I still under development and I don't want to use clean URLs in my Yii2 right now.
I added the following code to the advanced Yii2 project navbar About to make submenu under About:
[
'label' => 'About',
'url' => ['/site/about'],
'items' => [
['label' => 'Invoices', 'url' => 'invoices/index'],
]
],
Normally, the invoices controller is accessed by: /?r=invoices from the client's address bar. However, the above code generates /invoices/index which gives Page not found error because I did not enabled clean URLs yet.
My question is, how could I add, accessible, new menu items as regarded above without clean URLs enabled while keeping the code as it is after enabling clean URLs?
url parameter value is processed by \yii\helpers\Url::to() method:
false (default): generating a relative URL.
true: returning an absolute base URL whose scheme is the same as that in \yii\web\UrlManager::hostInfo.
string: generating an absolute URL with the specified scheme (either http or https).
So if you pass a string to url parameter, it will be treated as absolute url. In order to create url for given route, you need to pass array, then it will be processed by \yii\helpers\Url::toRoute():
'url' => ['invoices/index'],
It will consider UrlManager settings, such as $enablePrettyUrl.
Related
'urlManagerBackend' => [
'class' => 'yii\web\urlManager',
'baseUrl' => 'http://backend.test',
'enablePrettyUrl' => true,
'showScriptName' => true,
],
then I want to display the image saved under uploads directory
<img src="<?= Yii::$app->urlManagerBackend->baseUrl; ?>/uploads/logo.jpg>
the problem is this url must not be hardcode like this:
'baseUrl' => 'http://backend.test',
The only way how to dynamically determine the domain of the other application (for example the backend from your frontend) would be by parsing the web server's configuration files.
The domain for current application (the one you can get with Url::base(true)) is determined from the request headers or variables set by web server. But those are available only for current application, not for any other application even if they are part of same project.
If you want to parse web server's configuration files than you will have to face three major challenges:
Different web servers have different syntax for configuration files.
Configuration files might be located anywhere.
You might not have access rights to read the configuration files.
So it might be better to try to think about some workaround instead of insisting on determining the domain dynamically.
Make a deploy script that would ask for the backend domain. The one who will be deploying your application on production servers will know the domain for the backend application and can enter it during deployment process. The deploy script will then set the entered backend domain in your configuration files.
Make a page in backend that must be visited before accessing the frontend application. You can determine the domain for backend when the page in backend is visited then set that domain in frontend configuration files. If the frontend is accessed before the domain for backend is set you will only display the notice that the backend page must be accessed first.
In the config folder there should be a file called params.php. If you have something like this
<?php
return [
'adminEmail' => 'admin#example.com',
'baseUrl' => 'http://backend.test',
];
You can use it in your code like this
<img src="<?= Yii::$app->params['baseUrl']; ?>/uploads/logo.jpg>
Then when you move to live, you just need to edit the params.php file.
Too long comment so I need to put it here.
But I'm just wondering in which case that makes sense, except if you are creating web applications, sites, ..., through your application, which I doubt you do.
You know your local domain (use local environment and put urls).
You will know your dev domain (use dev environment and put urls).
You will know your production domain (use prod environment and put urls).
You can also have multiple applications inside yii2 project, so for example,
10 applications across 3 envs, that is 30 urls which you will enter in you configs.
Can you please tell me, how you will access your app if url is dynamically determined -> without using anything else except Yii?
What is your step? You are typing in your browser what? Then we can proceed. Maybe we misunderstand each other.
urlManagerBackend' => [
'class' => 'yii\web\urlManager',
'baseUrl' => 'http://backend.test',
'enablePrettyUrl' => true,
'showScriptName' => true,
]
If you are wondering you can also have multiple urlManagerBackend components across Yii2 environments. Just like with params. Add it on multiple corresponding places at config. So in specific environment you place at same file only key => values which you need to override.
You could simply use Assets and Aliases for this:
If you have a backup/web/uploads/ folder in which you save images uploaded via your backend and you'd like to display those images on your frontend.
Create a new asset file in your frontend/assets/, let's call it BackendAsset.php:
<?php
namespace frontend\assets;
use yii\web\AssetBundle;
class BackendAsset extends AssetBundle {
public $sourcePath = '#backend/web/uploads';
}
where $sourcePath is the backend-folder (source) you'd like to access on the frontend. The #backend alias is predefined in the advanced template, so we'll use it.
Now in our view we can simply use the BackendAsset:
<?php
use frontend\assets\BackendAsset;
$backend = BackendAsset::register($this);
?>
and now we can easily display a file, let's say backend/web/uploads/somefile.jpg:
<img src="<?= $backend->baseUrl . '/somefile.jpg' ?>" >
NOTE: Using the asset in this way copies all the files from the backend/web/uploads to an asset folder in the frontend. To prevent that, you can tell your application not to copy the files, but to link to them (creating SymLinks) instead, unsing linkAssets (yii2 docu):
In your app configuration (in this case frontend/config/main.php), set the linkAssets parameter to TRUE:
'components' => [
'assetManager' => [
'linkAssets' => true,
]
]
I solve this problem by saving the full url in the database.
What about putting a reverseproxy (e.g. nginx) in front of the frontend-server?
Could be configured like:
http://frontend/backend/* -> forwards everyhing to the backend service, the rest will still go to the frontend server.
The configuration (in this case the location of the backend server) of this reverseproxy can be changed any time (also after deployment).
Could that be a viable scenario?
I initially created an app and starting developing it using only the data:read scope. I have now realized that I need the data:create scope as well.
Is there something within the app settings that I need to change?
Does the create scope include read permissions and then write scope include create and read - or does that scope have to be sent separately?
If separately, how is that done when the user is granting permission to the app? Is it something like &scope=data:read&scope:create
I don't have to store and then use two tokens, do I?
How is this handled when using curl? Are the read and create scopes sent in an array like so ...
$response = $client->request('POST', 'https://developer.api.autodesk.com/authentication/v1/gettoken', [
'form_params' => [
'grant_type' => 'authorization_code',
'code' => $authCode,
'client_id' => $FusionID,
'client_secret' => $FusionSecret,
'redirect_uri' => 'https://www.example.com/fusionauth',
'scope' => array('data'=>'create', 'data'=>'read')
]
]);
Again, it may be that you only use the scope you need and you have to store separate tokens, but that doesn't seem right to me.
Is there something within the app settings that I need to change?
If by app settings you meant in the Forge App portal then you only have to specify there the APIs (make sure they are checked on the page) that your app will need to access.
Does the create scope include read permissions and then write scope include create and read - or does that scope have to be sent separately?
No doesn't work like that - you will need to specify each one of them explicitly.
If separately, how is that done when the user is granting permission to the app? Is it something like &scope=data:read&scope:create
Nope the scope variables are delimited by space. For 3-legged oauth you will need to obtain an authorization code through redirecting the user to authenticate at our login portal before you go for access tokens and there you will need to indicate the redirection address and scope combinations in the request URL (don't forget to URLEncode them) such as https://developer.api.autodesk.com/authentication/v1/authorize?response_type=code&client_id=obQDn8P0GanGFQha4ngKKVWcxwyvFAGE&redirect_uri=http%3A%2F%2Fsampleapp.com%2Foauth%2Fcallback%3Ffoo%3Dbar&scope=data:read. See here for details.
And check out our official PHP client SDK - should save you tons of effort and time.
I don't have to store and then use two tokens, do I?
If your token carries sufficient permissions (say data:read and data:create) then no.
How is this handled when using curl? Are the read and create scopes sent in an array like so ...
For cURL see samples here: https://forge.autodesk.com/en/docs/oauth/v2/tutorials/get-2-legged-token/
And like we went through above you will need to specify the scopes when redirecting the user to authenticate so in your request to fetch the eventual access token you'd should something like:
$response = $client->request('POST', 'https://developer.api.autodesk.com/authentication/v1/gettoken', [
'form_params' => [
'grant_type' => 'authorization_code',
'code' => $authCode,
'client_id' => $FusionID,
'client_secret' => $FusionSecret,
'redirect_uri' => 'https://www.example.com/fusionauth'
)
]
]);
I'm a serious newbie as it comes to Zend and I'm now forced to work with Zend 3 (and learn it). Fellow developers have done parts of the application and now I'm cloning it on my side.
I receive "Database not selected" in the error log - I have set database.local.php and I think they've set everything else. Credentials are correct.
I'm working on Windows.
Is there anything else I could be missing as it comes to settings or database connection?
Thanks. I will provide any additional info if needed.
As we're dealing with both Zend Framework AND a configuration issue, for your next question, please make sure to also include file paths and such.
I'm proceeding with this answer under the assumption that you've created your file here: /config/database.local.php.
Note: using ZF3 myself, I, of course, tried to find your error message "Database not selected", however it comes back with no results. Make sure you copy and paste error messages so users of any framework, cms or another system can more easily help you out.
You'll find the problem you're facing in the application.config.php file (in the /config folder. In here you'll find the following config:
// Retrieve list of modules used in this application.
'modules' => require __DIR__ . '/modules.config.php',
// These are various options for the listeners attached to the ModuleManager
'module_listener_options' => [
// ... other config
// An array of paths from which to glob configuration files after
// modules are loaded. These effectively override configuration
// provided by modules themselves. Paths may use GLOB_BRACE notation.
'config_glob_paths' => [
realpath(__DIR__) . '/autoload/{{,*.}global,{,*.}local,{,*.}deploy,{,*.}development}.php',
],
// ... other config
],
Any of the *.local.php or *.global.php config files should be placed in /config/autoload/. Though, if you modify the above config, you could technically place it wherever you'd like.
Next, make sure you have the Zend\Db module enabled in your configuration. Open up the /config/modules.config.php file and make sure Zend\Db is in the list of Zend modules to be loaded in.
Lastly, you have not provided the config you used, so I'm assuming you made a mistake there. Use something like the config below in your /config/autoload/database.local.php file. Technically you could split this over 2 files; a global and a local file. Local files are (/should) not be committed into version control history and as such can contain usernames and passwords. Any other config, such as using Pdo for a driver could go into global config.
'db' => [
'driver' => 'Pdo',
'dsn' => 'mysql:dbname=zf3;hostname=localhost',
'username' => 'root',
'password' => 'root',
'driver_options' => [
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES \'UTF8\''
],
],
I am new to Yii framework.
I have downloaded Yii2, and Yii2 Advanced Application.
I want to create 2 URLs for front and for admin panel.
Front-end URL: http://localhost/advanced
Back-end URL: http://localhost/advanced/admin
How can I do this?
After downloading the Yii2 advanced template archive. Install the advanced Yii2 using this link Yii2 advanced installation guide
Follow all the steps in "Preparing application" section of above url.
After following all steps you are ready to go. Now you can access frontend and backend i.e
For ex:
FRONTEND: http://localhost/advanced/forntend/web
BACKEND: http://localhost/advanced/backend/web
Create admin panel in yii2 backend. Please follow this url Backend Admin panel
I know i am late to answer but i want to help other guys which are new to Yii2. I hope my points will be helpful.
The url routing subject is quite broad. You should start by reading the detailled documentation http://www.yiiframework.com/doc-2.0/guide-runtime-routing.html
Basically, you register an urlManager component in the application config. In the following example, front and admin are 2 controllers with an index action.
new yii\web\Application([
...
'components' => [
'urlManager' => [
'enablePrettyUrl' => true,
'enableStrictParsing' => true,
'showScriptName' => false
'rules' => [
'advanced' => 'front/index'
'advanced/admin' => 'admin/index'
]
],
]
...
])
The advanced application template was never designed to do that because it is two separate applications that requires two separate domains (subdomain for 'admin' is fine).
What you want to use instead is yii2-app-practical-a which does exactly what you want. :)
You have the main application you can access by your main URL - http://localhost/advanced and a back-end you can access by the main URL with admin appended: http://localhost/advanced/admin.
Error:
Unable to verify your data submission error
Create one public function in Yii2. But, submit data not accept in this method,
see following error images. Why is this happen?
If you create the form manually (i.e. without using the yii form methods), you should add an input field like this:
<input type="hidden" name="_csrf" value="<?=Yii::$app->request->getCsrfToken()?>" />
source: http://zero-exception.blogspot.com/2015/01/yii2-using-csrf-token.html
Add this in the head section of your layout: <?= Html::csrfMetaTags() ?>
There are various solutions to this problem, I guess understanding why it happened in the first place helps solve the problem.
It is either caused by an invalid csrf token,user generated csrf token, expired csrf token, all these 'csrf' issues will arise when you have custom forms built not using the 'ActiveForm' class.
If CSRF is not the issue,
Its other cause occurs when you try to upload multiple files and the web server cannot handle the load. Some properties to check on this to make sure you are on the right track is to claculate the size of files one is attempting to upload and check the web server's post_max_size and upload_max_filesize
If you are running linux, check php.ini file for inputs like these:
; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; http://php.net/post-max-size
post_max_size = 8M
; Whether to allow HTTP file uploads.
; http://php.net/file-uploads
file_uploads = On
; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
upload_max_filesize = 2M
Based on your calculations, adjust the above php.ini parameters to suite your needs, then test.
I had a similar problem and I solved it.
To permanently disable csrf validation in whole application add below code in your configurations.
$config = [
'components' => [
'request' => [
'enableCsrfValidation' => false,
],
],
];
Also sometimes you can get this error using Yii 2.0 due to the post_max_size, upload_max_filesize, max_input_time also too maybe the webserver can be trimming the post so verify on nginx - client_max_body_size or in apache - LimitRequestBody
Disable for only specific action
/**
* #inheritdoc
*/
public function beforeAction($action)
{
if ($action->id == 'my-action') {
$this->enableCsrfValidation = false;
}
return parent::beforeAction($action);
}
Check whether there is hidden input in your form with CSRF token. It should look like
<input type="hidden" name="_csrf" value="ZEZ6Y0xrY3ARGS42fTwhMQgkDgF6BCEGEx4SMXQMBR4CPy0iPCIwNQ==">
A long story has been discussed here github
So disabling csrf somehow unsure for ajax request. I have met this issue many times.
So remember to send _csrf key when you send data by POST via ajax.
Updated from yii 2.0.12 to 2.0.30
Have this bad request error 400
Got the Html::csrfMetaTags() in the header layout.
using activeform,therefore is not caused by missing csrf token in the
form. And checked already through inspect.
I solved this through adding below code to the backend/config/main.php.
'components' => [
'request' => [
'csrfParam' => '_backend_csrf',
],
Is it a correct way or will it cause security issue?
A little differentiation to dchakarov's answer due to Yii2 tiers using instead of
_csrf variable _frontendCsrf.
<input type="hidden" name="_frontendCsrf" value="<?=Yii::$app->request->getCsrfToken()?>" />
This is a second time this question did not help me even though I posted a comment previously, so I have to post a response.
$csrf = \yii::$app->request->csrfParam;
$token = \yii::$app->request->csrfToken;
//start from
echo Html::hiddenInput($csrf,$token);
//end from
Switched website form https to http and had the issue come up. Updated the request config by commenting the below lines to resolve.
'request' => [
'cookieValidationKey' => 'SomeRandomKeyValidationString',
//'csrfCookie' => [
// 'httpOnly' => true,
// 'secure' => true,
//],
Add this in your controller:
public $enableCsrfValidation = false;