When a user logs in to a website what method is the best to authenticate the session? For example does setting a variable in $_SESSION that is checked and if is set the user logged in, work? I was reading this tutorial and they have if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username'])) and if this returns true the user is shown the contents of the page. Is this how it's done?
Yup, that's the general idea.
After setting $_SESSION['LoggedIn'] to TRUE elsewhere (on the login page) you'll check the $_SESSION['LoggedIn'] to see if it's TRUE if so, display the content
I agree with #relentless. However I prefer if you store the information inside the database.
Assuming that you have a table called user with a tinyint column logged_in. Whenever the user has successfully login update the column value to 1. Upon logging out change it to 0.
Yes and I would recommend you looking a little into PHP and some of the predefined variables like $_POST and $_SESSION here http://php.net/manual/en/reserved.variables.php . And functions like isset() and empty() and maybe some html forms.
Related
I want to have a subpage on my website that is password protected. There should be a list of 6-digit passwords that allow access to the site. However, I don't want the user to type in a username. He should only type in one of the 6-digit passwords.
Any ideas, how I can accomplish this?
The default login for TYPO3 uses username and password. If you only needed 1 password you could create 1 user and use a custom template with the username in a hidden field. However, since you want multiple passwords, there is no default way to do it without creating your own authentication service.
It's a bit much to explain how to create an authentication service here, but you can read the documentation here https://docs.typo3.org/m/typo3/reference-coreapi/9.5/en-us/ApiOverview/Authentication/Index.html.
You can also look at an example like https://github.com/tschikarski/shibboleth, which is a but complicated, but you'll mainly need to look at \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addService in ext_localconf.php and the getUser and authUser functions in Classes/ShibbolethAuthentificationService.php.
With Typo3 mechanism, a password is always associated with a user name, I think you should do it by yourself :
if the content is from one of your extension, you can easily do it
if it's not the case, I think you could use a hook before page is displayed and manage password access in that hook
or you can make a specific template with which you can conditionally manage rendering
Why don't reverse the usage?
Create FE-users with the selected passwords as username, then assign all users the same password.
For the login you change the login form:
The password field gets a default value (the password you had set to
all accounts) and is hidden
The input field for the username is changed into a browser passowrdfield so the input is hidden by asteriks.
Then you might change the errormessages as they would confuse the user about his username so he only enters a "password".
There now exists an extension for that, too:
https://extensions.typo3.org/extension/sessionpassword
With that, you just have to create a specific usergroup for your purpose,
set a password an d include the plugin on the desired page.
Works for me in that case.
I'm working on an old database which I can not modify.
What I'm trying to do is a Login for users for that database, the username and password fields are with another name so I had to change some variables in Laravel and it is working, it redirects me to /home if the authentication is valid.
The problem is that when the redirection is done, the session files are created but the session is NULL so the user is redirected to login page again.
I have seen a lot of threads with this similar issue, but no answer has worked for me.
model http://pastebin.com/TZviQwDA
controller http://pastebin.com/nQ5KSGmU
Don't bother messing up with Variables and so on!
Assuming knowing the user's id (no need to know neither username nor password), you can emulate programmatically a login using the following snippet where id=1 or pick up another valid one:
$user = User::find(1);
Auth::login($user);
or even better:
Auth::loginUsingId(1);
I "fixed" my problem by downgrading Laravel to 4.0, I suppose I will wait until a new version to see if it works.
Thanks.
I would like to know if there is a way to find out in APEX when an particular user is logged in directly or via the "Login As" feature from the organization's user list.
The UserInfo class doesn't seem to provide any methods for this purpose and i need to know this in my apex code.
thanks in advance
Something is tracking that your session previously belonged to another user so that the "Logged in as XYZ (foo#bar.com)" message can be displayed in the Salesforce UI.
I suspect this would be cookie based. If this is the case, you could try and isolate it by tracking the cookie changes when you login as another user. If you can find it then you can check for the presence of this cookie in Apex using
Cookie counter = ApexPages.currentPage().getCookies().get('loginAsCookieHere');
As far as I know this isn't possible with salesforce.
I am developing a Ruby on Rails application. In my app I have a setting on the welcome page where user can select the language (by default is English). Where should I declare this variable and where should I change it from default once the user changes it?
I tried declaring a config variable in development.rb, but since it is global for the applicaition, if user A changes the language, user B will also see the changes done by user A.
I need a setting which is user specific. In other words: one session specific. When I open the website it should initialize to the default and when I change it, the application should not apply those changes to others.
If you "need a setting which is user specific" you could define a session variable:
session[:language]
In my Java web application,when a user gets logged in,i store the user name and other details in session as follows,
session.setAttribute("userName",username);
I am using ExtJs4 for UI.How to get the session variables in extJs?
Thanks
I can second #Geronimo approach. You need to get user Id and/or permissions when you authenticate the user. However...
You can't rely just on the username/permissions that you store somewhere in your JS code because it can't be easily spoofed. If you present user with some information that can be different for different levels of access you still need to do server side validation of the user identity.
You can't get session variables off the server web container using javascript only.
I do the same thing (storing userId as a session variable in java). I use Ext.Request to perform an Ajax request to a java servlet to get it (along with other data about the user like permission settings for the webapp to enable or disable features they wouldn't be able to use).
EDIT:
I second sha's answer also, the only reason I pass the authentication information back to the client is for cosmetic reasons - so that user doesn't think he can use a feature in javascript that would be denied by my server side authentication. If he were to spoof the userId or permissions and try to use the feature, the real authentication on the server side would stop him.
I understand that the question has been asked for a long time ago, but despite the large number of views and the absence of an plain answer, I decided to offer this answer:
Assume that the session variable is registered like /index.php?PHPSESSID=9ebca8bd62c830d3e79272b4f585ff8f
In this case, you can get the variable PHPSESSID through JS object "location" and transform it through Ext.Object.fromQueryString()
So:
console.log( Ext.Object.fromQueryString( location.search ) );
will prepare PHPSESSID variable for your needs.