profile) has an object with the the profile information that can be accessed like this:
$user_obj->profile_real_name
Hope it helps!