I am building a PHP application. For my application, user's profiles / pages are setup and displayed intially by visiting domain.com/username or domain.com/accountnumber.
My question is this - how do you do that, while retaining the ability to make informative application pages that have the url of domain.com/pagename? My main example of this is vimeo, which has vimeo.com/about, vimeo.com/developers, etc., while allowing you to set your username to vimeo.com/username. My concern is that I will launch my application and not have the ability to create the link I want to in the future because it is taken as a username.
What would be your advice, or what has been your experience? Is there a common list to reserve that is recommended? I am not sure what to do. Thanks for the help.
There are a number of ways you can achieve what you asking - read up on routes and routing to gain a better understanding.
Many frameworks offer a way in achieving what you are asking - Zend Framework being one.
Alterantivly, if you are building it from scratch you could implement a different structure i.e.
domain.com/u/joebloggs
domain.com/user/joebloggs
domain.com/a/123456
domain.com/account/123456
This effectivly ensures your urls cannot be affected by someone username. You'll need to look into Mod Rewrite if using creating your own routes.
There are many frameworks available already that offer this ability, try Zend Framework.
You'll need to read up on Routes with ZF to implemented what it is you require.
The answer is you don't design your urls like that. I know vimeo does it, but they probably have run in to this headache.
A better solution is to namespace your resources. Look closely at stackoverflow's urls for better examples of good url design.
If you are absolutely stuck with this url design, consider organizing your "content tokens" (the bit of the url that identifies the thing you want) into groups, and giving them an order of priority. E.g.:
if token matches a static page, show static page
else search for and show user page by account name
else search for and show user page by account number
When users sign up, don't allow them to use names that are static pages. (You may want to reserve a set of static page names in advance.)
If you make a new static page later and a user name conflicts, you can forcibly change his user name and send him an "I'm sorry" email. This will hopefully be a rare enough occurrence that you don't need to solve it with code.
One way would be to use curl or similar to request domain.com/requestedname at the registration, returning an error to the user if the URL doesn't return a 404. As for future conflicts, there is simply no way to do that. You either have to make a list at the beginning of all potential future reserved words and disallow those usernames (impractical), cross your fingers and hope a conflict doesn't occur (also impractical), request a username change from the user when a future conflict occurs (unprofessional?) or use a different namespace for usernames and system pages.
Related
I'm setting up around 4 Laravel 5.3 based apps at the moment, they are all part of one "ecosystem".
I plan to use a central Laravel app that will handle any user signup, user login and also hold all user details. These details will be used across the 4 separate Laravel web apps. I may also use these user details inside mobile apps in the future so I assume i'll need some sort of JWT based system to control this.
I've thought about using Laravel Passport to achieve this but I don't think this will work for this scenario. In all honesty, the documentation is not clear to me whether this is the sort of system it is designed for or if I need to use a different oAuth2 system. My understanding is it is for API authentication only, or am I wrong?
All my other Laravel apps will be on different servers so I can't share the database unfortunately. I need to implement a cross domain solution it seems.
Thanks in advance for any info on this, just to clarify that I am not asking you to code the script for me, simply to help point me in the right direction on how to do this properly - can't really show code on something I don't know!
I believe I have explained everything that I am trying to achieve here, and I have already done research but nothing seems to be clicking in my brain.
I think it depends on your business logic. Below is what i'm thinking:
If what you mean Multi Domains is the sub domains (as you mentioned login.site.com), i think the simplest way is to use site.com wide cookie with redis/memcached as the session storage solution.
If they do have different domain names, and beyond the central site, user when visit site A also want site B feature (or content, those sites are closely connected), i thought the JWT solution is the better choice.
Any other cases, choose OAuth
Well, maybe others have better ideas.
I’m creating websites in PHP since some years but I never had to manage multi-language scenarios. I plan to create from scratch a website which will be available in French, English, Spanish and German, and I’d like to avoid common mistakes! :-)
I already read different blogs and post, and this is actually how I see the things for now:
Regarding the URLs, I will use static routes which will associate each URL to a specific controller/action. This should allow me to have SEO friendly URL, and should be quite fast (I’ll not use regular expressions but compare the URLs parts to define the route to use).
Note that I won’t have too many pages - probably less than 100 so the route shouldn’t be hard to define.
Regarding the user interface, I’ll have one template per language in order to be able to be able to make adjustments (change the buttons, personnalize the design for a specific country, …).
I plan to use the database to store most of the website content (routes, menus, error messages, static page contents, page titles …).
I will separate the localized content in different tables in order to minimize the size of each table.
I chose this option in order to be able to easily edit the content using the GUI (since I want to allow admins to be able to change the translation if they want, without FTP or phpmyadmin access).
I don’t expect any extra charge on the SQL server since the content which should be almost static (content pages, menus, error messages, route list, etc) will be cached, and the cache will be recreated only in case of content update via the GUI.
My question is the following:
- What do you think about my plan? Do you see important drawback regarding the choices that I did? Did I forget something important?
Thanks in advance!
NOTES:
I don't plan to use a framework as I want to do the things by myself in order to improve my knowledge
I'm already used to use UTF8 everywhere.
I follow the MVC pattern.
I'd like to avoid templating language, and keep only PHP in my views.
I am looking for expert advice on how to best serve multiple sites with one Drupal instance (using Pressflow 6.x). Let's consider the company needing this is called "ABC Group of Companies" and it has 3 sister concerns. So, altogether there will be four sites:
www.abcgroup.com
www.company-a.com
www.company-b.com
www.company-c.com
Here are the things that are most interesting:
The users will be shared among all
the sites
Each site will "mostly" host their own content (say the welcome text on home page, or menu items - different for each site)
Some contents, will be shown in all of the sites (say, a company-wide notice....or an employee directory)
The theme for each site will be different
Now, I am thinking of having DNS entry so each of the domain point to the same Drupal installation and when Drupal gets bootstrapped, I would like to sniff into the $_SERVER array to know which site is being hit. I'd then like to load the theme accordingly, show the contents specific to that site, and also show the contents that are shared with all the sites.
To make this happen, so far I have created a node type called "Site" and have created four contents for each of the sites. Then for each other content type (say, Page) I have put a node reference to the "Site" content type with multiple value so when creating a new content, the administrator can specify in which site that content will be showed. However, after that I am stuck.
I have tried to understand Contexts, Spaces, PURL - but haven't figured them out fully yet and I believe I could use the community power to help me out. What do you think is the best approach to handle this scenario ?
It'd be greatly helpful if anybody can suggest a direction.
Regards,
Emran
The way you are suggesting is certainly a way that you could do it, but have you considered domain access? I have used it in the past and found it to be very useful. there is also quite a large collection of modules which work with it. Different themes, Options as to which nodes should appear on which sites and shared users are all features that it has.
Hope this helps!
http://drupal.org/project/domain
First up, I strongly second hookds suggestion of using Domain Access Module for this (+1). It has extensive support/features for your scenario and already covers most of the hard parts you'd need to solve yourself otherwise.
Second, if you insist on trying to do this yourself, I can assure you that it is possible, as we have done something pretty similar recently (some special requirements ruled out domain access), but it was a lot of work, especially when functionality provided by contributed modules would not fit well into our 'unusual' scenario.
Given the multitude of special cases you'd have to cover, it is hard to point out a general direction (apart from suggesting to use Domain Access Module ;) but one major point would be to check out the custom_url_rewrite_inbound()/custom_url_rewrite_outbound() function combo. These will allow you to do pretty low level URL manipulations for incoming requests, as well as for URLs generated for output, both of which you'll need to do if you you want to serve multiple domains from the same instance.
Did I mention that you should check out Domain Access Module before you try to build this yourself?
It sounds like there will be virtually no content shared between these sites. Will you be wanting a single login across all sites?
Remember, Domain Access uses 1 shared database.
You could also just do a regular multi-site install, and share certain tables.
I give Domain Access two thumbs up, but just make sure you really need what it actually does.
Also, I would look into the Feeds.module. You can pull content from anywhere (especially another drupal site) and it imports it directly and creates nodes and fields automatically from it.
I need to limit access of content on Drupal site based on the Drupal User's Role.
http://site.com/managers/intro
http://site.com/managers/reviews
http://site.com/managers/up-for-raises
The content can be of multiple content types and isn't limited to one specific content-type. These content types will be used elsewhere on the site so I can't lock down the whole content type.
I can get all the nodes/views to live at those addresses by menu settings when they are created, but I don't know how do I limit access via role other than a bunch of preprocess functions in template.php, but that seems to be the wrong way to do it.
I searched for a module and asked on #drupal-support IRC, but no results came up that use drupal roles as the limiting factor.
Although this is an old question, the Path Access module does exactly this now. Here is an excerpt from its project page:
... gives site administrators an additional layer of access control to all pages of a Drupal site.
Benefits: Although a lot of the Drupal modules provide some degree of access control permissions it never covers all possible requirements users have. Path_access provides the means to restrict pages based on their path alias - meaning you can lock out certain user role groups from whole sections of a site using wildcards.
Seems to me that if 'managers' is always going to be in the URL for that section, you could write a little tiny module that uses hook_init to basically say if the current user's role isn't one of these specified roles, and the url contains "/managers/", then drupal_goto() the login page.
You could also use the Rules module to get that done pretty easily, though if that's the only thing you'd be using Rules for, then it's not worth it.
There are also plenty of access-by-node modules (such as nodeaccess of all things), but these would also probably be more effort that it's worth to accomplish such a simple task.
If i got it right, what you are trying to achieve is to have only certain roles being able to access pages located at a given URL.
BY USING A CONTRIB ACCESS MODULE
As already mentioned by mcrittenden, there is a plethora of modules that allows you to tweak content access. Among them, content access can surely do what you want to, as it allows you to set up permission for each node separately.
BY USING FLAG + VIEWS
Another possible way to do this without coding, is with a combination of the flag module the views module. Here's a brief overview of how I would do:
Create three flags, which you can use to mark content (any type of content!) that will have to be viewed at any of the addresses you specified in your question (for example: create a flag "intro" that you will use to mark nodes that have to be displayed at the page "/mangers/intro")
Create 3 views (one for each address you listed in your question) that would pull out of the DB the nodes you need by filtering them on the basis of your flag.
Set the permission of these views according to the role.
BY WRITING A MODULE THAT CHECKS THE URI AND BLOCK UNAUTHORIZED USERS
You surely can do this. The main advantage would be that it would be a very lightweight solution in terms of CPU and memory load, but there are a few gotchas you have to pay attention to. For example the fact that you can always access your content via urls in the format the http://example.com/node/nodenumber), so you have to check a URL for its aliases too. But also the fact that a user might append a bogus ?something to the URL and you have to write the regex to take in account for such case...
(Also the idea of the rules module given by mcrittenden is a good one, but I did not mention it as I thought to it only when I read his answer).
Hope this helps!
You could also investigate Menu Access, which allows you to associate access between a role and a menu, or a role and a menu tree. (Keep in mind that in Drupal, the "menu router" table is mysteriously not just the UI, but also the traffic router which connects every piece of content to a URL.)
Because all items are associated with menu entries, you do not have the problem of the path alias not necessarily being universal. You can also use modules such as Menu Block to mimic book navigation.
This module appears to be closer to an Alpha or Beta release despite it's full & recommended status, so be careful on production sites.
I am working on a social network, and I am doing it with php and mysql, I need to know how to make users have customizable profiles...
Like editing status, ect...
Also making it so only friends can veiw their profile..
Also how do I add a user's page/directory to the website directory(example: domainname.com/someonesprofile)
Thank You
-Techy
That's a pretty generic question, but I'll give it a whirl.
First of all, you need to determine what a profile should contain and so forth, such as status, relationships, name, addresses, .... The list goes on. You then need to write an interface to a service that provides this information; this can be a PHP function, a class, whatever, really.
Second, you need to access this interface from within your web application. A suitable course of action is probably to have a function that assures that whoever is trying to access the information is logged in, is in the relevant authorization group (friends list), and so on.
The editing part is done quite simply through an HTML form or similar; there's no magick[sic] involved. The function to parse this form would again assure that the logged in user has the appropriate rights to edit the profile (e.g. is the same user or a trustee of some kind, parent, lover, who knows...)
As for the last bit; here mod_rewrite is your friend. You probably would want to have URLs along the line of http://example.org/profile/username , which the server would translate to /?action=profile&user=username, or something to that effect.
The file /profile/username would as such not exist on the server file system in any real sense, but seem to be a completely normal HTML file when viewed from the outside.
You must start with the database. You will need a table for Person, obviously. You will need a table that joins Person to Person many-to-many, for viewing privileges. You will need a table for levels of authorization. And you will need other tables that serve up what privileges go where.
The interface is secondary. Some developers would use something simpler than PHP to develop the UI functions that rely on these database resources.
I know that there are very nice frameworks available which handle the whole profile/login/friends functionality. Pinax for Django springs to mind. Ime quite sure similar things are available in PHP but unfortunatiely I know very little about the PHP community, so I don't have a link.