I usually don't use Smarty but am in the process of editing a prebuilt app, that uses Smarty for templating. It's super easy to check for the login status, but I have searched the Smarty site, docs and the app vendors docs and cannot find a tag of function to check for the initial user login. We need to pass a message to the user at their first login only.. and instead of writing it out I am hoping there is a tag we can use within Smarty, since it's already being used.
Thanks!
You can not do this by Smarty.
To differ the initial login from a later one, you have to store this information somewere. One aproach would be to use PHP and store it in the user database table (table "user", field "first_login").
The other one would be to store it in a cookie on the client side. But I wount suggest it, for you can not rely on it, as the user can turn of cookies.
So you need to find out, weather your application already stores this information in the user db table. Which it does most likely not. Therefore you need to define the db field and set it after login (using PHP). Afterwards you can user $smarty->assign() in your PHP code to publish your message to smarty in case of first login.
Related
Im' developing an app with ionic/cordova and have used the localStorage for many times.
For example I have such a thing:
window.localStorage['is_user_paid'] = 1;
So, if user pay the money, I set this localStorage item.
Now, if another app set this to 1, and run in the device, does my app assume the user is really paid? Is it necessary to use an app key like 2afjx8y_is_user_paid ? Any idea?
When running under Cordova, localStorage is sandboxed to your app; no other apps can see the content within your app's localStorage, nor can they change the contents. Likewise, your app can only see its own localStorage contents.
Now, sandboxed does not mean not readable/editable by the user, however, which is why it is vitally important not to store things like passwords in localStorage -- the file itself is mostly human-readable and easily accessible by your end user. However, apps are prevented from accessing any localStorage other than their own.
Note: there are ways around this when apps from the same company need to share data, but they involve a different storage mechanism.)
I got around this once upon a time by creating a unique identifier within my app (stored not in the code but in the datastore), and I would use it whenever accessing local storage.
The code is predictable enough, the logic is what's important:
Create a value in your datastore (or a file that isn't readable via a URL, like in the GAE that might be an app.yaml file, or whatever) that you use as unique ID. You can do this by hand if you have to. Generate a GUID of some kind and just store it. Don't put it in your dev code or hardcode it into a JS page, make sure it's off to the side (unless you don't care, but you probably should).
Whenever you access local storage, either to get or put, run it through a function that retrieves that info (or already retrieved it as part of bootstrapping the app, whatever works for your context), and just prepend it to whatever you're calling your key.
That way you can continue coding as if you're just using an easy to understand key, like 'user_name', but the stored/retrieved key will look like "abd12342Baa345324w3423sdfs323DD_user_name".
From time to time, if so inclined, you can change that key, set up your code such that if it retrieves 'user_name' with the old key, you swap it out for the new one and continue your ops as usual.
I did this at work for an app in production and all around it was considered a legit way to go about it. I got the approach from a GAE article that shows how to store and retrieve client tokens for Google Login without putting them in your code; you can even store different versions of that UID for dev/qa/prod and whatever else. It's not specific to GAE, the concept should pan out to any environment.
Of course, if another developer on that project decides to use that same function and same GUID, then the problem just moves. A little discipline can clean that up though, I put in a comment above that util function and we never have a problem.
I have got multiple wikis. They all use the same server, assets and domain. They use separate databases and subdomains like so:
de.[myPage].org
en.[myPage].org
es.[myPage].org
Somehow the Login information does not travel with the user, when subdomain is changed.
For Example: Whenever i am logged in as "Max" and change from
de.[myPage].org
to
en.[myPage].org
i get logged out/am not logged in anymore.
How do i fix this? It may be, that databases differ.
Login is done via cookies which contain a user token; if the token matches the one stored in the database, the system accepts you as logged-in. So, you need to share the user table by enabling $wgSharedDB, and you need to share the cookie (which by default your browser limits by domain name) by setting $wgCookieDomain to .[myPage].org.
If this is not an option (e.g. you already have established users in different databases which cannot be merged due to conflicts, or you have different second-level domains) the CentralAuth extension can provide more sophisticated single sign-on, but it's a bit of a pain to administer (as the big bold warning on the extension page suggests).
I am trying to pass a value using a link.
For example, if I want to add an email and password for a user to Sign In straight away in the RainLoop webmail.
I am trying using
http://demo.rainloop.net/?RainLoopEmail="new#email.com"&RainLoopPassword="12345"
or
http://demo.rainloop.net/?RainLoopEmail="new#email.com"&RainLoopPassword="12345"#ID
Is this possible to do?
It is possible but you will have to rewrite the rainloop PHP files by yourself. Also parsing passwords via the GET method is a very bad idea. Get commands will stay in your history so everyone who types in
demo.rainloop.net will see the ?RainLoopPassword="12345" also. It's not recommended, but possible. Another safer solution will be using the POST method. I suspect you will use this for you bookmarks or something? You can make an AJAX page which sends a POST request with the username and password to demo.rainloop.net. This way nobody will see your passwords and the effect is the same.
EDIT: For using an AJAX page you have to own a webserver, or register on a free hosting like http://freehostingnoads.net
When a new user is added to liferay a public page can be created automatically for him.
Where should I look in the source of Liferay to implement such a functionnality ?
Or maybe it's already possible by configuration? If it is so how could I do it?
Thanks
Technically this is done in UserLocalServiceImpl.addUserWithWorkflow(...), but depending on what you really need, you can do part of what you ask for through configuration:
When you create a UserGroup, you can edit the "pages" (or site template) for a usergroup. These pages will be copied/linked to a user's personal site if the user is member of that usergroup. In ControlPanel/Portal/PortalSettings you can choose this usergroup to be the default user group for all newly created users, so that they all get those pages.
Now this doesn't assign a subdomain (like a virtual host) that you mention in the title of this question. If you want to assign a virtual host to the site (called "group" in technical terms when you dig into java code), you'll have to override the method given above (e.g. through a hook that overrides UserLocalService) and configures the user's site/group with a virtual host. However, the UI does not allow to configure virtual hosts for user's sites, but you might be able to do this through the API, e.g. programmatically
If it's enough for you, you can also just implement a blank redirection from http://username.example.com (wildcard on 'username') to http://www.example.com/web/username - e.g. use Apache's mod_rewrite
Finally, i must follow that: http://www.liferay.com/community/forums/-/message_boards/message/10268877.
I just want to user UI, so i must custom portlet to solve that :|
i want to share something with a specific group of people.
the way i want to do it is: before the page is loaded , i prompt a question to the viewer , if the answer is right , then the page is loaded, if the answer is wrong , the user is turn to the warning page.(i want to avoid the registration process, a specific question is ok)
but there is a problem with this : every time the page is reloaded , the user have to type the answer again?
is there anyway that i can avoid this ?
(I assume you don't know how sessions work because you look new to StackOverflow) No, PHP (or other modern server technologies like ASP) have a session system that allows multiple users be online at same time. The server stores session variables in files, one per user. See http://ca2.php.net/manual/en/intro.session.php
You might also be interested in using Apache's .htaccess files to control access: http://httpd.apache.org/docs/2.0/howto/auth.html
(for questions about using .htaccess, check ServerFault)
First, I wouldn't recommend your approach for anything more than a trivial scenario. That being said, you would want to write a page that serves as your security page. On postback, validate the answer, set a session variable, and redirect to the protected page. The protected page should do a check during its load on that same session variable and redirect to the security page if the user has not answered the security question.