I'm in the middle of moving my site into the CodeIgniter framework. I've never used a MVC framework before so this is a big step.
In my old site, each page would have include("session_handler.php"); at the top of each page. This script would check session variables, authenticate sessions and store stuff in the database.
Is there a way I can have this script automatically include in every page? Can I specify it in the config? Does CI maybe have an internal way of dealing with sessions that is superior to my method?
Code Igniter has a Session class you can use.
It also has an autoload functionality.
Those two things should cover your requirements I think...
If you need additional validation to the session, you can either extend the core session class (which may be asking too much if you're only starting on the framework) or you can create your own library and auto-load it right after the session one to run some additional code..
Related
I know there is already an existing question identical to this (How do I pass session to ckfinder in codeigniter 3?) but it does not help at all. There's only 1 answer and it does not work for me and very little explanation is provided.
I have a CI site in which a user can log in and edit some stuff using CKEditor. I've installed CKFinder as well, but I'm unable to pass any session data to the CKFinder config file in order to authenticate the login for security. The global $_SESSION variable just returns Array() 1 and doesn't contain any of the session data (and yes, I'm using session_start();).
Using the other post's answer as a foundation, I tried retrieving data from $_COOKIE but there didn't seem to be anything particularly useful. There is no ci_session in the cookie data. The closest thing is PHPSESSID but I couldn't get anything useful from that.
Any help would be appreciated it. I've spent too long on this project already. Thanks!
You should not be altering a config file by writing to it for each user. Since this is a commercial application I cannot view the docs for it, but this might help.
Set the link on the user page to CKfinder to only show if the user is logged in.
Set the controller CKfinder links to within CI to detect if the user is logged in or not and allowed (ie authenticated and authorized), otherwise reject the request.
Alternatively create a CI library for CKfinder that runs it from within CI.
Knowing CKeditor quite well, I am sure CKfinder will be documented quite well to integrate with frameworks and existing systems quite easily. CKeditor is a beautiful script (albeit with limitations) so I would presume the same quality applies to CKfinder.
And yes, CI session data is not available outside CI. Third party apps like this can be integrated with CI using standard includes directly or with a library etc within the CI framework. In fact one of the great things about CI is the ability to write small libraries that can easily include almost any third party app with relative ease of implementation.
This link will help:
Codeigniter 3 - Access Session from Outside Codeigniter Installation
Without further code samples or a more exact example of the problem, I am not really sure how I can help more than that. I hope it might of been of some help but it probably was not. Sorry.
My team of coworkers and me have decided to rewrite a legacy app in Yii but the management have a strict policy that all the functionality must remain as it is, so we have to use old modules until they are ported to Yii, these modules are written in a procedural manner and every one of them has a php file that is included in the general index.php. The general index.php does three things:
Starts the session and adds variables to it.
Creates the db connection.
Renders the main php file of the requested module.
How can we use the old modules once we begin to use Yii?
We have looked at URL Management and the logic would be really simple: If the url matches an old module, render it with renderFile() else let do Yii the work, however we don't know if this is the best approach.
Should we consider anything else before beginning the process?
I want to know if URLManagement + renderFile() is the way to go?
The URL handling can indeed be used, but then I would simply write a custom URL Rule class instead of using a ton of routes as your config will be a mess.
If you want some alternative suggestions:
To begin with, split out the creation of the app and its execution
require_once($yii);
Yii::createWebApplication($config);
// If you want to run the app:
Yii::app()->run();
That way you are in full control whether the app actually runs or not.
As for the DB. If you are using PDO you are in luck. I would just give Yii a db component the regular way and then modify the general.php to use the PDO instance from Yii (Yii::app()->db->pdoInstance). It will always be loaded after so that should work. If you aren't using PDO, just use 2 connections, it's not that bad unless you have a lot of visitors.
Regarding the session there shouldn't be that much initialization so unless you have a custom handler, move it to Yii as well. The functions are the same anyway so there shouldn't be much of a problem.
Then there are 2 ways of doing things as I see it:
1) general.php goes first.
You would have to make a list of modules in the legacy file and determine if the current requested module was migrated or not. Basically put the module names that are still in general.php in an array, see if the url requires one of those and include general.php (and don't do Yii::app()->run()). The rest go through Yii.
2) Yii goes first.
Have yii do it's magic but intercept the 404 http exceptions. This is easily done with a custom error handler function (http://www.yiiframework.com/doc/guide/1.1/en/topics.error). If you get to the error function again: determine if its a valid legacy module and include general.php.
Both ways are pretty messy but at least like this you get the chance to migrate one module whilst keeping the rest in the legacy file.
Depending on Size ,complexity and Person Months for a software is critical to take any decisions. Of course it is very very advisable to have homogeneous nature of application rather than heterogeneous nature. If modules you mentioned above are the one you intend to convert I suggest you must have a RE-DO in Yii because Yii has strong ORM modules are very very easy to make.
I suggest you should go for a RE-Do
Following may be of your interest
How do you convert an old OOP PHP project into the Yii Framework?
How do I use native sessions in CodeIgniter?
Currently I am using session_start in constants.php. Is that the right way? What are the pitfalls and is there a better way?
I am doing this because we have a PHP app and we plan to do the new coding in CI.
Also, I am looking at a good CI doc that teaches me CI basics preferably for version 2.
Thanks
Typically, using session_start and then reading/storing into $_SESSION does that. What I've historically done is to place the session_start call into my controller's constructor method: I have a single base class that inherits from CI_Controller and this handles language localization, session initialization and other silly things like P3P header settings. All my other controllers inherit from that and then they are all set.
Using native sessions is sometimes pretty useful: I've come across a few components that use native sessions that I simply didn't want to deal with patching. There are (for example) Redis session save handlers that uses native sessions: could rewrite it for CI but...why not just use what's there.
Load the session library with
$this->load->library('session');
Then you can set data using
$this->session->set_userdata((array)$userdata);
The session_start method utilizes PHP's built in session handling, which is not what is recommended for CI. Quote from the official docs:
The Session class does not utilize native PHP sessions. It generates
its own session data, offering more flexibility for developers.
Have a look at
http://codeigniter.com/user_guide/libraries/sessions.html
- CodeIgniter is pretty well documented.
I'm using the native session lib described here. Basically this works in the same way of the CI session library, but use the native session of PHP, so you can use the functions described in the docs.
To work with Codeigniter 2, look at the discussion of the article.
Try reading up on the MY_Controller file. You can inherit from this throughout each controller and all in a nice way as per the designed methods for extending CI. Putting your SESSION stuff (and anything else cross site) in here makes the most sense.
I've written a simple CI intro article here: http://www.12devsofxmas.co.uk/2011/12/codeigniter/
If you are writing an app with lots of forms etc have a really good play around first with the framework. I've written a lot of stuff to handle templates, automatic form generation etc none of it is packaged up yet for public distribution but it's all working great for the apps we're building.
I am writing a web application using PHP. I want to use the MVC pattern for this, and decided to go with CodeIgniter. My application will have some pages which will require authentication, and some pages won't. I want to design this in a very generic way, so that there should be no code duplication. Can any one point to some good "design/class structure" for this?
Write a custom library that you can autoload in your code igniter app on every page view. It should have functions that:
Authenticate the user ie. check if a user is logged in or not
Log you in ie. set a session variable or something
Log you out
Then in your controller classes you can do a call to the authentication function in the constructor then depending on the outcome continue as normal or redirect them to a login screen with an access denied message.
Do a search on the code igniter wiki for 'authentication' and there are a number of results that may help: http://codeigniter.com/wiki/
"Ion Auth" is lean, well-programmed, somewhat widely used and is actively maintained.
http://github.com/benedmunds/CodeIgniter-Ion-Auth
If by "some pages" you mean some controllers (the gateway to your views), then you may want to investigate controller inheritance. Extend the default CodeIgniter controller with your own and put an authentication check in the constructor (check the session for a logged in flag or something and if not logged in then redirect to login page). Then, all controllers that require authentication will need to extend your new parent controller. That's it.
Head on over to the CodeIgniter forums and search for some different ways to extend the controller. Here is one http://codeigniter.com/forums/viewthread/89768/#452890
May be you can use CL_AUTH library for CI. I've used it and it works good. You can find it here http://www.jasonashdown.co.uk/cl_auth_doc/
I was looking into the same thing recently, and I found a CodeIgniter fork called Kohana that includes a nice authentication module. If you are set on CI, maybe adapting Kohana's auth module backwards to CI would save you some time? If you have just started out on your project and PHP5 is OK to use, consider switching over; they are very similar frameworks.
Visit GitHub and search for Codeigniter Auth or Authentication, or check the CodeIgniter Wiki, you'll find many libraries with different features.. explore them and choose the one you need! But be careful, many are for CI 2, and you have to ucfirst the classes to use with CI 3, otherwise they don't work at all.
Use flexi auth a modified version of the popular Ion Auth library. It's more advanced and do all the job out-of-the-box.
flexi auth is a free open source user authentication/login library for use with the CodeIgniter 2.0+ framework.
I know it's too late but I hope someone else will find it helpful. Cheers!
I am just getting started with CodeIgniter, and I am trying to hash out my regular modules/functions to get them working properly within the MVC framework. I have a few specific questions for anyone who has a strong CodeIgniter background:
SESSIONS
The CodeIgniter session stores session data on the client side in a cookie, which just isn't going to work for me. I know there are a few replacements for it, or I could build my own library/helper; but I just don't see any benefit over just using $_SESSION.
If I just use $_SESSION, will I have any problems with the rest of the framework? Does any other part of the framework depend on using the CodeIgniter session?
I feel a bit weird about stepping outside the framework for something so basic, but I am pretty comfortable with plain PHP. I am basically just looking to use CodeIgniter for MVC, and to enforce a more modular aspect for my projects.
CODE FLOW & CONFIG
I have a few config items that need to be done before almost anything else.
For example, say I have a constant APP_LIVE, which is set true/false based on the name of the current server. This has to happen really early as paths, error reporting, the CodeIgniter system, and application folders, etc. will be set based on it.
The problem is that the system_folder, and application_folder (which will be set based on which server the code is running on) are set first thing in the index.php file, before any of the configs have loaded.
Also, I have a functions that check for things in the URL, and may redirect before the page ever loads. For example, some pages need to enfore the presence of www. in the URL (for SEO), track affiliates, visitor sources, marketing flags, etc.
Where is the best place to put things like this that have to happen really early? I know there is a config file, an autoload file, a constants file, etc., but those are too late for some items. Is it a bad practice to simply put these things into the top of the main index.php file, or to make an include there to a global config file? Again, I feel like I am stepping outside the framework, and wonder if I'm just doing that because I don't have a solid understanding of it yet?
LAYOUT / HEADER FOOTER
Like most people, I have a top header, navigation, footer, etc. I am used to just having them in files, which are included into my page template. I believe I can do that the same way by just making them views and including them into my main page view. Is that the best way to go? Some of them need a bit of data; like what page they are on for the navigation, etc. What's the best way to handle navigation, shared header/footer, etc.?
The newly released CI 1.7 handles sessions in the database (if you're using one).
However, CI is designed to be loosely coupled, so you shouldn't notice any major issues if you decide to use $_SESSION instead.
For your header / footer / navigation, you could create (for example) headerview.php, footerview.php, and contentview.php, and pass data to your views by doing something like this in the controller:
$data['title'] = 'about us';
$data['content'] = 'hello world!';
$this->load->view('headerview', $data);
$this->load->view('contentview', $data);
$this->load->view('footerview');
Basically, you can treat these views exactly like includes, but with the added benefit that you can change the variables within. I would steer clear of calling other views from within views, but that might just be me.
I've made additions to index.php myself once or twice, to set initial values and such, and have never had a problem with it.
Congratulations on your choice of framework; I'm sure you won't be disappointed. ;)
You can either have multiple load->view lines in every controller but I personally find it coupled. I strongly suggest that you take a look at hooks in CodeIgniter where you can define functions that would be automatically run after each controller/method (a fine example of AOP).
Actually the $_SESSION array seems to get unset so you can't use the native PHP sessions (at least on 1.7). However in CodeIgniter wiki there's a session class that uses the native php sessions - you can use it the same way as the other, but it stores only session_id in the cookie. Here it is:
http://codeigniter.com/wiki/Native_session/
#lacho I created my own auth library on $_SESSION. and it works fine on 1.7.
I believe $_SESSION is much more secure since CI 'sessions' are cookies that are stored on the client side which are classified as 'user-passed-information' that can't be trusted.
You can try with native using your own session class
http://www.moreofless.co.uk/using-native-php-sessions-with-codeigniter/