I activated csrf protection on my project which runs on Yii framework.
Csrf token is being created when base domain runs like "www.example.com".
But it isn't being created when the subdomain runs like "admin.example.com".
The configuration:
'components'=>array(
'request' => array(
'class' => 'application.components.HttpRequest',
'enableCsrfValidation' => true,
),
...
What is the problem in my code or is it about the server?
You can configure the CSRF cookie params in the request component in your main.php configuration:
'components' => array(
'request' => array(
'csrfCookie' => array(
'domain' => '.example.com',
),
),
),
Check out the other cookie options. You may also have to tweak the cookie path. This may also be helpful:
How do browser cookie domains work?
Related
For TYPO3 6.2 I cannot manage to have real url setup for tt_news. I use bootstrap package 6.2.8 , realurl 1.12.8 and tt_news 3.6.0.
I get url :
.../blog/articol.html?tx_ttnews[tt_news]=11&cHash=d92d53eafcb2e8c331829520e053c3c7
and should be :
.../blog/articol/title/
I try to add configuration used in version 4.5.32 but nothing was changed.
Any clues on how I should solve it?
check path to your realurlconf.php or real_urlconf.php config file in the extension config
add 'noMatch' => 'bypass' in
'preVars' => array(
array(
'GETvar' => 'no_cache',
'valueMap' => array(
'no_cache' => 1,
),
'noMatch' => 'bypass',
),
also for me day was missing!
array('GETvar' => 'tx_ttnews[day]' ,
'noMatch' => 'bypass',),
I have some question about yii authentication.
can yii create authentication for module and for site separated authentication. for example I have module learnings it will have it's own authentication. and also site has own authentication.
somesite/login - this will be site login
somesite/module_name/login - this will be module authentication
and then it can't access user from site login to module actions and
user from module login can't access site actions
where need authentication
let assume Admin is your module ,
Inside your admin/AdminModule.php file, add the following lines to the 'init' function
Yii::app()->setComponents(array(
'errorHandler' => array(
'errorAction' => 'admin/default/error',
),
'user' => array(
'class' => 'CWebUser',
'stateKeyPrefix' => '_admin',
'loginUrl' => Yii::app()->createUrl($this->getId() . '/default/login'),
),
));
for more info Module based login yii
When I go to http://localhost/project/rights I get the below error:
Alias "rights.RightsModule" is invalid. Make sure it points to an existing PHP file and the file is readable.
I doubled checked my path. I already have user extension in modules folder and it works just fine. I've extracted rights in protected/modules/rights.
And this is my config/main.php file:
<?php
$sitedes = 'blah blah';
if($_SERVER['HTTP_HOST'] == 'localhost')
{
$dbhost = 'localhost';
$dbname = 'dbproject';
$dbuser = 'root';
$dbpass = '';
}
// uncomment the following to define a path alias
// Yii::setPathOfAlias('local','path/to/local-folder');
// This is the main Web application configuration. Any writable
// CWebApplication properties can be configured here.
return array(
'basePath'=>dirname(__FILE__).DIRECTORY_SEPARATOR.'..',
'name'=>'Project',
'timeZone' => 'Asia/Somewhere',
// preloading 'log' component
'preload'=>array('log'),
// autoloading model and component classes
'import'=>array(
'application.models.*',
'application.components.*',
'application.modules.user.models.*',
'application.modules.user.components.*',
'application.modules.rights.*',
'application.modules.rights.components.*',
),
'modules'=>array(
'gii'=>array(
'class'=>'system.gii.GiiModule',
'password'=>'gii',
// If removed, Gii defaults to localhost only. Edit carefully to taste.
'ipFilters'=>array('127.0.0.1','::1'),
),
'user'=>array(
# encrypting method (php hash function)
'hash' => 'md5',
# send activation email
'sendActivationMail' => true,
# allow access for non-activated users
'loginNotActiv' => false,
# activate user on registration (only sendActivationMail = false)
'activeAfterRegister' => false,
# automatically login from registration
'autoLogin' => true,
# registration path
'registrationUrl' => array('/user/registration'),
# recovery password path
'recoveryUrl' => array('/user/recovery'),
# login form path
'loginUrl' => array('/user/login'),
# page after login
'returnUrl' => array('/user/profile'),
# page after logout
'returnLogoutUrl' => array('/user/login'),
),
'rights'=>array(
'install'=>true,
),
),
// application components
'components'=>array(
'user'=>array(
'class'=>'RWebUser', // Allows super users access implicitly.
),
'authManager'=>array(
'class'=>'RDbAuthManager',
),
'urlManager'=>array(
'urlFormat'=>'path',
'showScriptName'=>false,
'rules'=>array(
'<controller:\w+>/<id:\d+>'=>'<controller>/view',
'<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',
'<controller:\w+>/<action:\w+>'=>'<controller>/<action>',
),
),
/*
'db'=>array(
'connectionString' => 'sqlite:'.dirname(__FILE__).'/../data/testdrive.db',
),
*/
// uncomment the following to use a MySQL database
'db'=>array(
'connectionString' => 'mysql:host='.$dbhost.';dbname='.$dbname,
'emulatePrepare' => true,
'username' => $dbuser,
'password' => $dbpass,
'charset' => 'utf8',
'tablePrefix' => 'fl_',
),
'errorHandler'=>array(
// use 'site/error' action to display errors
'errorAction'=>'site/error',
),
'log'=>array(
'class'=>'CLogRouter',
'routes'=>array(
array(
'class'=>'CFileLogRoute',
'levels'=>'error, warning',
),
// uncomment the following to show log messages on web pages
/*
array(
'class'=>'CWebLogRoute',
),
*/
),
),
),
// application-level parameters that can be accessed
// using Yii::app()->params['paramName']
'params'=>array(
// this is used in contact page
'adminEmail'=>'webmaster#example.com',
'description'=>$sitedes,
),
);
It all seems OK, but it doesn't work. What to do now?
I noticed that permission for user folder is 755 and 700 for rights folder. It was a readonly folder. So I changed the permission to 755 and got another error about cannot find table. The below code was added to authManager section and now everything seems to work just fine.
'connectionID'=>'db',
This answer might help others.
I have a Cakephp application and Yii application running on the same server. And their session config are
Cakephp:
Configure::write('Session', array(
'defaults' => 'php',
'ini' => array(
'session.cookie_path' => '/cakephp_app',
),
'cookie' => 'PHPSESSID'
));
Yii:
'session' => array(
'autoStart' => true,
'timeout' => 5400,
'sessionName' => 'YIIAPP',
)
I supposed their session will be separated, but the result is negative.
Since the cakephp app is already in production, so what can I do to separate the Yii session from the cakephp session?
And can anyone tell me how come my Yii is still using the PHPSESSID session, rather than then 'YIIAPP' session?
I've tested this and adding:
'sessionName' => 'YiiAPP'
worked first time for me.
However, I then added
session_start()
To my index.php file - and this then shows the PHPSESSID. So I suspect somewhere in your code you are using session_start() - which Yii doesn't need. It starts its own session automatically.
Yii::app()->getModule('user') is not returning the right value in view/layouts/main.php
I am using Yii-User YII-User Extension to manage the User related features. When I Yii::app()->getModule('user')->loginUrl,
I get
Trying to get property of non-object
at
array('url'=>Yii::app()->getModule('user')->loginUrl,
'label'=>Yii::app()->getModule('user')->t("Login"),
'visible'=>Yii::app()->user->isGuest),
Pls tell me whats going wrong, is it a known issue or something like that.
Here is the config/main.php
// autoloading model and component classes
'import'=>array(
'application.models.*',
'application.components.*',
'application.modules.user.models.*',
'application.modules.user.components.*',
),
'modules' => array(
'user'=>array(
# enable debuging
'debug' => true,
# encrypting method (php hash function)
'hash' => 'md5',
# send activation email
'sendActivationMail' => true,
# allow access for non-activated users
'loginNotActiv' => false,
# activate user on registration (only sendActivationMail = false)
'activeAfterRegister' => false,
# automatically login from registration
'autoLogin' => true,
# registration path
'registrationUrl' => array('/user/registration'),
# recovery password path
'recoveryUrl' => array('/user/recovery'),
# login form path
'loginUrl' => array('/user/login'),
# page after login
'returnUrl' => array('/user/profile'),
# page after logout
'returnLogoutUrl' => array('/user/login'),
# Adding Table refrences
'tableUsers' => 'tbl_users',
'tableProfiles' => 'tbl_profiles',
'tableProfileFields' => 'tbl_profiles_fields',
),
),