I've been working on a site (for my company) to allow selected data center users to remotely access a scheduling calendar and some pages offering information on the various servers they are coming to the site to access--on a separate site. Initially, I was under the impression that I'd be creating a database and registration page to add, authorize or track end users. My initial project coding has been a combination of HTML, PHP, CSS, and MySQL and Apache for the database side. Now I've been told that we will be using AD, tied into our company's official Active Directory, so that users can use the same IDs and passwords that they've already had approved by our company.
My question is (hopefully) simple. Is there a certain web programming language that I should use in creating the pages that works better with Active Directory than others?
If you are comfortable with PHP, you should be able to achieve the above no problem!
The beauty of PHP is that someone somewhere along the line had the same problem as you so chances are, there's an established solution already.
adLdap seems to be a good solution, a library that already does most of the hard work for you and all you'd need to do would be integrate it into your script!
See: http://adldap.sourceforge.net/wiki/doku.php?id=documentation_user_functions
Hopefully this can make it a little easier for you so you can concentrate on the other things like the actual functionality of the website itself.
Related
I recently obtained a domain and website through bluehost. They have Wordpress installed and I am unable to figure out how to bypass it so I can code old school. I would really rather learn Wordpress but don't know where to start.
So two questions:
1.
what wordpress files are blocking me from the site recognizing the usual Default page's code? (I create test html in Default which is bypassed somehow and will only show Wordpress default page in progress; my code is not overwritten; just ignored?)
2.
I'd be happy to learn myself, but don't know a good resource. Went to Wordpress site and they have free webpage I can play with. Should I just get the free one in order to learn whats what...or is that going to be dumbed down and different than having it installed in webhost site?
I am a fairly advanced programmer and feel that I should be able to pick this up rather quickly if I can only get past this first hurdle.
Thank you for any information or suggestions.
What loads by default at a domain (ex: www.yoursite.com) is controlled by the web server which uses a configurable list of filenames like index.html, index.php, Default.aspx etc. You can learn more about how that works here.
Normally, your web host will allow you to have some control over that list, and the precedence one file takes over another when the web server refers to the list. Perhaps you have an administrative interface or dashboard control which allows you to configure this for your site. If not, you'll have to contact support at your web host to have changes made to that list.
1) Nothing is blocking you from seeing a page on your web server at a specific address, only from allowing one page or another to be what loads by default at the root web address, as explained above. If you have FTP access to your website directory, and can upload a file there, you can still browse directly to it, even though the WordPress installation's default page is showing up at your root web address. Just enter the specific file name in your browser, and you will browse to that page, ex: www.mysite.com/somepageicreated.html
2) Learning is always good either way, but you either want to learn to make WordPress sites or you want to learn to make your own websites. I'll assume WordPress for now, since you mentioned a preference for that platform. Just remember though: working with WordPress sites is not making your own website, it is changing a WordPress template to be as close as possible to what you want your website to be. This may or may not suit your requirements.
Playing with a free example from WordPress can be very useful for picking up the basics. Once you've played there for awhile and feel a bit more aware of how things work, take what you've learned and apply it to shaping your own site into what you'd like. Just remember to always create a backup of anything you mess with, so you can always return to an earlier state if you really mess things up good :)
Good luck!
Long time reader first time asker, if my question is silly or missing info or miss titled lemme know and I'll fix it.
Okay, so I'm working at a community center for the next 8 weeks as a tech help assistant, I'm also a CS student.
They have a web application that is quite old running locally on an iis server (version 7). It's for keeping track of their members, events and registration It's written in asp.net and is using and Access database. They also have a wordpress website (php, mysql, apache) for advertising events and sharing information about what's going on in the community.
What they would like is to link their wordpress to the local application. I've been racking my brain about if this is even possible or not. I'm leaning towards not possible because the local application and shouldn't be outward facing as it has sensitive data on it and was not designed to be secure in the face of would-be hackers.
The only solution that I could think of is create a "walled off" section of the computer hosting the local application. Also an outward facing port that accepts incoming data from the wordpress site that is then passed onto the access database as an update (increasing a counter for the amount of people registered to a program). It needs to be possible for a file to have some kind of global (from the web) executable permissions and have all the other files on the localhost computer locked down from this global permission.
We would also need to be able to get 2 boolean values from the local app for the wordpress site. This is for if the program/camp/whatever is full and if the update was unsuccessful in the event of something going wrong. I'm just not sure if something like that is even possible and where to start with that. The most important thing is that it's secure.
If a secure API could work I have time to create something like that.
I don't have enough time to upgrade their local system to make it safe enough to be online because I have to run tech help sessions. I know that is the most realistic option.
Thanks very much
What they would like is to link their wordpress to the local
application. I've been racking my brain about if this is even possible
or not. I'm leaning towards not possible because the local application
and shouldn't be outward facing as it has sensitive data on it and was
not designed to be secure in the face of would-be hackers.
I think you've hit the nail on the head right there. It looks like you have a decent understanding of the situation but not of their internal app. The fact is that it's hard to scope something like this without getting in and getting details. Step 1 would be to see if you can talk to whoever it is that built the thing and get their feedback. It might be secure enough to expose some sort of connection.
Really there's not enough information here to determine a good answer, and you should be wary of anyone that says it's secure. There are a ton of factors that go into web security.
You might be able to throw together a basic RESTful API with authentication to send only to the wordpress site's IP. But if it's sharing the IP that information can be consumed by third parties so you'll have to decide if that is an okay risk.
I wouldn't try and expose everything and partition with apache. A basic RESTful API with authentication would be best at first glance IMO. That way you only show consumable data and limit what can be used.
I'm developing a Wordpress plugin that requires API credentials for Facebook.
Ordinarily I'd advise the users of the plug-in to sign up for their own API keys and allow them to be entered as plug-in options, however this plug-in requires extended permissions. Which as I'm currently in the process of finding out are an absolute ball-ache to get, take up-to 7 businesses days to have reviewed and the reviewers don't actually read the requested instructions on how the application is being used.
Can I write a plugin that is basically a wrapper around my hosted version of the code, this way I can allow users of the plugin the benefits of the extended permissions without giving away my APP ID and APP SECRET
Thinking something like...
require_once("https://www.myplugin.com/FacebookPlugin.php");
Here's the obvious problem, this wouldn't work for hosted versions of Wordpress as they don't have access to plug-ins anyway and I believe it would require the owner to allow remote file inclusion, which is putting a lot of trust in me as the host of the remote file not to execute nasty scripts on their server.
So how do I offer the functionality of my plugin to other users?
I think this question is closely related to this question.
I do not think there's more you can do, except still having your separate server which can be triggered using HttpRequest::send from within the plugin, and ship encrypted Keys from there each time somebody is accessing your plugin.
Might be a performance-Killing approach, though, especially if your server is not that fast.
I am working on an Android application that will allow users to gain access to certain sets of files and then sync them with their device for offline use. Thus, when they first download my app, they will have no account or files, they will have to create an account, then enter an access code to gain access to certain file directories for download.
I have the majority of UI of the app completed, and it now needs to be 'plugged in' to a backend. I am a little familiar with PHP as I have done a few dynamic websites, so I am familiar with working with phpmyadmin, but I really want to make this backend schema well made and able to handle business.
I don't know where to start to design the relational databases and all the other factors I may have not even thought about yet. Does anyone have any good references, tutorials, anything that may help me take this next step?
if you want to learn about data base modeling, these websites can give you a good start example2 example3
or do you wish to learn about SQL coding?
I am tasked with writing a relatively small and simple PHP web app which will use a small database. Authentication for this will be through randomly generated hex keys in the query string which are generated by an administration page and emailed to desired users.
This is all fine so far, but here's the catch:
For various political reasons, we are forced to make this app a Moodle module. I can use the Moodle database in MySQL, but I will be working with my own tables which do not interact with Moodle, and Moodle will not interact with my tables. I must also to use the Moodle database abstraction rather than direct PHP->MySQL access.
I do not want my users to know they are operating within Moodle. They shouldn't need to log in to Moodle to access my web app, and they probably won't have access to Moodle anyway. Those users who do have access to Moodle shouldn't see this web app in their list of Moodle functions.
I've thrown together a few small PHP pages, included some Moodle libs, and placed the code in the moodle/mods directory. Accessing the PHP pages on the server with the URLs directly result in a Moodle error, since I'm not accessing the module through proper channels. I get the "Incorrect access detected" error.
Is what I'm tasked to do even possible? If so, how is the best way to accomplish it? Do I need to write an authentication module and then an activity module? Is there any way to bypass all of Moodle's authentication and simply use the database abstraction without editing the core Moodle configuration files? (I know it's possible by modifying the Moodle code, but that is sadly not an option).
I have plenty of PHP experience, but I only have about 4 hours of Moodle experience and I'm getting nowhere fast.
It sounds to me that you might be trying to access the script while coming in from a host other than what poodle has specified in its config file. You could try dumping you http_host and noodles wwwroot to see if the line up. I'm less familiar with 2 than 1.9 but you might be able to define abort_after_config then include config then change the cfg wwwroot then define abort_after_config_cancel then include setup. Otherwise you could spoof the host otherwise you can delete the check in Tue lib/setup.pup file
Not sure quite what you are trying to achieve here but any of the following may work.
(1) If you have a stand-alone platform you want delivered within an LMS framework then you might offer a counter proposal of developing it in your preferred environment but wrapping it in LTI. Moodle can then deliver it via the External Tool plugin and you can get two-way communications between the two for authentication and tracking.
(2) Doing it in Moodle
Create an authentication with a login_hook and make sure this is is moved to the top of the authentication plugins list so that it is checked first before the others. Use the hook to process the hex key (as GET or POST parameter) or take you to an alternate process and return true (or create session). You could also use the 'alternative login page' in the authentication settings alongside this plugin hook. This should take of authentication.
If enrolment is not an issue then create your plugin as a local plugin (not mod) and use the above hook to redirect to this page after login. This gives you a bit more flexibility in the libraries you use and you can still use front-page enrolments if necessary as a workaround. If you really need enrolments, course roles, and gradebook then use a mod to leverage these. There is a single activity course format in the latest Moodle that gives you a format to run just your bespoke activity on its own.
Finally develop your own layout type in the theme for the local plugin if using that or for the course and incourse layouts if using courses so that you can control what of the standard Moodle navigation and structure you want.
If the plugin is sharing a Moodle already being used for other activities then you'll need to be sensitive to this. If you're just running your own thing then it will be much easier.
(3) Use Web Services to get what you want from Moodle in your own App.