Yii is handling $_GET for clean url only - yii

i am trying to allow accessing the $_GET for both clean url and normal get request in YII (Yii 1.1.14), so for example if i have a controller Cities and action getCities that var_dump($_GET) only
1- http://example.com/cities/getCities/country_id/100
==> the output is array(1) { ["country_id"]=> string(3) "100" }
2- http://example.com/cities/getCities?country_id=100
==> the output is array(0) { }
my urlManager is
'urlManager' => array(
'class' => 'ext.localeurls.LocaleUrlManager',
'languageParam' => 'lang', // Name of the parameter that contains the desired language when constructing a URL
'urlFormat' => 'path',
'showScriptName' => false,
'caseSensitive' => false,
'rules'=>array(
'login'=>'/home/login'
)
),
how could i allow Yii to recognize $_GET in both cases above?
EDIT
i am using nginx 1.6. GET params (?x=y) is working fine on other Yii projects, only this project doesn't. I changed the web-server to apache, and i got it working on this project!!! although this project has the same nginx configurations like others!!

Related

Friendly URL problem in front module - Prestashop

I am building a front module for a website that is using 301 Moved Permanently option in SEO and URLs configuration.
Wesbite uses Prestashop 1.6.1.9.
In module, I am defining the route like this:
public static $ModuleRoutes = array(
'module-aacategories-viewmapping-mapping' => array(
'controller' => 'viewmapping',
'rule' => 'mappings{/:tree}',
'keywords' => array(
'tree' => array('regexp' => '[/_a-zA-Z0-9-\pL]*', 'param' => 'tree'),
),
'params' => array(
'fc' => 'module',
'module' => 'aacategories',
)
)
);
In browser address bar, when I enter:
site.local/en/mappings/test-map/first-test
I get:
Please use the following URL instead:
site.local/en/index.php?controller=viewmapping&tree=test-map%2Ffirst-test&module=aacategories
This latter link gives 404. However, when I append &fc=module to the url, it goes to desired page.
The problems:
1- How to force Prestashop routing to append &fc=module at the end?
2- How to keep the friendly url in address bar and not be redirected?
Note: When I change configuration in SEO and URLs to no redirection, then it works. But it is not the configuration needed in prod.
Your help is much appreciated. Thanks in advance.
The problem is you are setting public property $php_self in your module controller.
You need to remove the property so that core front controller does not do a canonical redirect.
The code that does this is in FrontController.php line 378.
if (!empty($this->page_name)) {
$page_name = $this->page_name;
} elseif (!empty($this->php_self)) {
$page_name = $this->php_self;
} elseif (Tools::getValue('fc') == 'module' && $module_name != '' && (Module::getInstanceByName($module_name) instanceof PaymentModule)) {
$page_name = 'module-payment-submit';
}
// #retrocompatibility Are we in a module ?
elseif (preg_match('#^'.preg_quote($this->context->shop->physical_uri, '#').'modules/([a-zA-Z0-9_-]+?)/(.*)$#', $_SERVER['REQUEST_URI'], $m)) {
$page_name = 'module-'.$m[1].'-'.str_replace(array('.php', '/'), array('', '-'), $m[2]);
} else {
$page_name = Dispatcher::getInstance()->getController();
$page_name = (preg_match('/^[0-9]/', $page_name) ? 'page_'.$page_name : $page_name);
}
And then does a canonical redirect if you set that property on line 401.
if (!empty($this->php_self) && !Tools::getValue('ajax')) {
$this->canonicalRedirection($this->context->link->getPageLink($this->php_self, $this->ssl, $this->context->language->id));
}

Silex security doesn't ask name and password

I am using Silex and apache. I want to disallow access for anonymous users to localhost/admin page. I read docs, docs of SimpleUserProvider and create the following index.php:
<?php
require_once __DIR__.'/../vendor/autoload.php';
use Silex\Provider;
use Symfony\Component\HttpFoundation\Request;
$app = new Silex\Application();
$app->register(new Provider\SecurityServiceProvider());
$app->register(new Provider\SessionServiceProvider());
$app->register(new Provider\TwigServiceProvider(), [
"twig.path" => __DIR__.'/../views'
]);
$app['debug'] = true;
$app['security.firewalls'] = array(
'default' => array(
'pattern' => '^/',
),
'secured' => array(
'pattern' => '^/admin/',
'form' => array('login_path' => '/login', 'check_path' => '/login_check'),
'users' => array(
'admin' => array('ROLE_ADMIN', '5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg=='),
'daria' => array('ROLE_USER', '5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg=='),
),
),
);
$app['security.access_rules'] = array(
array('^/admin', 'ROLE_ADMIN', 'https'),
array('^.*$', 'ROLE_USER'),
);
$app -> boot();
$app->get('/', function () {
return 'Hello from Silex container.';
});
$app->get('/admin/', function() {
return "Admin page";
});
$app->get('/login', function(Request $request) use ($app) {
return "Login page";
});
$app->get('/logout/', function() {
return "Logout page";
});
$app->get('/admin/login_check/', function() {
return "Admin login check page";
});
$app->run();
As Symfony 2 docs says, if I request to localhost/admin, I should see input fields for pass and login in alert.
So when I go to 'localhost' all are right, I see correct message. But when I go to 'localhost/admin' I expect that browser will ask with alert my login and password. But it doesn't happens, I get 'ERR_CONNECTION_REFUSED Site localhost disallow connection'. In apache log I have 301 http code. Is it normal behavior that browser doesn't ask login/password with alert? If yes, what should I add to code to change that behavior?
P.S. I know that hardcoded login and password are terrible, but I am just started Silex and it doesn't matter.
I think that you get ERR_CONNECTION_REFUSED error because of redirect to https. Try to remove this redirect by changing array('^/admin', 'ROLE_ADMIN', 'https'), to array('^/admin', 'ROLE_ADMIN'),.
Remove default section from firewalls. This section is first, catches all requests and doesn't require authorization.
If you want standard alert with user/password prompt, specify http entry point instead of form.
$app['security.firewalls'] = array(
'secured' => array(
'pattern' => '^/admin/',
'http' => array(),
'users' => array(
'admin' => array('ROLE_ADMIN', '...'),
'daria' => array('ROLE_USER', '...'),
),
),
);

How to separate Cakephp session and Yii session

I have a Cakephp application and Yii application running on the same server. And their session config are
Cakephp:
Configure::write('Session', array(
'defaults' => 'php',
'ini' => array(
'session.cookie_path' => '/cakephp_app',
),
'cookie' => 'PHPSESSID'
));
Yii:
'session' => array(
'autoStart' => true,
'timeout' => 5400,
'sessionName' => 'YIIAPP',
)
I supposed their session will be separated, but the result is negative.
Since the cakephp app is already in production, so what can I do to separate the Yii session from the cakephp session?
And can anyone tell me how come my Yii is still using the PHPSESSID session, rather than then 'YIIAPP' session?
I've tested this and adding:
'sessionName' => 'YiiAPP'
worked first time for me.
However, I then added
session_start()
To my index.php file - and this then shows the PHPSESSID. So I suspect somewhere in your code you are using session_start() - which Yii doesn't need. It starts its own session automatically.

Csrf token isn't being created in subdomain

I activated csrf protection on my project which runs on Yii framework.
Csrf token is being created when base domain runs like "www.example.com".
But it isn't being created when the subdomain runs like "admin.example.com".
The configuration:
'components'=>array(
'request' => array(
'class' => 'application.components.HttpRequest',
'enableCsrfValidation' => true,
),
...
What is the problem in my code or is it about the server?
You can configure the CSRF cookie params in the request component in your main.php configuration:
'components' => array(
'request' => array(
'csrfCookie' => array(
'domain' => '.example.com',
),
),
),
Check out the other cookie options. You may also have to tweak the cookie path. This may also be helpful:
How do browser cookie domains work?

SSL for a website in Kohana

I have a website in Kohana 3.0.7 and I have purchased SSL certificate. I have marked the success page to which pay pal transaction details are returned with https. After the database is updated, I added following code -
$this->request->redirect('business/fnc_manage');
But this page is loaded with https and not loaded properly on Google Chrome.
If I try as following, it gives me 500 error -
header("Location:"+url::base()+"business/fnc_manage");
exit();
How can I get rid of this ? Does this mean that I'll have to ensure that all the resources loaded should be served over https ?
If yes, then I might have to change all the paths. How can I do it for HTML helpers ?
I have not tried it but I'd say changing the base_url in your bootstrap.php could help:
Kohana::init(array(
'base_url' => 'https://yoururlhere.com',
'index_file' => FALSE,
'charset' => 'utf-8',
'cache_dir' => APPPATH . 'cache',
'errors' => TRUE,
'profile' => Kohana::$environment !== Kohana::PRODUCTION,
'caching' => Kohana::$environment === Kohana::PRODUCTION,
));