CodeCharge Studio
search Register Login  

Visual PHP Web Development

Visually Create Internationalized Web Applications, Web Reports, Calendars, and more.
CodeCharge.com

YesSoftware Forums -> CodeCharge Studio -> Tips & Solutions

 Using the new Joomla 1.6 security

Print topic Send  topic

Author Message
tfertil

Posts: 43
Posted: 02/26/2011, 8:51 AM

I developed a CCS application integrated to Joomla 1.5 sites, using the jos_users table to establish CCS security.

Now, Joomla 1.6 has an important change because now a user can be part of more than one group at the time.

So, the old group_id field (GID) is no longer present at the jos_users table, but is in the new table jos_user_usergroup_map, which contains the many-to-many relationship between users and users groups.

So, I created this view in my mySQL database so I can have a table with just one record per user and the higher access level for the user:

  
CREATE VIEW pam_joomlausers AS  
SELECT   
jos_users.id,   
jos_users.name,   
jos_users.username,   
jos_users.email,   
jos_users.password,   
jos_users.usertype,   
jos_users.block,   
jos_users.sendEmail,   
jos_users.registerDate,   
jos_users.lastvisitDate,   
jos_users.activation,   
jos_users.params,  
max(jos_user_usergroup_map.group_id) AS group_id  
FROM jos_users  
INNER JOIN jos_user_usergroup_map ON (jos_users.id = jos_user_usergroup_map.user_id)  
GROUP BY  
jos_users.id,   
jos_users.name,   
jos_users.username,   
jos_users.email,   
jos_users.password,   
jos_users.usertype,   
jos_users.block,   
jos_users.sendEmail,   
jos_users.registerDate,   
jos_users.lastvisitDate,   
jos_users.activation,   
jos_users.params  

Now I can use this view when using the Builder from CSS.

Hope find this useful.
View profile  Send private message
jokecoat

Posts: 43
Posted: 06/04/2011, 9:11 AM

Could you please explain how you did integrate ccs in joomla 1.5 or 1.6?
View profile  Send private message
tfertil

Posts: 43
Posted: 06/14/2011, 10:06 AM

Jokecoat:

Sorry I didn't answer you sooner, was really busy...

My strategy is to include my CCS screens in a wraper inside Joomla, specifically, an iFrame.

I installed a normal joomla site and then create a folder inside it for my CCS application.

Also I create some additional tables and views in the Joomla database to manage security, and obviously, my own system tables.

Note that my applications *normally* doesn't interact with Joomla, nor Joomla with my apps, I'm only using Joomla to embed my app with my clients content.

Detailed steps:

STEP 1
In my CCS application, I don't use joomla user and session tables directly, because there are some differences between version 1.5 and 1.6, and I like this to be "transparent" to my apps.

So I create two views.

JOOMLA 1.5 VERSION OF THE VIEWS
  
CREATE VIEW sec_vw_joomlausers AS  
SELECT   
 jos_users.id  
,jos_users.name  
,jos_users.username  
,jos_users.email  
,jos_users.password  
,jos_users.usertype  
,jos_users.block  
,jos_users.sendEmail  
,jos_users.registerDate  
,jos_users.lastvisitDate  
,jos_users.activation  
,jos_users.params  
,CASE jos_users.gid   
   WHEN 25 THEN 8  
   WHEN 24 THEN 7  
   WHEN 23 THEN 6  
   WHEN 21 THEN 5  
   WHEN 20 THEN 4  
   WHEN 19 THEN 3  
   WHEN 18 THEN 2 END AS group_id   
FROM jos_users;  
  
-- --------------------------------------------------------  
  
CREATE VIEW sec_vw_joomlasession AS  
SELECT  
 jos_session.session_id  
,jos_session.client_id  
,jos_session.guest  
,jos_session.time  
,jos_session.data  
,jos_session.userid  
,jos_session.username  
,jos_session.usertype  
,CASE jos_session.gid  
   WHEN 25 THEN 8  
   WHEN 24 THEN 7  
   WHEN 23 THEN 6  
   WHEN 21 THEN 5  
   WHEN 20 THEN 4  
   WHEN 19 THEN 3  
   WHEN 18 THEN 2 END AS group_id  
FROM jos_session;  

JOOMLA 1.6 VERSION OF THE VIEWS
  
CREATE VIEW sec_vw_joomlausers AS  
SELECT   
 jos_users.id  
,jos_users.name  
,jos_users.username  
,jos_users.email  
,jos_users.password  
,jos_users.usertype  
,jos_users.block  
,jos_users.sendEmail  
,jos_users.registerDate  
,jos_users.lastvisitDate  
,jos_users.activation  
,jos_users.params  
,max(jos_user_usergroup_map.group_id) AS group_id   
FROM jos_users  
INNER JOIN jos_user_usergroup_map ON (jos_users.id = jos_user_usergroup_map.user_id)   
group by   
 jos_users.id  
,jos_users.name  
,jos_users.username  
,jos_users.email  
,jos_users.password  
,jos_users.usertype  
,jos_users.block  
,jos_users.sendEmail  
,jos_users.registerDate  
,jos_users.lastvisitDate  
,jos_users.activation  
,jos_users.params;  
  
-- --------------------------------------------------------  
  
CREATE VIEW sec_vw_joomlasession AS  
SELECT  
 jos_session.session_id  
,jos_session.client_id  
,jos_session.guest  
,jos_session.time  
,jos_session.data  
,jos_session.userid  
,jos_session.username  
,jos_session.usertype  
,sec_vw_joomlausers.group_id  
FROM jos_session   
INNER JOIN sec_vw_joomlausers ON jos_session.userid = sec_vw_joomlausers.id  

STEP 2
Back in CSS, I set the security table to be my user view.

In order to CCS load the values from the database, I added this code at the end of the common.php file:

  
$conn = new myDBConnection();  
$sessioncookie = CCGetFromGet("sessioncookie", ""); // Get sessionvariable of Joomla-Session over the URL which passes the Joomla-Wrapper to the iframe  
$lang = CCGetFromGet("locale","es");  
  
$josUserID = CCDLookUp("userid","sec_vw_joomlasession","session_id='$sessioncookie'", $conn);  
global $josUserLogin;  
$josUserLogin = CCDLookUp("username","sec_vw_joomlasession","session_id='$sessioncookie'", $conn);  
#$josUserType = CCDLookUp("usertype","sec_vw_joomlasession","session_id='$sessioncookie'", $conn);  
$josGroupID = CCDLookUp("group_id","sec_vw_joomlasession","session_id='$sessioncookie'", $conn);  
  
	CCSetSession("josUserID", $josUserID);  
	CCSetSession("josUserLogin", $josUserLogin);  
	CCSetSession("josGroupID", $josGroupID);  
  
$conn->close();  

of course the name of the CCS session vars (josUserID, josUserLogin, josGroupID) must be set at the security properties of your project.

STEP 2
Maybe you noted that I get the joomla session cookie to locate the user's session at the session table. This is passed from joomla to the iFrame where the CSS page is loaded, but I need to make a little adjustement in Joomla.

I add this lines at the beggining of the \components\com_wrapper\views\wrapper\tmpl\default.php file, just AFTER the line defined('JEXEC').
  
#################  
  
$session =& JFactory::getSession();  
$sid = $session->getId();	  
$locale = $_GET[‘locale’];  
  
###################  

and down the code of this file I changed the line:

  
src="<?php echo $this->wrapper->url; ?>"  

to be

Joomla 1.5

  
src="<?php echo $this->wrapper->url."?sessioncookie=$sid&locale=$lang"; ?>"  

Joomla 1.6

  
src="<?php echo $this->escape($this->wrapper->url)."?sessioncookie=$sid&locale=$lang"; ?>"  

STEP 3
Back in Joomla Administrator site, I created a menu and some menu items. Each menu item is a wrapper, the url is simply the right path to my CCS subfolder and file, something like \myCCS\myFile.php

In some cases I use my own tables to manage security and left the pages accesible to every REGISTERED user in Joomla, sometimes I use Joomla groups. I left the specifics to you.

Hope this compact explanation helps you out.
View profile  Send private message
jokecoat

Posts: 43
Posted: 06/14/2011, 1:20 PM

@tfertil: Thanks! This did the trick!
View profile  Send private message
gulam

Posts: 55
Posted: 04/28/2012, 2:35 AM

Hi,

This looks like a very good solution to link CCS with JOOMLA. Will the 1.6 procedure work for j2.5?

Gulam
View profile  Send private message
tfertil

Posts: 43
Posted: 04/28/2012, 9:03 AM

Yes, I'm using it with Joomla 2.5
View profile  Send private message
gulam

Posts: 55
Posted: 04/29/2012, 12:29 AM

Thanks will try this out.

I have several projects running in j1.5 and j2.5.

I have one more question, I have gone through your procedure step by step and everything is clear except the last part "In some cases I use my own tables to manage security and left the pages accesible to every REGISTERED user in Joomla, sometimes I use Joomla groups. I left the specifics to you"

Taking an example of j1.5, do I need to create groups in CCS that match with Joomla groups? how would this be handled in j2.5?

Gulam
View profile  Send private message
gulam

Posts: 55
Posted: 04/29/2012, 5:42 AM

Hi again,

I tried this with j2.5, works quite well except for one issue. In edit mode of any form, the PRESERVE PARAMETER has to be set to GET otherwise you get an access denied message.

This is what is happening - whenever you select to edit an existing record, if the preserve parameter is set to none, then - after any change when you submit it goes to access denied page. This means all the variables including sessions parameters are getting initialized. With preserve parameters set to GET, it works ok but the fields don't get initialized and the current field values remains.

Is there any way out of this? I even tried to initialize all fields in the after update events but this does not work.

Gulam
View profile  Send private message
tfertil

Posts: 43
Posted: 04/29/2012, 8:45 AM

Hi Gulam

You can try this:

At the very end of you form's PHP code, lies the "Go to destination page" section of the code.

Here you will find a line like this:

header("Location: " . $Redirect);

Change it to this:

header("Location: " . $Redirect."&sessioncookie=".$sessioncookie."&lang=".$lang);

This way you don't have to worry about preserving these parameters.
If you don't use or need the lang session variable, you can ommit it.

Drawbacks?
If you create new componentes in the form, CodeCharge does not re-generates these code portion, and the "unset($YourNewComponente) lines that are normally added, are not.
This is the only problem I'd found until now.

Hope this helps...
View profile  Send private message
tfertil

Posts: 43
Posted: 04/29/2012, 8:47 AM

Gulam: sorry, I didn't saw you first question: the answer is Yes, I do create my groups en CCS to match Joomla groups.

So long I used just standard groups, I'd not experimented with user created groups in Joomla 2.5.
View profile  Send private message
gulam

Posts: 55
Posted: 04/29/2012, 10:20 AM

Thanks for your reply, will try that out.

I have another similar problem but with CCS reports. On any CCS generated report that has a search grid and a report grid, the search grid shows up but when I select any criteria and submit - I get an access denied page. Can I try something similar for this?

Gulam
View profile  Send private message
gulam

Posts: 55
Posted: 04/29/2012, 12:14 PM


PROBLEM 1
I tried your suggestion but get a 404 error - page not found when the sessioncookie is added to the URL. To test this, try the below on my test site.

http://173.203.59.177/~innovate/

click on test

username: test
password: 12345

try and edit any existing record and you will see the error.

Please advice if you have a solution for this.


PROBLEM 2
I have also written another post with a similar problem but with report generated with CCS, can I use a similar solution for that as well?

To test this, once logged in as above, click on reports and you will see both the search and report grids are displayed but the moment you enter any search criteria you get the access denied page.

Gulam
View profile  Send private message
tfertil

Posts: 43
Posted: 04/29/2012, 5:18 PM

gulam

Any redirection that takes place must add the parameters. I think your problem is due to the edit record being in the same form (not your fault!)

So... you must check if the $Redirect string already contains a parameter list (identified by a question mark "?" inside the string). If there ara parameteres, then you can add the line I suggest:

header("Location: " . $Redirect."&sessioncookie=".$sessioncookie."&lang=".$lang);

BUT... if there are no parameters in $Redirect, then you must add the question mark:

header("Location: " . $Redirect."?sessioncookie=".$sessioncookie."&lang=".$lang);

So, in short: (this is pseudo code, not validated PHP):

if ($Redirect contains '?') {
header("Location: " . $Redirect."&sessioncookie=".$sessioncookie."&lang=".$lang);
} else {
header("Location: " . $Redirect."?sessioncookie=".$sessioncookie."&lang=".$lang);
}

As I told you before, this must be implemented in any redirection, so it applies too for reports, search forms, grids, etc.

regards,
View profile  Send private message
gulam

Posts: 55
Posted: 04/30/2012, 9:04 AM

Thanks, putting the ? in the redirect seems to do the trick.

Can you tell me what would be the valid PHP code to do that?

Gulam
View profile  Send private message
gulam

Posts: 55
Posted: 07/13/2012, 10:51 AM

Hi tfertil,

I am doing another project based on joomla 1.5.26 and CCS 4.3. I am facing a strange issue and thought maybe you can help.

When I assign more than 1 group (e.g administrators and managers) to be allowed to access a CCS program, then only the administrator is allowed, but the manager group is denied access.

Can you advice what could be wrong?

Thanks in advance

Gulam



View profile  Send private message
gulam

Posts: 55
Posted: 07/14/2012, 11:56 PM

Resending as I got an "email could not be sent" error while submitting the the below post:

Hi tfertil,

I am doing another project based on joomla 1.5.26 and CCS 4.3. I am facing a strange issue and thought maybe you can help.

When I assign more than 1 group (e.g administrators and managers) to be allowed to access a CCS program, then only the administrator is allowed, but the manager group is denied access.

Can you advice what could be wrong?

Thanks in advance

Gulam
View profile  Send private message
gulam

Posts: 55
Posted: 07/27/2012, 12:12 PM

Resending as I got an "email could not be sent" error while submitting the the below post:

Hi tfertil,

I am doing another project based on joomla 1.5.26 and CCS 4.3. I am facing a strange issue and thought maybe you can help.

When I assign more than 1 group (e.g administrators and managers) to be allowed to access a CCS program, then only the administrator is allowed, but the manager group is denied access.

Can you advice what could be wrong?

Thanks in advance

Gulam
View profile  Send private message

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

PHP Reports

Visually create Web Reports in PHP, ASP, .NET, Java, Perl and ColdFusion.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.