I am working on dictionary-like web page and I want to implement adding/changing phrases only by few people (my client - which is some small organisation wants to be able to do this by himself). The page does not have any login/registration mechanism etc. (for regular users at least) so I do not want It to have any login button. I wondered if making admin model ( few admins made in seeds for example) and adding login button that is invisible - I thought of using CSS opacity for this one. Is this a good solution ? Is there any other good practice in these sitations? Please dont be afraid to post suggestions. Additionally this is a serious page (my first job as freelancer), so I wonder if my solution is... acceptable? Thanks in advance for any answers!
This quite a standard thing in the web. Most of the websites consists of two parts, customer facing part (sometimes called frontend) and admin panel (called backend). In your case you don't need any login to access frontend part, but you need one for backend part.
Creating hidden button is not needed at all. There simply should be no button at all. If you want to log in as an admin, you simply navigate to http://my-website-url.com/admin.
I wouldn't bother with roles et unless your client specified clearly that he needs them.
Even though this is simple I would still suggest adding a role to a user model. After all he may want to have some user functionality later on. The simplest way to do this would be to use devise and add a role enum column.
Check out the article below and look under the "Enum" section.
http://railsapps.github.io/rails-authorization.html
Related
I'm trying to understand how URL Mapping works. I've gone through numerous pages, but I can't seem to wrap my head around what I'm trying to do.
Its really simple, I use DataObjects as pages approach and I have a member extension written to the member class. And I have the typical actions, show, edit, add.
So if I go to www.mywebsite.com/members/show/1 I can see the first user. If I change show to edit, I can edit the first user. Now if I go to www.mywebsite.com/members/add I can create a new user. This is working all as expected due to the functionality I created in the add method.
My problem is in the fact that when you go any website, you don't register to the website by going to members/add, you register by going to website.com/Register or something similar. From code management perspective, it is a lot easier for me to leave the code the way it is now. I don't want to have to create a Register page and move the code there, instead I am trying to figure out if it is possible to go to www.mywebsite.com/Register and have it load www.mywebsite.com/members/add. I am not talking about a redirect link that would update the url, I want users to still see Register in the url and not see /members/add.
Vice versa, if users were to go to www.mywebsite.com/members/add I want the link to update to Register or say page not found.
Is this possible with Silverstripe Framework?
I am not 100% sure, but I believe this is called URL Masking.
This is very possible, firstly I'd advise that you look over...
silverstripe-memberprofiles
...because even if you dont' want to use an existing module I'm sure there would be useful information. There is a great example of "pure" routing (i.e. silverstripe no cms) that leads on to "nested" routes - which is what I think you are asking for, so I highly recommend reading the slides below and then the created todo app
silverstripe-framework-building-without-the-cms
todo app source
This is my first time building a site with Drupal (7). I have plenty experience with LAMP, HTML/CSS and javascript, but I want to make sure I am doing things the 'Drupal way' before I start hacking together a custom solution unnecessarily. I've searched forums and modules, but have come up empty.
The site I am building will have different tiers of users: students, teachers, and parents. The difference between these users is:
The information collected during registration, and
The pages the user's have access to.
I think at least part of the solution lies with creating roles for each type of user, but it seems Drupal only has one registration page for all users. How would I create a different registration form for each type of user? What is the 'usual' way of assigning roles to users automatically?
I know this is late the game here but I thought I might refer people to the "Rules" module... Instead of thinking about this from the "user-specific" registration form perspective, think of it instead from the perspective that you still have only 1 form but with additional / optional inputs, whereby subsequent actions (rules) are then enacted upon depending on the values of said additional / optional fields.
You might also check this out, too:
how do i make diffrent registration form in drupal?
I'm just updating my answer as I see it didn't apply for D7.
I've just begun developing a D7 site with a similar request.
There seems to be a module which should fit perfectly, although I still have to try it:
http://drupal.org/project/profile2
Good luck with it.
I have a Plone Site where anonymous users create a "Subscription" object for a conference.
Fact is: a malicious user can call this screen a lot of times and crash my site. I can use a captcha to avoid it, but I would like to use it only after "x" attempts of the same user, something like the SO approach when a user tries to post a lot. Is there a module that does this for me? Show a recaptcha after a user tries the same url too many times?
For a start content in not the solution to everything. In your case having a custom content type for handling subscriptions seems like an overkill. Always ask yourself if what you are doing is really content-ish. Does it need to be contained, navigable, searchable whatever else content can be? For a conference subscription definitely not.
In brief you could:
Create a form and save its data in lighter objects than full content or use sql.
Use Products.PloneFormGen, which also has captcha support.
Concerning the captcha if you go the manual way and create everything yourself, you could use cookies to "remember" visits. See How do you get and set cookies in Zope and Plone?
It's obvious that your system is subject for manipulations in form of mass-registrations in every way without further measures like a captcha or additional email validation after submission of the registration form. But this is independent of flow control, DDOS etc.
Stackoverflow members,
How do you currently find the balance between javascript and code behind. I have recently come across some extremely bad (in my eyes) legacy code that lends itself to chaos (someHugeJavafile.js) which contains a lot of the logic used in many of the pages.
Let's say for example that you have a Form that you need to complete.
1. Personal Details
2. Address Information
3. Little bit more about yourself
You don't want to overload the person with all the fields at once, so you decide to split it up into steps.
Do you create separate pages for Personal Details, Address Information and a Little bit more about yourself.
Do you create controls for each and hide and show them on a postback or using some update panel?
Do you use jQuery and do some checking to ensure that the person has completed the required fields for the step and show the new "section" by using .show()?
How do you usually find the balance?
First of all, let's step back on this for a moment:
Is there a CMS behind the site that should be considered when creating this form? Many sites will use some system for managing content and this shouldn't be forgotten or ignored at first glance to my mind.
Is there a reason for having 3 separate parts to the form? I may set up a Wizard control to go through each step but this is presuming that the same outline would work and that the trade-offs in using this are OK. If not, controls would be the next logical size as I don't think a complete page is worth adopting here.
While Javscript validation is a good idea, there may be some browsers with JavaScript disabled that should be considered here. Should this be supported? Warned about the form needing Javascript to be supported?
Balance is in the eye of the beholder, and every project is different.
Consider outlining general themes for your project. For example: "We're going to do all form validation client-side." or "We're going to have a 0 refresh policy, meaning all forms will submit via AJAX." etc.
Having themes helps answers questions like the one you posted and keeps future developers looking in the right places for the right code.
When in doubt, try to see your code through the eyes of someone who has never seen it before (or as is often the case, yourself 2 to 3 years down the road), and ask yourself: "Based on the rest of the code, where would i look for this function?"
Personally, I like option number 3, but that's just because it fits best with the project I'm currently working on and I have no need to postback or create additional pages.
Has anyone ever tried to integrate AspDotNetStorefront and Sitecore? I've been trying for the past couple of days to come up with a way to get the two systems to play nicely together, but it doesn't seem feasible from what I can tell. A couple issues I've run across so far:
Authentication between the two (AspDotNetStorefront has its own implementation, Sitecore just uses/extends .NET Membership)
The main DLL for AspDotNetStorefront is what pops up in the stack trace when I get yellow-screened, but that DLL is obfuscated so I can't figure out what the problem is.
The biggest issue is that we need to keep our existing AspDotNetStorefront application as an e-commerce backend and use Sitecore to do everything else. AspDotNetStorefront has a CMS as part of it, but it's really not an acceptable solution for anything but really basic content pages.
Any thoughts on how I might go about this?
EDIT:
I've decided to break this whole thing down into the different problems that I am facing at the moment and solve each one as efficiently as I know how. I'll detail the ones I have here and then update when I run into new ones.
Problem 1: Authentication between the two systems.
This one isn't too bad actually if you're knowledgeable about forms authentication tickets, which I wasn't at the time but am learning quickly enough. As long as the two systems share the same encryption info, it's easy enough to pass information back and forth between them using cookies as stated below in the accepted answer. The other kicker is that I needed to set the CustomerGUID in the AspDotNetStorefront Customer table to be the user ID from the Sitecore user tables (standard ASP.NET membership). So far this approach seems to work pretty well (I'm still in the proof of concept stage at the moment.
Another thing to keep in mind if you ever need to attempt this is that AspDotNetStorefront comes with a web service that you can use to basically do anything you need. Since they use the same encryption keys, I am able to log in on the storefront side using this service more securely than just passing over clear text passwords (I had to write the method myself, I don't believe it comes standard, if I am mistaken please let me know). Although I doubt it's a huge deal since it all happens server side anyways.
Problem 2: Getting at the product data
This one was a little more troublesome. The aforementioned web service has a few issues I've had difficulty working around. However, since the databases are going to be on the same server, I simply decided that since all I really need is the price and ID I would go ahead and set the ProductGUID column of each product in the Storefront database to match the Sitecore item ID of the corresponding item in the Sitecore database. This way I just need a quick query to grab the ProductID and price information which is only used in a few places. Everything else is going to be housed in Sitecore.
If anyone has anything to add feel free, as far as I can tell from Google, no one has actually done this before, so I'm having a lot of trouble finding resources on this particular topic.
UPDATE:
The integration is in fact possible and our site has been up for a week and a half now with very few integration related problems. This isn't something I recommend doing really on a personal level, but it is in fact possible to pull off.
I know ASPDotNetStorefront and other CMS systems (but not Sitecore). If I was approaching this, I would probably start simple and create a custom URL structure for sitecore 'content' pages that ASPDNSF would direct to Sitecore to handle. [possibly replacing the existing topics system in ASPDNSF]. So, for example: a URL such as www.domain.com/p-1234-aproductpage.aspx would be handled by ASPDNSF whereas www.domain.com/content/123/a-content-page would get sent to Sitecore to render. This is a straightforward web.config edit.
Security sharing across the systems should be possible across the same domain as the cookie information will be available (you should be able to create some code in Sitecore using the ASPDNSFCommon.dll and a cast of HttpContext.Current.User into a AspDotNetStorefrontPrincipal class to detect if a customer is logged in)
Another way to approach the problem would be to write a function that retrieved Sitecore content from the database based on a URL id and then write an ASPDNSF XML template to use the function to retrieve this content based on the URL. For example, you could create a custom URL structure in ASPDNSF such as www.domain.com/sc-1234-sitecore-content-item.aspx which is sent to your custom code; 1234 is used as the sitecore content id and the XML template retrieves the content and renders it on screen.
This second approach has the advantage of using Sitecore for all non-product content management while keeping the live application in ASPDNSF. Also one set of design templates and all your security issues go.