We have a site where we are intending to sell access to video tutorials. I have set up Joomla ACL to limit access to those pages only to those users who have been given the relevant access permissions and access is being sold through shopping cart called MijoShop.
This setup is working okay at the moment, but there is bit of an issue with user experience. At the moment it seems I can only stop people from viewing a page, but I can't see an easy way to show them alternative content with Joomla ACL. Ideally, if a logged-in user does not have access to a certain video tutorial page, when they click on the link to the page they will instead see a page giving them an opportunity to buy access to the tutorial. This means that I need a method for showing different content on the same page depending on which Joomla user groups a user is assigned to. Is this possible with vanilla Joomla ACL, or am I going to have to find a content management extension that can add the ability to do this?
You should be able to do that with the Vanilla ACL. IIRC you can setup various groups with access to different tutorials/pages/things - then you can make a member a part of multiple groups - thus giving them access to those things as needed.
If unable to do something like that - then I think George Wilsons comment would suffice for a while and you could implement some if/then/else type statements into the code of the article which would work.
Your best bet however is to try the ACL solution first and foremost as that allows you to keep things generally more easy to manage from a backend perspective.
Related
what i have to build is page that have some pages that are restricted and some are not on similar links. I`ll try to explain it on example:
Let's say that i have users in my system (based on FOSUserBundle), and each of them have own account that contains a Blog and Gallery (different controllers). Some of User want to give access to thier Blog and Gallery only for certain group of people (that are not stored in system), so they generate token (only one token, so whoever know token will be able to access area) and sends to Users. What i don`t want to do is to check it in each method of controllers.
So let`s say we have 2 users, steven and stan and first of them want to make his blog and gallery free to see, but second one want to be restricted based on token.
Link would be like this:
/steven/blog
/steven/gallery
/stan/blog
/stan/gallery
Could anybody recommend some solution or any idea how can i try to build it in Symfony2?
Why don't you want to check it into the controllers ? I don't see any others ways to do that, according you want it to be dynamic and possibly changing.
Hello and thank you in advance!
I am setting up a site and it needs both a blog and a shopping cart. I would prefer to have them both have the same user database and session, so that if they log-in to one they log-in to the other. I was wondering if anyone has had experience with this and if they found that two specific platforms that worked well together or a single platform that fulfilled both roles well. The shopping cart doesn't need to be more than basic.
I was thinking of using magento and phpBB or Magento and wordPress but I am impartial to any specific platform.
Thanks again!
Oh and obviously it must use PHP and MySQL ;-)
Will the two software on the same domain ?
I have done this using opencart and wordpress and because it was on the same domain we can easily get the session.I just checked the session and accordingly I make user loggin at both the ends.
For eg : my site url was www.abc.com and blog at : www.abc.com/blog
Generally speaking, if you use two different software, you'll have :
two distinct user tables -- and two distinct databases probably (which is not a bad idea)
two distinct login mecanisms
But you could put some kind of Single Sign-on mecanism in place, so loging in on one also logs you on the other one.
This is not often done out of the box ; but there are sometimes plugins that will help you implement SSO.
There are often plugins for your forum or the blog to authenticate against a different system, be it LDAP or another database. They generally don't support it out of the box.
See Share login info between CMSs (Wordpress and phpBB) for an answer to a similar question.
For my Social Networking Site, I would like to build a facebook, or twitter similar URL rewriting naming convention.
Using Twitter as an example, they have pages labeled twitter.com/about and another page labeled twitter.com/{$username}
However, how do you differentiate between say a user who has registers on to our site as "about" then. From this we are going to have a server conflict between the user "about" and the page about.
What is the best way to handle this?
Usually, you'll see this implemented so that conflicts are not possible. For instance, you could camp all users inside a virtual /users directory, or a subdomain: mysite.com/users/msilvis, or users.mysite.com/msilvis.
I would not recommend that you make all users accessible via the root directory of your site, because this could potentially restrain you from adding pages. For instance, suppose you do not have yet an "about" page, but a user registers and calls itself "about"; you're screwed.
If you still choose to do so, before registration, try an HTTP request to your website to the page the user would have. If you don't get a 404, then something already has that name.
What our final decision came down to, was upon requesting a page on our server mysite.com/user, it first checked to see if that was a page, if it IS NOT a page, it assumes that it is a user, in which case it checks to see if that user is an object, if it is not then it gets passed to our 404 page.
So ontop of this, we are going to use the HTTP request like you mentioned earlier, and then if some how user "about" still signs up which we now have a page for, essentially sucks to be him because he is not going to see his page.
I would restrict the ability for someone to create a username that would conflict with existing urls.
If you're still in the early stages of development, you could look at the Kohana PHP framework. It's routing features solve the problem highlighted by zneak and dd, you would simply define in your routes that http://yoursite.com/about would point to a particular controller/action, i presume you're using the MVC design pattern considering you want a twitter like url structure.
Hope that helps!
EDIT: I forgot to mention that this doesn't stop people from signing up as about, it would just prevent the rest of the world from being linked to that persons page, in order to prevent them you'd need to employ some kind of validation against your core pages aka about, contact ect.
I am building a website in PHP & mySQL. It has frontend and backend capabilities. Only admin can enter the backend by means of username and password. Now if the admin wants to add other sub-admins to the website, he could do so. By this method, a sub-admin will be able to login and perform all actions that the original admin is able to do.
WHAT I WANT TO DO:
I want to restrict the access of the sub-admins at my choice and assign them permissions so that they are able to access only certain portions of the admin panel.
EXAMPLE OF THE FEATURE THAT I AM TALKING ABOUT:
Consider that I have the following links accessible by original admin.
1. Add articles 2. Approve articles 3. Delete Articles 4. Add User 5. Edit user 6. Delete User 7. Change site settings 8. View Financial info 9. Mail center
If I do not set any permissions, then all sub-admins will be able to access all of above links. Say I create 2 sub-admins 'David' and 'Bob'.
Now I want David to access only the following desired sections of the backend:
Add articles, 4. Add User, 7. Change site settings
Now I want Bob to access only the following desired sections of the backend:
Add articles, 2. Approve articles, 3. Delete Articles, 4. Add User, 9. Mail center
I, being the original admin, should be able to access all sections whereas, David and Bob, should be able to see & access only the links and pages (or functionality) that have been assigned to them. I don't have a clue as to how to do this. Also, for example, if I want to restrict a sub-admin to access only 'Add articles' page, then I also want him to access the page that it posts to (considering that the input is on Add articles page) add_articles_next.php page. Also note that 'add_articles_next.php page' does not appear anywhere in the list of links. It is merely a page that is posted to from the page to which the sub-admin has access.
I understand that there is no way for the system to know that unless I explicitly specify it, but yes, that's my question. How to do it? I am not a object oriented person, so PHP code using functions will be great for me.
OTHER LIVE EXAMPLES OF THE FEATURE THAT I AM TALKING ABOUT:
I came across a feature while researching this topic. Click here to visit it. This looks like somewhat similar feature.
Thank you all in advance for any code that you can give me.
This has been asked a number of times before on SO. The keyword to search for is Access Control Lists (ACL). One of the most prominent PHP solutions for ACL is Zend_ACL. It's very generic and should enable you to customize it to your needs.
Edit regarding your comment about object oriented libraries:
Finding an ACL solution that is not object oriented is going to be very, very difficult as there are very few good ACLs for PHP on the market (Zend is about the only one I know, really) and most modern applications are taking a more or less object oriented approach. But don't worry, check out the tutorials. I think you will have no problem using Zend_Acl in a function oriented app. You will need to talk to the ACL via OOP, but that's easy. I don't think you'll have to change your app much. Give it a try, and on a general note, basic OOP isn't difficult to learn. Just give the "Classes and Objects" chapter in the PHP manual a good read.
I'm building a site with Joomla where a forum should exist amongst other things. But also I plan to develop a custom made functionality (diary-like) with a php inserts (it really works, for example with jumi). The problem is that I suppose nobody will understand if the forum and this sub-site will have separated logins. I'd use an existing forum authentication for my code also, but I don't like the idea that the login will look like forum-only login. I see there are bridges exist (like JFusion), but should I choose one particular forum extension if I plan to use a particular bridge extension? And are bridges easy to access with custom-made php code?
If this is for a Joomla 1.5 website, you will want to create a user plugin that will log the user into your custom site as they log into Joomla. Take a look at plugins/user/example.php for an example user plugin. The onLoginUser function will be called just after someone successfully logs into Joomla. At this point, you'll have all of their data in the $user array that's passed into the function. You should be able to use this information to create a bridge into your external PHP application.