I have implemented secure pages before by using a specific secure folder (eg https folder vs http folder on the server). I have started using Zend Framework and would like parts of the application (eg login) to use https. I have searched on google and even here but could not find anything that explains how to handle this. Can I have https for specific controllers/actions? Thanks.
The cleanest way is to have an .ini file for the SSL config where you can enable SSL support for model/controller/action levels, like so:
Let's say you have a module/controller/action like this:
SSLModule->IndexController->testAction
## ini file (can be config.ini also)
ssl.modules.SSLModule.require_ssl = true //-> entire module requires SSL
ssl.modules.SSLModule.Index.require_ssl = true //-> entire controller requires SSL
ssl.modules.SSLModule.Index.test.require_ssl = true //-> single action requires SSL
You parse this either through config, or separately, and in your Bootstrap file you can include a controllerplugin, like mine here.
There are many other ways to do this, but I think you get the idea!
class Application_Controllerplugins_Ssl extends Zend_Controller_Plugin_Abstract
{
public function preDispatch ( Zend_Controller_Request_Abstract $request )
{
$shouldSecureUrl = false;
//get the config settings for SSL
$options = Application_ServiceManager::getConfig()->ssl;
//if config is empty, exit
if (!is_object($options))
return;
//simpler to use
$options = $options->toArray();
//only use it production environment
if ( APPLICATION_ENV == 'production' )
{
if (
( isset($options['modules'][$request->module]['require_ssl']) && $options['modules'][$request->module]['require_ssl'] ) ||
( isset($options['modules'][$request->module][$request->controller]['require_ssl']) && $options['modules'][$request->module][$request->controller]['require_ssl'] ) ||
( isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && $options['modules'][$request->module][$request->controller][$request->action]['require_ssl'] )
)
{
$shouldSecureUrl = true;
}
if ( $shouldSecureUrl )
{
$this->_secureUrl($request);
}
}
}
protected function _secureUrl ( Zend_Controller_Request_Abstract $request )
{
$server = $request->getServer();
$hostname = $server['HTTP_HOST'];
if ( ! $request->isSecure() )
{
$url = Zend_Controller_Request_Http::SCHEME_HTTPS . "://" . $hostname .
$request->getPathInfo();
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
$redirector->setGoToUrl($url);
$redirector->redirectAndExit();
}
}
}
I forgot to mention: to add it in your bootstrap:
$Zend_Controller_Front->registerPlugin( new Application_Controllerplugins_Ssl() );
Related
Why does Codeignitor not accept Controller in composer autoload when validating routes?
It's checking by: class_exists($class, FALSE) where the second parameter disables checking in autoload.
https://github.com/bcit-ci/CodeIgniter
$e404 = FALSE;
$class = ucfirst($RTR->class);
$method = $RTR->method;
if (empty($class) OR ! file_exists(APPPATH.'controllers/'.$RTR->directory.$class.'.php'))
{
$e404 = TRUE;
}
else
{
require_once(APPPATH.'controllers/'.$RTR->directory.$class.'.php');
if ( ! class_exists($class, FALSE) OR $method[0] === '_' OR method_exists('CI_Controller', $method))
{
$e404 = TRUE;
}
elseif (method_exists($class, '_remap'))
{
$params = array($method, array_slice($URI->rsegments, 2));
$method = '_remap';
}
elseif ( ! method_exists($class, $method))
{
$e404 = TRUE;
}
/**
* DO NOT CHANGE THIS, NOTHING ELSE WORKS!
*
* - method_exists() returns true for non-public methods, which passes the previous elseif
* - is_callable() returns false for PHP 4-style constructors, even if there's a __construct()
* - method_exists($class, '__construct') won't work because CI_Controller::__construct() is inherited
* - People will only complain if this doesn't work, even though it is documented that it shouldn't.
*
* ReflectionMethod::isConstructor() is the ONLY reliable check,
* knowing which method will be executed as a constructor.
*/
elseif ( ! is_callable(array($class, $method)))
{
$reflection = new ReflectionMethod($class, $method);
if ( ! $reflection->isPublic() OR $reflection->isConstructor())
{
$e404 = TRUE;
}
}
}
Looking over the git history, the change was introduced in 49e68de96b420a444c826995746a5f09470e76d9, with the commit message being:
Disable autoloader call from class_exists() occurences to improve performance
Note: The Driver libary tests seem to depend on that, so one occurence in CI_Loader is left until we resolve that.
So the nominal reason is performance.
If you want to ensure that the controller classes will be loaded on each request, you can add the files explicitly to the Composer autoload.files attribute, like so:
composer.json
{
"autoload": {
"files": [
"src/Foo.php"
]
},
"name": "test/64166739"
}
src/Foo.php
<?php
class Foo {}
test.php
<?php
$loader = require('./vendor/autoload.php');
var_dump(class_exists('Foo', false));
When run (via php test.php for example), we get the following output:
bool(true)
Additional
Looking over the code around that call to class_exists, it would appear that the controller files should follow a convention such that, for example with the built in Welcome controller and the default settings, the file that defines it should exist at:
application/controllers/Welcome.php
and so after require_onceing that file, the call to class_exists is a reasonably simple sanity check to ensure that the file did in fact define that class. So, based on this assumption about how controllers are added to the CodeIgniter application (ie all in the application/controllers directory and named the same as the class that they define), it's reasonable to bypass the autoloader when performing that check.
If you wanted to ensure the controllers are loaded when needed, the CodeIgniter way, they should be added to the application as listed above.
I'm using phpfastcache https://github.com/khoaofgod/phpfastcache/
when I try to delete the cache I get an error
Warning: unlink(C:\...//sqlite/indexing): Permission denied in C:\...drivers\sqlite.php on line 328
I usually see that kind of error when there is a process not releasing the handle of those files.
Step to reproduce
// Require phpfastcache
require_once 'phpfastcache_v2.1_release\phpfastcache\phpfastcache.php';
// Simple singleton
class MyCache extends phpFastCache
{
private static $istance;
Private $obCache;
function __construct()
{
$option = array('securityKey' => 'aCache', 'path' => dirname(__FILE__));
$this->obCache = parent::__construct('sqlite', $option);
}
public static function getIstance()
{
if( is_null(self::$istance) )
{
self::$istance = new self();
}
return self::$istance;
}
}
// check if cached
if( $CacheData = MyCache::getIstance()->get('aKeyword') )
{
die('Cached');
}
// store in cache
MyCache::getIstance()->set('aKeyword','aValue', 60*60*24);
// clean cache (throw error)
MyCache::getIstance()->clean();
die('No cached');
this is the method of "phpfastcache" that generates the error
function driver_clean($option = array()) {
// delete everything before reset indexing
$dir = opendir($this->path);
while($file = readdir($dir)) {
if($file != "." && $file!="..") {
unlink($this->path."/".$file);
}
}
}
does anyone know how to fix this?
I'm temporarily using #unlink()
I tried but nothing has changed
chmod($this->path."/".$file, 0777);
unlink($this->path."/".$file);
UPDATE
I'm under windows...
UPDATE 2
I installed XAMPP using the admin account, after installation run with admin privileges...
UPDATE 3
Solution:
function driver_clean($option = array()) {
// close connection
$this->instant = array();
$this->indexing = NULL;
// delete everything before reset indexing
$dir = opendir($this->path);
while($file = readdir($dir)) {
if($file != "." && $file!="..") {
unlink($this->path."/".$file);
}
}
}
The solution depends on the environment that serves the script.
If it's CLI, the ability to creating, deleting or modifing files are controlled by the executing user.
If it's a PHP Stack ( WAMP, XAMPP, ZendServer or own Webserver+PHP+MySQL-Stack ) the executing layer ( apache, nginx ) must use an user which has rights to do what you want to do.
In both cases it depends on what you've configured or what had been inherited to your script, directory or drive.
Permission Knowledge could be found here: http://technet.microsoft.com/en-us/library/cc770962.aspx
(Doesn't work under Windows) Try to change permissions before:
chmod($yourfile, '0777');
unlink($yourfile);
is there any way working with Phpfox without memcache service? because i am using hostgator shared server, where as shared server which does not provide any memcache service its only available in dedicated servers only.
I am using Phpfox1.5 is previously hosted in amazon server where mecache service available but its very costly for me so i want to change my site from amazon to hostgator hosting service.
Fatal error: Class 'Memcache' not found in /home/latisse/public_html/spicypeeps.com/include/library/phpfox/cache/storage/memcache.class.php on line 64
Sure, just include a file with this class on top of it:
<?php
// Dummy Memcache for a development environment where Memcache is not installed. Part of mmvc library, https://github.com/kajala/mmvc
// Dependencies: none
//if ( defined('MEMCACHE_COMPRESSED') )
// die( "Memcache seems to be already installed, MemcacheDummy.php should never be included in this case\n" );
define( 'MEMCACHE_COMPRESSED', 1234 ); // dummy value
/**
* Dummy Memcache class for a development environment where Memcache is not installed.
* Note that this class does not do ANYTHING and it is only a convenience for
* the development environment and should never be used in production server.
*/
class Memcache
{
function __construct()
{
}
function connect( $host, $port )
{
assert( is_string($host) );
assert( is_numeric($port) );
return true;
}
function set( $key, $obj, $compressed=false, $expires=0 )
{
assert( is_string($key) );
assert( $compressed === false || $compressed == MEMCACHE_COMPRESSED );
assert( is_numeric($expires) );
return true;
}
function get( $key )
{
assert( is_string($key) || is_array($key) );
return false;
}
}
?>
Note: the code isn't mine, and it is licensed under the BSD license. Original author: link
My website having feature requirement of blogging. I have to make blog which would look same like my website appearance.
How to combine CodeIgniter and Wordpress blogging(only) functionality such that it should look like within same website?
I have seen this question: Wordpress template with codeigniter. But didn't got much clue.
Seems like a bit of overkill.
Why not use a Restful service like json_api to retrieve your posts, then copy over the css file(parts)?
You do this you will need to create 2 files and modify 2 existing functions. One function is in CodeIgniter and the other is in Wordpress.
Here are the steps.
1.) Open your configs/hooks.php file and create a pre_controller hook as follows:
$hook['pre_controller'] = array(
'class' => '',
'function' => 'wp_init',
'filename' => 'wordpress_helper.php',
'filepath' => 'helpers'
);
2.) Create a new file in your helpers directory called 'wordpress_helper.php', and add the following code to it:
/**
*
*/
function wp_init(){
$CI =& get_instance();
$do_blog = TRUE; // this can be a function call to determine whether to load CI or WP
/* here we check whether to do the blog and also we make sure this is a
front-end index call so it does not interfere with other CI modules.
*/
if($do_blog
&& ($CI->router->class == "index" && $CI->router->method == "index")
)
{
// these Wordpress variables need to be globalized because this is a function here eh!
global $post, $q_config, $wp;
global $wp_rewrite, $wp_query, $wp_the_query;
global $allowedentitynames;
global $qs_openssl_functions_used; // this one is needed for qtranslate
// this can be used to help run CI code within Wordpress.
define("CIWORDPRESSED", TRUE);
require_once './wp-load.php';
define('WP_USE_THEMES', true);
// Loads the WordPress Environment and Template
require('./wp-blog-header.php');
// were done. No need to load any more CI stuff.
die();
}
}
3.) Open wp-includes/link-template.php and made the following edit:
if ( ! function_exists('site_url'))
{
function site_url( $path = '', $scheme = null ) {
return get_site_url( null, $path, $scheme );
}
}
4.) Copy url_helper.php from the CodeIgniter helper folder to your APPPATH helper folder
and make the following edit:
if ( ! function_exists('site_url'))
{
function site_url($uri = '', $scheme = null)
{
// if we are in wordpress mode, do the wordpress thingy
if(defined('CIWORDPRESSED') && CIWORDPRESSED){
return get_site_url( null, $path, $scheme );
}else{
$CI =& get_instance();
return $CI->config->site_url($uri);
}
}
}
The steps above will allow you to dynamically load either your CI app or your WP site based on some simple filtering. It also gives you access to all CI functionality within WP of that is something you can use.
I am trying to implement CAS authentication in a CodeIgniter application though I cannot find if there are any libraries currently set up for it. I am managing by just including the class and adding in a few dirty fixes though if anyone knows of a proper library I think it would be a cleaner solution.
I have been looking through a range of posts on here as well as all over Google but seem to be coming up short on what I need. The only place of any relevance is a post on VCU Libraries but that did not include the library download link.
Thanks everyone!
UPDATE: You can find the latest version of the library at Github: https://github.com/eliasdorneles/code-igniter-cas-library
You can also install via sparks: http://getsparks.org/packages/cas-auth-library/versions/HEAD/show
I've started a CAS library to simplify setting up CAS authentication for CodeIgniter, that relies on the existing phpCAS.
To start using it, you just have installation phpCAS in some accessible directory, put the library file in application/libraries/Cas.php and create a config file config/cas.php like this:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
$config['cas_server_url'] = 'https://yourserver.com/cas';
$config['phpcas_path'] = '/path/to/phpCAS-1.3.1';
$config['cas_disable_server_validation'] = TRUE;
// $config['cas_debug'] = TRUE; // <-- use this to enable phpCAS debug mode
Then, in your controllers you would be able to do this:
function index() {
$this->load->library('cas');
$this->cas->force_auth();
$user = $this->cas->user();
echo "Hello, $user->userlogin!";
}
Here is the library file (has to be named Cas.php):
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
function cas_show_config_error(){
show_error("CAS authentication is not properly configured.<br /><br />
Please, check your configuration for the following file:
<code>config/cas.php</code>
The minimum configuration requires:
<ul>
<li><em>cas_server_url</em>: the <strong>URL</strong> of your CAS server</li>
<li><em>phpcas_path</em>: path to a installation of
phpCAS library</li>
<li>and one of <em>cas_disable_server_validation</em> and <em>cas_ca_cert_file</em>.</li>
</ul>
");
}
class Cas {
public function __construct(){
if (!function_exists('curl_init')){
show_error('<strong>ERROR:</strong> You need to install the PHP module <strong>curl</strong>
to be able to use CAS authentication.');
}
$CI =& get_instance();
$this->CI = $CI;
$CI->config->load('cas');
$this->phpcas_path = $CI->config->item('phpcas_path');
$this->cas_server_url = $CI->config->item('cas_server_url');
if (empty($this->phpcas_path)
or filter_var($this->cas_server_url, FILTER_VALIDATE_URL) === FALSE) {
cas_show_config_error();
}
$cas_lib_file = $this->phpcas_path . '/CAS.php';
if (!file_exists($cas_lib_file)){
show_error("Could not find file: <code>" . $cas_lib_file. "</code>");
}
require_once $cas_lib_file;
if ($CI->config->item('cas_debug')) {
phpCAS::setDebug();
}
// init CAS client
$defaults = array('path' => '', 'port' => 443);
$cas_url = array_merge($defaults, parse_url($this->cas_server_url));
phpCAS::client(CAS_VERSION_2_0, $cas_url['host'],
$cas_url['port'], $cas_url['path']);
// configures SSL behavior
if ($CI->config->item('cas_disable_server_validation')){
phpCAS::setNoCasServerValidation();
} else {
$ca_cert_file = $CI->config->item('cas_server_ca_cert');
if (empty($ca_cert_file)) {
cas_show_config_error();
}
phpCAS::setCasServerCACert($ca_cert_file);
}
}
/**
* Trigger CAS authentication if user is not yet authenticated.
*/
public function force_auth()
{
phpCAS::forceAuthentication();
}
/**
* Return an object with userlogin and attributes.
* Shows aerror if called before authentication.
*/
public function user()
{
if (phpCAS::isAuthenticated()) {
$userlogin = phpCAS::getUser();
$attributes = phpCAS::getAttributes();
echo "has attributes? ";
var_dump(phpCAS::hasAttributes());
return (object) array('userlogin' => $userlogin,
'attributes' => $attributes);
} else {
show_error("User was not authenticated yet.");
}
}
/**
* Logout and redirect to the main site URL,
* or to the URL passed as argument
*/
public function logout($url = '')
{
if (empty($url)) {
$this->CI->load->helper('url');
$url = base_url();
}
phpCAS::logoutWithRedirectService($url);
}
}
I recommend using Ion Auth Library, it's built upon Redux Auth, which became outdated. Ion Auth is light weight, easy to customize, and does the things you need. Ion Auth is one of the best authentication libraries for CodeIgniter.
What exactly is not working with the VCU library?
Anything you can do in PHP, you can do in CodeIgniter.
So you can just use the PHP CAS client:
http://www.jasig.org/phpcas-121-final-release
And here is a example of how to authenticate.
https://source.jasig.org/cas-clients/phpcas/trunk/docs/examples/example_simple.php