I'm using the cakePHP framework for my website and I would like to create an action which, rather than sending HTML, instead echos the contents of a file. It can't be stored in a public directory, as the data is confidential.
Before using the framework, I accomplished this by rewriting /downloads/KEY/FILE to file.php?key=KEY&file=FILE
However, I can't find any clear way to do this using cakePHP. Essentially, I'd like a way to either:
When a user accesses a controller action from its URL a .jar file is sent, not a webpage.
A URL is redirected to a PHP file which separately connects to a database and serves the file.
Note that cakePHP is at my domain root. Also, as I'm using SSL for the transfer and I do not ow n a wildcard certificate, I cannot use a subdomain.
use Media view: http://book.cakephp.org/view/1094/Media-Views
Related
I am stuck on this part of my laravel application, Where I am asked to protect the files from directly accessed via url browser hit.
I have a public folder in which in a doc folder is present where all the documents are going to be uploaded. I just need a solution to prevent this where i can access docs directly from my application but any third party visitor can not view my docs (images,pdfs etc..).
I have tried many solutions but its not at all working.
I just want to things :-
1. Protect my docs through direct access.
2. Way of implementing it in laravel (via .htaccess)
I know this can be possible through htaccess, but how?
Kindly help Please :)
Add in your upload folder .htaccess file with content:
Deny from all
There are three approaches I can think of just now;
You intercept all image and video requests with Laravel, then using the router, serve up the content that the user was after, provided they are authorised. THIS WILL BE SLOW!.
You rely on obscurity and put all that clients images, videos etc in a folder that has a long-unguessable random url. You can then link to the content in your code using the 'static' folder name. The customer's content will always be in that folder and accessible if they log in or not. The advantage of this compared to 1 is that your framework does not have to boot for every image or video.
Have all the content hidden away - possibly in the storage folder. When the user logs in, create a temporary symbolic link between their public folder and their folder in storage. Keep a note of the link in the session. Use the link in all gallery etc rather than the static code used in (2) above. Once they log out the code will no longer be valid, and you can delete the symbolic link on logout or have a job to tidy it up periodically.
I just finished writing a website using polymer 1.0+ with a PHP MVC framework on the server. I am about to start a new project, but I want to use app-router. Unfortunately to use app-router I have to redirect everything to index.html using my .htaccess file. But my PHP MVC wants everything to run through its index.php.
It got me thinking. Should I just write my PHP code as a REST API and have my Polymer code get data via iron-ajax?
If your PHP is mostly only used to access data, this sounds like a pretty sound idea in my opinion. It also opens you up to upgrading or migrating your backend to newer technology since it will only be a data layer.
You need to understand WHY app-router wants everything to route through index.html. The reason is that it invents other routes which are exposed to the browser that aren't real. Normally, as you are running the app, that doesn't matter, the browser doesn't attempt to load those url's, the app-router is just putting them into the history.
However, your use may take one of those urls and try and paste it (or get someone else to paste it - having sent it to them via (say) email) into the address bar, or you may have an <a href= link on your page and what you want to happen is the app loads from its base location and then the router routes it to the correct place.
So actually index.html isn't some magic incantation, its the url that the app is loaded from. If that happens to be index.php then that is what you should use.
I am building a prototype of a web app for a client, using axure - which is all front-end code (html/css/js files) - no php at all, so i can't use php authentication (sessions, etc) within the prototype itself.
So to protect it, the prototype is in a password-protected directory on my server (using htaccess / basic HTTP Authentication), so my client must login to review it.
But instead of requiring him to login through the ugly browser-based login-box, I'd LOVE to somehow use PHP to login for him, since he'll already be logged into my client-portal (Wordpress) site.
I setup a PHP page outside the prototype directory, and used cURL to hit the prototype's start-page (/project04/start.html) -- and successfully authenticate. But I can't then use cURL to load and display the content from start.html onto that php page, because all the paths (for assets and links) in the prototype become wrong (and there's a ton of JS that might be problematic too).
I tried using header(Location: project04/start.html) in the php, after the cURL login, but that didn't work - the redirect just triggered the ugly http-auth login box again.
Is there any way to use PHP to login, and then let the user into the protected directory, to browse around the prototype?
Alternatively, the prototype works great embedded into an iframe (on a php page of my Wordpress site). But then the prototype directory itself is not actually protected from direct viewing - it's just hidden. I tried moving it outside my document-root, as a way to protect it without htaccess-auth, but then the paths are all bad again.
Any help super appreciated.
Thanks!
I am working on an existing site written in CodeIgniter and we are looking at using AngularJS for some pages that require a lot of frontend functionality but we don't want to replace all all CodeIgniter views (at once (yet)).
So i click a link that's controlled by angular's router and it is handled by javascript but next link could be a "normal" request that should handled by the CodeIgniter framework.
Is there some elegant way to combine these two methods? I don't really mind some extra client side overhead because the site is not running in production yet.
It sounds like you're looking to gradually make less use of CodeIgniter's (CI) routing as your angular application grows. This is not difficult but requires a lot of detail. Which method will work depends on your project structure. Note: I removed index.php from Code Igniter URLs, so the paths below may be different than default.
1) CodeIgniter installed in root
If CI is installed on the root of your server, you can create a folder within CI (for instance I have an "ng" folder). Your project will look like:
/controllers
/models
/ng
(etc)
/index.php (code igniter index file)
place an .htaccess file within /ng with the following:
Order allow, deny
Allow from all
This allows the files within /ng to be directly accessed, rather than sending those requests back through CI's routing system. For example you can load this directly now:
example.com/ng/partials/angular-view.html
The main web page will still be created by CodeIgniter, but it can now include Angular assets, such as partial views, etc. Eventually you can replace most of what CodeIgniter is doing by just returning a simple page, and having Angular load partial views from /ng like it's designed for.
This method is nice because CodeIgniter can control whether that initial page is loaded at all (via some user authentication code in your CI controller). If user isn't logged in, they are redirected and never see the Angular app.
2) CodeIgniter in Directory
If CI is installed in a directory, such as example.com/myapp/(code igniter) you can simply create a directory next to it, example.com/myappNg/
/myapp/
/myapp/controllers/
/myapp/models/
/myapp/(etc)
/myapp/index.php (code igniter index file)
/myappNg/
/myappNg/partials/
/myappNg/js/
/myappNg/(etc)
Now in your Angular application, you can request resources from CI by making paths relative to the domain root, rather than relative to the Angular app. For instance, in Angular, you will no longer request a partial view from the Angular folder partials/angular-view.html, rather you'll want to request views from CI /myapp/someResource. Note the leading /. "someResource" can return an html document, or JSON or whatever you're doing with Code Igniter in the first place.
Eventually you can replace the number of paths which reference /myapp/. Once you no longer use CI for anything, you can simply place your Angular index.html in /myapp/ and it will continue to reference your paths at /myappNg/.
TL;DR Make your Angular app fully available and decouple it from CodeIgniter. Gradually move toward using Angular partial views and other JSON sources instead of linking to CodeIgniter pages. Eventually replace your CodeIgniter endpoint with an HTML file which bootstraps Angular.
Your best bet is to keep your backend code separate from the angular code
and use the codeInginter code as an API
/Codeigniter Code
/Angular Code
Because CodeIgniter comes with its share of security feature this should be your best bet
I've never used Angular - nevertheless this may help.
So i click a link that's controlled by angular's router and it is
handled by javascript
Does this JavaScript make an Ajax request to one of your CI's controllers? If so, CI now has the is_ajax_request() method, which allows you to check if a request (POST or GET) is coming via ajax. You can proceed differently based on a request coming from Ajax vs a normal request.
User guide (bottom of the page): http://ellislab.com/codeigniter/user-guide/libraries/input.html
Hope it helps!
I inherited a CI app and I'm using Angular with CI mainly for routing requests. In my case I am not using Angular templates, so I use a ' ' empty but with a space parameter for the template option in my $routeProvider config. This allows me to do the usual CI ajax requests without too much change to the original server-side code.
angular.module('my_app', []).
config(['$routeProvider', function($routeProvider) {
$routeProvider.
when('/', { template: " ", controller: my_routes.mainpage}).
when('/design/:designId/:action', {template: " ", controller: my_routes.show_design}).
when('/vote_design/:designId', {template: " ", controller: my_routes.vote_design}).
otherwise({redirectTo: '/'});
}]);
To addition to the answer given by Aaron Martin, one can also use it as a client - server approach.
Lets say we make 2 folders in root of our project :
Client
Server
Client folder will contain all the code of AngularJS and the client side libraries including the Bower and Npm libraries.
The routing of the client side will also be handled by AngularJS router.
There will be factories or services which will act as providers for angularjs on client side.
Those file will contain the code of sending request and receiving response from server side.
Server Folder will have the code of Laravel or CodeIgniter or Any other PHP framework.
You will create all the APIs of the requests and develop the functionality accordingly.
Hence the PHP section (Server Directory) at the whole will be storing all the Media Files and Database Files. Moreover it will also have any receiving links for RSS feeds and so on.
The Client shall just receive all the response in JSON or XML format when it requests on any API on its server..
This according to me is one of the finest practice for developing Webapps.
I picked up a CI site from another programmer I work with that is on leave for a few months. Our site is build mostly with a lot of angular due to the the nature of its purpose. Our solution was a little different.
All that varies from the standard CI framework is a couple folders: js\angular\controllers andjs\angular\modules in CI's application folder, to hold all of the angular model and controller files. Then load the angular docs into the application base folder.
hi i am not sure if this is restful related, i think it is , but please do correct me if i am wrong.
so basically i want my server, which is written in PHP, to respond to different api requests, so for example
http://www.myweb.com/api/content/video/get?id=1 which will return a json object that has information regarding of a video of id=1
however, i can also have the following api to be called
http://www.myweb.com/api/content/music/get?name=biever
i want to create a centralized dispatcher, a php file that sits in the api directory in the server, so whenever a request is made where api appears in the RESTful link (which is in both example above), it shoudld 'intercept' these requests, and examine rest of the path to call the function accordingly. so for example
in controller.php in api directory
it will see, oh you are calling content/video, i will do some pre processing (say, adding video name or something) then direct the method call to content/video/get
how can i, in php, make sure that all the requests will go through my controller file first?
By default URLs are mapped to PHP files in your file system. You can't control this in PHP. By the time your PHP is run, you're too late. So you'll need to look into rewriting the URL at the webserver-level. If you're using Apache look into mod_rewrite.