using Codeigniter session class across multiple php files (controllers) - php

I have two controllers, user and module. By default the user controller is loaded and the user first logs in. Once the user is authenticated (by the school), a token is issued which is used to make all the calls to the school's API. I create a session and store the token in it.
$this->session->set_userdata('token', $_GET['token']);
After login I need to display the user's registered modules (basically subjects) for which I create a object of the module class and call a function to show the modules. The module calls makes a call to the API to get the list of registered modules. For this I need the token so i try to access the token through:
$this->session->userdata('token');
But i get an error: "Message: Undefined property: Module::$session"
the user.php file has a class User in which all functions are defined (redirecting to login page and storing the token in session) while the module.php file has a claa Module which makes a call to the api to get the list of registered modules.
The session class is set to autoload!

hope this one solve your problem :)
General problems regards loading libraries, and hooks

I followed Phil Sturgeon's advice on setting up a base class to extend from. This way you don't have to keep defining the same session stuff across multiple classes.
http://philsturgeon.co.uk/blog/2010/02/CodeIgniter-Base-Classes-Keeping-it-DRY

Related

CakePHP: How to use a function with a model in every controller?

I have a project which includes admin and user section. Both section use the same controllers, just different functions and templates (ex: viewAdmin() and viewUser()). In function beforeRender() of every controllers, I set variable $admin as true for admin functions and false for user functions.
For authentication, I use Shibboleth. Shibboleth uses data from LDAP, while user types were saved in SQL-Database, that means while it can check if the login and password are false, it can't check if the user is admin or not. An user can go to ADMIN section as long as they use the right action (ex: go to the link http://example.com/tool/viewAdmin).
To prevent this, I will have to:
Load model Users
Compare the environment variable uid (login name) with the "login" columns in Users table in my SQL-Database
See the "type" column in Users table to know if user is admin or not.
Compare the result with value of $admin and redirect to an error page when necessary.
The problem is: I don't want to repeat those steps for EVERY controllers.
Currently I have 2 ideas:
Write a function in UsersController, and use it in every controllers.
Create a component and load it in every controllers.
Both methods require me changing code in all controllers. I would like to hear a better way with less work, perhaps by changing app.php or bootstrap.php.
Any suggestion is appreciated.
To share methods in CakePHP controllers you can do:
Create component and include in controller
Or create method in AppController and use it in child controllers
Or PHP way create Trait.
But when you authorize users, then all user data is stored in session, incl. is user roles (example admin, regular, member,.. )
Use the official CakePHP authentication plugin and extend the LDAP adapter with the additional code check you need. This is very easy to do and also a very clean way of solving the problem. Disclaimer: I'm one of the authors of the authentication plugin. https://github.com/cakephp/authentication
Or if you want to stay agnostic to any framework, use my library that is based on the authentication plugin and was decoupled from any framework but still works just nice with Cake https://github.com/Phauthentic/authentication.

PHP MVC Authentication before call class and methods

I tried to make PHP login and authentication system base on MVC. I even need some guide about how can I prevent to access all classes on controller/admin folder without proper login.
I have two ideas :
1- make constructor for all classes on admin folder and check for logged in session and then only allow calls to any other methods in that class.
2- add a secret word at the end of all methods name on my admin folder. Then all calls to those methods will redirected to __call function for check session and if that process done successfully then try to call admin's methods by adding that secret word.
I don't know which one is the better way or is there any other solution?

AUTH, logging in and out of fat free framework and handling sessions and securing pages

The documentation doesn't talk much about logging in and out and handling security in general.In Symfony, you can secure pages of your site via a YML file. Does F3 have anything like that?
What is the recommended way to secure pages and handle a logged in user? I liked basic Auth, but it isn't very flexible, and it seems logging out is trickier. So I decided to set up a form for login/logout.
I would have assumed that Auth automatically creates a session, but from what I can tell it doesn't. So does that mean I need to manually do it?
Also, how do I block non authenticated visitors from the site? Do I need to add a SESSION check in each route?
The freedom when using F3 is that you can/must implement this on your own.
You got multiple options here or can create some other creative solutions too, if your project requires it. The included Auth plugin doesn't create a SESSION of course, because it cannot know if you want to use a SESSION to track your users or maybe use other solutions (cookie, JWT, etc).
So in most cases you need to create an Auth controller where you check if a user is logged in or not - here you would probably use the Auth plugin and create the SESSION if you want that. From there on you got serveral other options.. just to name a few:
use a base controller, that your other controllers will extend (or a Trait) and add a beforeroute there, where you'll check if the user is logged in and allowed to access that ressource.
check the user rights in the front controller (index.php) and don't even register the routes that the user has no access to.
use a 3rd party plugin to add access checks to routes, i.e. f3-access
use another middleware router to pre-flight the current request and add auth checks to multiple routes at once

How can I access cakephp actions from external applications on the same server?

I'm building my first Cakephp application, but I'm pulling my hairs over this problem: I need my application (mydomain.com/cake-app) to co-operate with another non-cake php application (mydomain.com/custom-class) on the same server.
Both applications should share authentications and sessions, and I would like Cakephp to handle these.
However, custom-class will need to see who's logged in, and also add/edit users to my cake-app db, either by accessing my User Model, or by calling an setUser action in my UsersController. custom-class does not have access to the cake-app database.
How can I access Cakephp's AuthComponent and my User Model / UsersController from outside the Cakephp framework? What cake files do I need to include in my custom-class in order to accomplish this?
custom-class does not have access to the cake-app database.
The only way is an API then that doesn't require direct DB access. Implement a RESTful API for example that your none-cake app can call.
http://book.cakephp.org/3.0/en/development/rest.html
http://book.cakephp.org/3.0/en/views/json-and-xml-views.html
However, custom-class will need to see who's logged in, and also
add/edit users to my cake-app db, either by accessing my User Model,
or by calling an setUser action in my UsersController.
You'll have to read the cookie then and the cookie needs to require something you can send along with your API request so that the API knows who is asking for what.
You won't be able to simply require() or include() a few files from Cake and it will work, this isn't going to happen because the Auth system is a complete stack, you would have to initialize a request, controller, component collection, auth component and the auth adpater(s). Instead check how Cake writes and reads the Cookie and implement the same way in your custom class. But pay attention, Cake saves the cookie encrypted.

Zend Auth - Indentities

I have an auth resource in my library that is correctly returning one of the various statuses based on whether or not the user exists, wrong password, or correct password. I'm trying to get the identity into my controllers though. So in the auth resource I return the status along with user. What needs to happen in my controllers then? I've already handled logging in and redirecting to a different controller. I'm trying to do something like $this->auth->authenticate() and $this->auth->getIdentity() to make sure that they are already authenticated and that they have an identity. What do I need to do so that the identity gets passed around to all of the controllers that I call auth in predispatch?
Also, is there something in Zend Auth that keeps track of how many attempts at logging in have been made?
If use stored the indentiy with Zend_Auth you can get it everywhere you want with:
Zend_Auth::getInstance()->getIdentity()
see also Matthews Tutorial on Zend_Auth
Accessing the Zend_Auth singleton will work, but if you want to get the exact values returned by your resource, put something like this in your controller:
$auth = $this->getInvokeArg('bootstrap')->auth;

Categories