I have a basic question about salesforce session, i want to logout my users automatically when they close the browser window.
Thanks for your help.
This is an old thread but I thought I would go ahead and share my work around...
Add a controller to your site home page, and in the init action, redirect to secure page, if it is not already a secure page.
public PageReference init() {
String currentURL = Site.getCurrentSiteUrl();
if (!startsWith(currentUrl, 'https://')) {
return redirect(currentURL.replace('http://', 'https://'));
}
return null;
}
Related
I want to use onsen ui and angularjs to develop a hybird application, but now I meet a problem, this application cannot store user's login information, so user must login everytime after they close the application.
I use $cookies, service, and $rootScope to store user's login information, but all of them can not work at android platform.
Anyone can help me to solve this problem?
On HTML5 mobile framework like Onsenui, I suggest to use localStorage.
You can take a look at these two AngularJs modules:
angular-local-storage
ngStorage
They have very well written instructions and demo codes as references.
use this plugin https://github.com/litehelpers/Cordova-sqlite-storage or something similar to create a sqlite database. Create a table with the information you want to keep (username and password). You can create a hash of the password and store it for better security (md5 or sha1).
You can also keep the timestamp of the login and keep the user logged in for a specific interval of time, so when he opens the app, check if you are inside this interval (e.g. day, week, etc.) from the last login and if yes, log him in automatically else show the login screen again.
if (window.localStorage.getItem("rememberMe") == "true") {
$scope.userEmail = window.localStorage.getItem("userName");
$scope.userPassword = window.localStorage.getItem("password");
document.getElementById("rememberMe").checked = true;
}
else {
document.getElementById("rememberMe").checked = false;
}
if (document.getElementById("rememberMe").checked == true) {
window.localStorage.setItem("rememberMe", "true");
window.localStorage.setItem("userName", $scope.userEmail);
window.localStorage.setItem("password", $scope.userPassword);
}
else if (document.getElementById("rememberMe").checked == false) {
window.localStorage.setItem("rememberMe", "false");
window.localStorage.setItem("userName", "");
window.localStorage.setItem("password", "");
}
Hi! have a look at the above code. It stores in local storage
Please answer my question. I do not get satisfactory answer.
Question is : "How to Prevent to access visited page after logout in cakephp?"
Thanks in Advance
In the AppController beforeFilter:
// Check if the user is logged in
if (isset($this->Auth->user())) {
// Save the visited page in session
$this->Session->write('VisitedPages.', $this->here());
// If the user is not logged in
} else {
// If the user has logged out and visited the page before
if (isset($this->Session->read('VisitedPages.'.$this->here()))) {
$this->redirect('/errorPage');
}
}
I am using the following code in page.tpl.php to redirect logged-in users to the first page:
if($is_front){if($user->uid != 0){header('Location:merchant-mobile');}
else{include("page-front.tpl.php"); return;}}
But this function conflicts with the logout function, since the logout function redirects the user to the front page, and does a logout. How can this be prevented?
You could use Rules for that or a simpler code with drupal_goto function:
global $user;
if($is_front){
if($user->uid != 0){
header('Location:merchant-mobile');
} else {
drupal_goto('<front>');
}
}
But why redirect a user to the frontpage if he is in the frontpage? if($is_front) means that the current page is frontpage. Did you mean to write if(!$is_front)?
I have setup a CRUD area on my frontendAPI.php file (testing my models)... and I even managed to secure it. I would like to do this the proper way... I would like to establish a separate directory/ Page for the Admins. Please advise on this.
Still new at this but I'm trying to do the same for a news page, think i've got the login part working but having problems with the CRUD (will post a question on it shortly) - i have a table to populate with data from an rss feed (but will be manually populated with a CRUD to start with) and then have a page on the front end to pull out the details using views to format each news story.
Create a new directory called /page/Admin
Create a new file here based on the function e.g. news.php containing
class page_admin_news extends Page {
function init(){
parent::init();
$p=$this;
$crud=$p->add('CRUD');
$g=$crud->setModel('News');
if($crud->grid)
$crud->grid->addPaginator(30);
}
}
In Frontend.php, you need to enable the login - for an admin only access, the BasicAuth may be sufficient but there are also classes to use a database to obtain username and password infromation e.g. for a membership site - heres the basic one.
// If you wish to restrict access to your pages, use BasicAuth class
$auth=$this->add('BasicAuth')
->allow('demo','demo')
;
You need to modify Frontend.php to enable pages that can be viewed
without being logged in
$auth->allowPage('index');
$auth->allowPage('news');
$auth->allowPage('links');
$auth->allowPage('About');
if (!$auth->isPageAllowed($this->api->page))
{
$auth->check();
}
And also in Frontend.php, you need to create a different menu if logged in. Note the login and logout pages dont actually exist.
if ($auth->isLoggedIn())
{
$this->add('Menu',null,'Menu')
->addMenuitem('News','admin_news')
->addMenuitem('logout')
;
} else {
$this->add('Menu',null,'Menu')
->addMenuitem('News','news')
->addMenuitem('Links','links')
->addMenuItem('About')
->addMenuItem('Login')
;
}
When you login, it goes to page/index.php by default so if you want it to redirect to a particular page when you log in so you can add this to page/index.php
class page_index extends Page {
function init(){
parent::init();
$p=$this;
if($this->api->auth->isLoggedIn())
$this->api->redirect('admin_news');
Hope that helps.
Trev
I have an application added to several fan pages.
Ideally, the application should work custom depending on the referring page.
How can I detect which page referred to the app.
Developing a Facebook Iframe app, Using PHP.
(Question posted on Facebook's dev forum as well:
http://forum.developers.facebook.net/viewtopic.php?id=108409)
Thx,
Oren.
As explained in the Page Tab Tutorial
When a user selects your Page Tab, you will received the signed_request parameter with one additional parameter, page. This parameter contains a JSON object with an id (the page id of the current page), admin (if the user is a admin of the page), and liked (if the user has liked the page). As with a Canvas Page, you will not receive all the user information accessible to your app in the signed_request until the user authorizes your app.
With the http referer, you will have the the Facebook proxy url.
In your case, I think you have to use the id of the page (passed in the signed request).
The following PHP snippet will output the signed_request received on the page tab. You will find the page ID needed in your case.
<?php
$appsecret = 'Your App Secret';
$signed_request = $_REQUEST['signed_request'];
$request = $_REQUEST;
$signed_request = parse_signed_request($signed_request, $appsecret);
print_r($signed_request);
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
?>
Using the new php-sdk, there is a quicker way to find out the referring page. $facebook->getSignedRequest() will return an array with the signed request, authorization token, page and user basic info.