I am creating a component where registered users will be able to use the features of my component.
My component has a some forms and views. I want to allow only logged in users to access links to my component.
How can i add extra custom fields to the User Registration form of Joomla? I have some extra fields to capture like address and company name.
How can i integrate the authentication with my component?
How can i accomplish my component without creating again the functionality of User registration and authentication.
As i know that i can use joomla user registration and integrate it with my component. But i Dont know how to do it.
Kindly Help
Thanks
There are lots of ways you can accomplish that.
OFC best methods are always integrating without doing core hacks. That said i would suggest two ways.
There are lots of plugins or components which extend the user registration fields. But these are solutions on themselves, so it will be of no use for your component which holds own data (adress, company, etc.).
You simply create a registration frontend view for your component using the joomla users model. That way users can register thru your component and add all extra fields you like. You just have to take care to add the non standard fields to your db tables in the model.
If you realy dont want to create a registration form on your own, you can create an User Plugin in combination of an content override for the registration form. The plugin would than take care of adding the extra fields to your db tables. The correct User Event would be:
function onAfterStoreUser($user, $isnew, $success, $msg) {
...
if ($isnew)
{
myComponent::createExtraFields($user['id'], $args); }
else
{
myComponent::updateExtraFields($user['id'], $args);
}
...
}
Related
i making route for updating user profile data i come with this solution
Router.route("/login").post(userController.Login);
Router.route("/register").post(userController.Register);
Router.route("/profile/update/cover").patch(userController.UpdateProfileCover);
Router.route("/profile/update/details").patch(
userController.UpdateProfileDetails
);
Router.route("/profile/update/photo").patch(userController.UpdateProfilePhoto);
Router.route("/profile/update/email").patch(userController.UpdateProfileEmail);
Router.route("/profile/update/password").patch(
userController.UpdateProfilePassword
);
the app will allow user to upload images and verfiy email and password
is this a good practice or there are alternative when it come to this type of situation
You are basically doing the following
SELECT entity from User -> Validate -> Update User's Entity
On every time user is calling the API, why not adding save button to on your UI and send all changes all at once, this will help reducing queries and resources needed, this is crucial especially when you scale.
other than that it is acceptable.
I'm making a web app where users can create pages, edit them, and delete them. In developing the prototype, I have a user access a route such as:
localhost:8000/mypage/1
The "1" in the URL refers to the ID in the database, so that the controller can fetch the appropriate associated data and populate the page accordingly.
The obvious problem here is that a user can plug in any number to that URL and edit someone else's page.
One obvious fix would be to add logic that checks whether or not page '1' belongs to the Auth::user(). But this would be an if statement that I have to add to every controller that carries out such function.
When I think about other sites, they never have ID's in the URL, or if they do, they look 'encrypted' in some form. What is the best practice for changing an ID into some uninterpretable string that I frequently see done on other websites?
Thank you for any help.
why don't you just use a middleware that check if the route can be acceded by the user? then you can call it with
$this->middleware('middlewareName');
in the controller that you need it or even in the web.php if you want a whole set of routes protected
I have installed two different PHP frameworks Laravel 5.3 and Yii2 advanced. Both frameworks provide authentication out of the box which is great.
And both have the checkbox Remember me on the login page.
In Laravel, I have found that there is a remember_token field on users table which is as per my understanding used for the remember me feature.
But there is no such extra field on Yii2's user table.
So, I guess both provides the same feature but working differently. So I want to know that how that feature is working on both the frameworks?
Any help would be appreciated.
Note: I'm asking this because I have one system built with Yii2 and now I'm going to build a new system with Laravel. New Laravel system will use the same user table of the Yii2. Means the user can login into both the system with the same credentials.
Thanks,
Parth vora
Yii2 have auth_key - its default name, but you can define ur own column name and then declare it in identity class, which implements yii\web\IdentityInterface, in function getAuthKey().
The remember me function in Yii 2 (and most php frameworks) makes use of cookie-based login.
From the docs:
getAuthKey() returns a key used to verify cookie-based login. The key is stored in the login cookie and will be later compared with the server-side version to make sure the login cookie is valid.
Yii uses the auth_key field by default. That's probably the same field as Laravel's remember_token.
How it works is as follows:
Login with the remember me field checked.
Yii sets a cookie containing the user's (serialized) id, auth_key and duration (amount of seconds representing the duration of validity for this cookie). In yii2, the cookie name is specified by the identityCookie array in the config (user component).
All guests' requests are checked for the existance of the cookie, if it exists and is valid, the user is logged in.
That's basicly how cookie based logins work, so I'm assuming that Laravel uses a similar, if not exact same implementation.
Following scenario:
I have a multi tenant web application in Yii2' advanced template.
This application has three portals:
- backend
- dashboard
- frontend
Each portal has its own user table for authentication.
(-frontend_user,
-dashboard_user,
-backend_user)
Frontend and dashboard can reached with the tenant's name at the end, e.g.:
When a user tries to login to dashboard or frontend I have to check if they have a right to login.
This happen via contingency table (e.g.: dashboard_user_tenant)
Now I want to build a rbac for the dashboard application.
But roles should not hang at the dashboard user but at dashboard_user_tenant (the contingency table),
because rights can change in each tenant's dashboard.
Yii2 has its own rbac system, but as I understand so far, it doesn't fit on my needs.
Any chances to customize Yii2's rbac or is it better to build my own custom solution? Maybe my own component?
I hope my description is clear enough :)
I had a similar desire in one of my projects, but I didn't create my own full RBAC system, instead I overwrote a way of checking for the roles
In my User component class, I extend the \yii\web\User, and also overwrite the can() function of that class. That lets me use my own way of checking for the appropriate permissions. For example
<?php
namespace app\modules\users\models;
use Yii;
use yii\web\User as WebUser;
use app\modules\users\models\UserPermissionManager;
class User extends WebUser
{
public function can( $operation, $params = [], $allowCaching = true )
{
if(Yii::$app->user->isGuest)
{
return false;
}
return ( new UserPermissionManager() )->has( $operation );
}
}
In the UserPermissionManager class, it queries a database table that is full of permissions such as "users:access", "users:edit", etc
They all have a certain user level assigned to them which relates to the user level I have set in my Users database table.
All the can() function needs to do is return true or false, depending on if this user has the permission to do what it's being asked. You can handle this however you like really.
It's quite a big system to explain fully in one post but I hope it's helped slightly, feel free to let me know if I can explain anything any better!
I'm currently working on a platform which is planned to coordinate the communication with customers in future. Users can be added to projects and have certain rights. Therefore users are assigned to different user roles (admin/manager/member/viewer). Admins can view all projects and are allowed to add other users to a project. If a user (e.g. role:member) is added to a project, he will have certain rights (depending on the role), if not, he is not allowed to access the project at all.
I'm using Cake's ACL Component and everything is working great, when i disregard if a user is added to a project or not. The only solution I can think of, is not to grant rights on the group-level, but on the user-level when an admin adds an user to the project.
Is there an easier way to solve this issue? Otherwise I'm afraid that the code would become totally confusing.
There is a another way (I don't really know if easier, depends on your point of view). The ACL component only helps you to create roles, but you need a role and project-access management, right?
What I do in this cases:
Create a Project_Permission table in your database (give it a better name, I'm lacking imagination). Depending on your project, create the associations: a user can be related to many projects and a project can have many users accesing it. If you are following the cake conventions (and your tables are named users and projects) and it doesn't interfere with what you already have, the table should be
PROJECTS_USERS
id
project_id
user_id
created and modified //if you want to
Create appropriate actions where the admin (or other type if users, that's up to you)
can add users to projects and save that many-to-many association in
the previously created table.
Since the authorization for the project does not come from the ACL component, you have to create an "authorization" function yourself. I recommend putting this in the beforeFilter() function of the AppController (if you don't have an AppController, you'll have to do it in every controller you want this to work). In this function, check if the logged user is in the existing table and has an association with the project. Something like:
function beforeFilter() {
//let's assume you have the project id somewhere, in a global variable like $this->_projectID
$user = $this->Session->read('Auth.User.id');
$project = $this->Project->find('first', array('conditions'=>array('id'=>$this->_projectID, 'User.id'=>$user)
if (count($project) > 0) {
//the user has permission to see the project
} else {
//he doesn't
}
}
It's difficult to give an actual code because I'm not sure of your model associations nor where do you want the code or if you have the variables needed for this available everywhere, but I hope you get the idea. After that it's just a matter of how you want to handle the restriction of access (normally a flash message and redirection is involved).
I hope this is clear enough :S