I am in service controller, login action (/service/login) and I want to pass the name,email and company to profile controller, register action(/profile/register).
Currently I am doing this way
$this->_redirect('/profile/register/?name='.$name.'&emailid='.$email.'&companyid='.$company);
But I want to pass this info to /profile/register in a way such that the user can't see these in the url.
I tried with $this->_forward like this
$params = array(
name=>$name,
emailid=>$email,
companyid=>$company
);
$this->_forward('register','profile',null,$params);
But this isn't working. Is there any other way I can do this?
To pass parameters securely, you should store the data in a session, or if you cannot use sessions, then in the database.
You could use Zend_Session to store the data temporarily until the next page view where you can retrieve it and it will be deleted (or you can let it persist).
$s = new Zend_Session_Namespace('registrationData');
$s->setExpirationHops(1); // expire the namespace after 1 page view
$s->name = $name;
$s->email = $email;
$s->companyId = $company;
// ...
return $this->_redirect('/profile/register);
And then in profile/register:
$s = new Zend_Session_Namespace('registrationData');
$name = $s->name;
$email = $s->email;
$companyId = $s->companyId;
// when this request terminates, the data will be deleted if you leave
// setExpirationHops as 1.
See also Zend_Session - namespace expiration
Related
I'm using forward plugin in testing and performance purposes.
At first IndexController data passes through normal POST request.
There I get this requst and POST data and I need add one more parameter to it.
$this->getRequest()->getPost()->subsystem = 'avia';
Than I use forward plugin
$result = $this->forward()->dispatch(
"Port\\Controller",
[
'controller' => 'Port\\Controller',
'action' => 'port',
]
);
And whan I'm in this PortController I would get my request POST data again and it SHOULD contain my changes from IndexController
$post = $this->getRequest()->getPost();
isset($post['subsystem']) //true
But it does't. It get's request object without changes.
isset($post['subsystem']) //FALSE
How to change Request globally for all controllers in current request process?
What i'm already trying?
//#1
$params = $this->getServiceLocator()->get('ControllerPluginManager')->get('params');
$params->getController()->getRequest()
->getPost()->subsystem
= 'avia';
//#2
$this->getRequest()->getPost()->subsystem = 'avia';
//#3
$post = $this->getRequest()->getPost();
$post['subsystem'] = 'avia';
//NEED UPDATE GLOBALLY !
$this->getRequest()->setPost($post);
//#4
$event = $this->getEvent();
$event->getRequest()->getPost()->subsystem = 'avia';
Debug::vars($event->getRequest()->getPost());
//#5
$_POST = $post->toArray();
And all this variances not working.
I'm already read this answer
ZF2: How to pass parameters to forward plugin which I can then get in the method I forward them to?
But I don't want pass data through params, I need change Request.
UPD
But now i'm tested and maybe it was because on receiver side I tried to get request this way
$request = $this->bodyParams();
But I should use it like this
if (!$request['subsystem']) {
$request = $this->getRequest()->getPost()->toArray();
}
It was because I used Apigility RPC service and placed post data in JSON format in Request Content field, not in POST. And in another place I tried get it
$params = $this->serviceLocator->get('ControllerPluginManager')->get('params');
$requestContent = $params->getController()->getRequest()->getContent();
$request = Json::decode($requestContent, Json::TYPE_ARRAY);
But after I started to use POST and that's why it started to be confused.
I am not sure if this is really something you should do but I think you should be able to achieve it like this:
$parameters = $this->getRequest()->getPost();
$parameters->set('subsystem', 'avia');
$parameters is instance of Zend\Stdlib\Parameters.
My problem: I can't access session data in the view, which I tried to save in the controller before rendering the view.
In my opinion there's an error when storing the session data. (It's necessary for me to modify the session data after creating it, not only in the single action.)
ProcessController.php
public function actionNew() {
$formhash = md5(time());
$hashList = array();
$hashList[$formhash]['processingNumber'] = '';
//fill with empty model
$hashList[$formhash]['model'] = $this->loadModel();
//store hashList in session
Yii::app()->session['hashList'] = $hashList;
$this->render('/process', array('hashValue => $formHash));
}
Now in the view I need the data from the session to show them to the user. But when dumping the hashList it just dumps "null" (Maybe because the saving in the controller didn't went well).
process.php
<?php
$form = this->beginWidget('CActiveForm', array(
'id' => 'process_form',
//several other things...
));
//Output: null
CVarDumper::dump(Yii::app()->session['hashList'],10,true);
?>
I tried to use $_SESSION instead of Yii::app()->session, which gives me access to the data in the view. But when handling other actions in the Controller the $_SESSION variable is undefined.
Any suggestions?
Thank you.
Long answer is:
Regarding to this documents:
$session=new CHttpSession;
$session->open();
$value1=$session['name1']; // get session variable 'name1'
$value2=$session['name2']; // get session variable 'name2'
foreach($session as $name=>$value) // traverse all session variables
$session['name3']=$value3; // set session variable 'name3'
You can use as well:
Yii::app()->session->set('hashList', $hashList);
Yii::app()->session->get('hashList');
And set it again.
Beside this session thing, why do not you use this:
$this->render('/process', array('hashValue => $formHash, 'hashList' => $hashList));
So you do not need to save it in a session if you can reach it directly into the view.
According to the documentation your code should work. An alternative might be to use the following, but it does the same:
Yii::app()->session->add('hashList', $hashList); // set the value
$hashList = Yii::app()->session->get('hashList'); // get the value
I expect the problem either a debugging problem, meaning you have observed cached or otherwise outdated data or a problem in parts of your code that you have not shown.
I'm developing a Joomla 3.x plugin, and want to be able to change the plugin parameter set in the plugin's manifest file programmatically. I believe I need to use a JRegistry object, but I'm not sure about the syntax.
Here's the issue:
// token A is set in plugin params as defined in plugin's XML manifest
var_dump($this->params->get('token')); // prints token "A" as expected
// do some stuff to get a fresh access token, called token "B"
$tokenB = $function_to_get_fresh_token();
// set the new token
if ($tokenB) $this->params->set('token', $tokenB);
var_dump($this->params->get('apptoken')); // prints token "B" as expected
the problem is that on subsequent page reloads, the token reverts to tokenA rather than what I assumed would be the stored value of tokenB.
How do I store the tokenB value in the plugin's parameters in the database?
This is a working example of how to change plugin params from within the plugin (J! 3.4):
// Load plugin called 'plugin_name'
$table = new JTableExtension(JFactory::getDbo());
$table->load(array('element' => 'plugin_name'));
// Params can be changed like this
$this->params->set('new_param', 'new value'); // if you are doing change from a plugin
$table->set('params', $this->params->toString());
// Save the change
$table->store();
Note: If new params are added by plugin dynamically and the plugin is saved afterwards, these new params gets deleted. So one way to deal with it is to add those params as hidden fields to plugin's config XML.
This is just an outline, but something along these lines
$extensionTable = new JtableExtension();
$pluginId = $extensionTable->find('element', 'my_plugin');
$pluginRow = $extensionTable->load($pluginId);
// Do the jregistry work that is needed
// do some stuff to get a fresh access token, called token "B"
$tokenB = $function_to_get_fresh_token();
// set the new token
if ($tokenB) $this->params->set('token', $tokenB);
// more stuff
$extensionTable->save($pluginRow);
I spent a lot of time googling and reading and found no real answer to this. Oddly enough this doesn't seem to have been provided for in Joomla. So here's what I ended up doing:
1) build a function to get your plugin ID, since it will change from one installation to another
private function getPlgId(){
// stupid hack since there doesn't seem to be another way to get plugin id
$db = JFactory::getDBO();
$sql = 'SELECT `extension_id` FROM `#__extensions` WHERE `element` = "my_plugin" AND `folder` = "my_plugin_folder"'; // check the #__extensions table if you don't know your element / folder
$db->setQuery($sql);
if( !($plg = $db->loadObject()) ){
return false;
} else {
return (int) $plg->extension_id;
}
}
2) use the plugin id to load the table object:
$extension = new JTableExtension($db);
$ext_id = $this->getPlgId();
// get the existing extension data
$extension->load($ext_id);
3) when you're ready to store the value, add it to the params, then store it:
$this->params->set('myvalue', $newvalue);
$extension->bind( array('params' => $this->params->toString()) );
// check and store
if (!$extension->check()) {
$this->setError($extension->getError());
return false;
}
if (!$extension->store()) {
$this->setError($extension->getError());
return false;
}
If anyone knows a better way to do this please let me know!
Can somebody help me guess out this code..this is just a snippet and I think I included all the codes needed for my question. Actually this code is from hybridAuth. My question is, where does "user_id" from the last line came from? I wanted to know because $_SESSION["user"] gives the value of the "id". And I wanted to make another $_SESSION[" "] where I can place the value of email-add from the database (same location where that user_id's "id" exist)
// create an instance for Hybridauth with the configuration file path as parameter
$hybridauth = new Hybrid_Auth( $hybridauth_config );
// try to authenticate the selected $provider
$adapter = $hybridauth->authenticate( $provider );
// grab the user profile
$user_profile = $adapter->getUserProfile();
// load user and authentication models, we will need them...
$authentication = $this->loadModel( "authentication" );
$user = $this->loadModel( "user" );
# 1 - check if user already have authenticated using this provider before
$authentication_info = $authentication->find_by_provider_uid( $provider, $user_profile->identifier );
# 2 - if authentication exists in the database, then we set the user as connected and redirect him to his profile page
if( $authentication_info ){
// 2.1 - store user_id in session
$_SESSION["user"] = $authentication_info["user_id"];
The call to $authentication->find_by_provider_uid() returns an associative array, one key of which is user_id.
To see what other columns are returned by that call:
var_dump($authentication_info);
If the email is among the keys in that array, you may then set it in $_SESSION:
// Store the email into session if it is present in $authentication_info
// Use whatever the appropriate key you find, be it email, email_address, user_email, whatever...
$_SESSION['user_email'] = $authentication_info['email'];
I am working on an Open Source Role Based Access Control Library for PHP called PHP-Bouncer. PHP-Bouncer allows the user to define a list of roles, which pages each role provides access to, and each role may also define a list of pages which override other pages (so going to the overridden page will redirect you to the overriding page). Here is an example of how this would work (From the Access Managed Example in the documentation):
$bouncer = new Bouncer();
// Add a role Name, Array of pages role provides
$bouncer->addRole("Public", array("index.php", "about.php", "fail.php"));
// Add a role Name, Array of pages role provides
$bouncer->addRole("Registered User", array("myaccount.php", "editaccount.php", "viewusers.php"));
// Add a role Name, Array of pages role provides List of pages that are overridden by other pages
$bouncer->addRole("Admin", array("stats.php", "manageusers.php"), array("viewusers.php" => "manageusers.php"));
// Here we add some users. The user class here extends the BouncerUser class, so it can still do whatever you
// would normally create a user class to do..
$publicUser = new User();
$registeredUser = new User();
$adminUser = new User();
$registeredAndAdmin = new User();
$publicUser->addRole("Public");
$registeredUser->addRole("Public"); // We add the public group to all users since they need it to see index.php
$registeredUser->addRole("Registered User");
$adminUser->addRole("Public"); // We add the public group to all users since they need it to see index.php
$adminUser->addRole("Admin");
$registeredAndAdmin->addRole("Public"); // We add the public group to all users since they need it to see index.php
$registeredAndAdmin->addRole("Registered User");
$registeredAndAdmin->addRole("Admin");
$bouncer->manageAccess($publicUser->getRoles(), substr($_SERVER["PHP_SELF"], 1), "fail.php");
Here's the problem I am having: In the manageAccess function you see above, everything works well as long as the roles are defined sanely, and all users have access to fail.php (or fail.php does not implement the $bouncer object). As soon as someone creates a role which has an inherent conflict (such as overriding a page with itself) or fails to give all users access to the failure page, the manageAccess function results in an infinite loop. Since this is bad, I would like to fix it. I am not sure however, what would be the best approach for allowing a few redirects (it is feasible that redirecting up to two or three times could be desired behaviour) while preventing an infinite loop. Here is the manageAccess function:
/**
* #param array $roleList
* #param string $url
* #param string $failPage
*/
public function manageAccess($roleList, $url, $failPage = "index.php"){
$granted = false;
foreach($roleList as $role){
if(array_key_exists($role, $this->roles)){
$obj = $this->roles[$role];
/** #var $obj BouncerRole */
$response = $obj->verifyAccess($url);
if($response->getIsOverridden()){ // If access to the page is overridden forward the user to the overriding page
$loc = ($obj->getOverridingPage($url) !== false) ? $obj->getOverridingPage($url) : $failPage;
$locationString = "Location: ".$loc;
header($locationString);
// I broke something in the last commit, perhaps this comment will help?
}
if($response->getIsAccessible()){ // If this particular role contains access to the page set granted to true
$granted = true; // We don't return yet in case another role overrides.
}
}
}
// If we are here, we know that the page has not been overridden
// so let's check to see if access has been granted by any of our roles.
// If not, the user doesn't have access so we'll forward them on to the failure page.
if(!$granted){
$locationString = "Location: ".$failPage."?url=".urlencode($url)."&roles=".urlencode(serialize($roleList));
header($locationString);
}
}
Any Suggestions?
Since your desired functionality is to allow "a few redirects", the best way I can think of approaching this is creating either a $_SESSION (or $_GET I suppose would work) parameter that you increment every time you issue a redirect. I should point out that from a user standpoint this would be pretty annoying to deal with, but it is your website.
Let's assume we named the $_SESSION parameter num_redirects:
Before we redirect, check to see if $_SESSION['num_redirects'] is set. If it is not, set it to 0.
Get the current value of $_SESSION['num_redirects'], and see if it is above the redirect threshold.
If it is above the threshold, do not redirect, simply die();
If it is not above the threshold, increment $_SESSION['num_redirects'], store it back, and redirect.
So, that code would look like this (I've also improved your URL query string with a call to http_build_query():
Somewhere, we need to define the threshold:
define( 'MAX_NUM_REDIRECTS', 3);
Then, we can do:
// Assuming session_start(); has already occurred
if(!$granted) {
if( !isset( $_SESSION['num_redirects'])) {
$_SESSION['num_redirects'] = 0;
}
// Check if too many redirects have occurred
if( $_SESSION['num_redirects'] >= MAX_NUM_REDIRECTS) {
die( "Severe Error: Misconfigured roles - Maximum number of redirects reached\n");
}
// If we get here, we can redirect the user, just add 1 to the redirect count
$_SESSION['num_redirects'] += 1;
$query_string = http_build_query( array(
'url' => $url,
'roles' => serialize($roleList)
));
$locationString = "Location: " . $failPage . '?' . $query_string;
header($locationString);
exit(); // Probably also want to kill the script here
}
That's it! Note that you'll have to add the same logic for the first call to header(). If you're going to repeat this functionality elsewhere, it might be worthwhile to encapsulate redirection within a helper function:
function redirect( $url, array $params = array()) {
if( !isset( $_SESSION['num_redirects'])) {
$_SESSION['num_redirects'] = 0;
}
// Check if too many redirects have occurred
if( $_SESSION['num_redirects'] >= MAX_NUM_REDIRECTS) {
die( "Severe Error: Maximum number of redirects reached\n");
}
// If we get here, we can redirect the user, just add 1 to the redirect count
$_SESSION['num_redirects'] += 1;
$query_string = http_build_query( $params);
$locationString = "Location: " . $url . ( !empty( $query_string) ? ('?' . $query_string) : '');
header($locationString);
exit(); // Probably also want to kill the script here
}
Then, you can call it like this:
if(!$granted){
redirect( $failPage, array(
'url' => $url,
'roles' => serialize($roleList)
));
}
This way you can encapsulate all of the logic necessary to redirecting within that one function.