• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Eventually CRACKED IT - Menu driven multiple CodeIgniter applications

#11
[eluser]John_Betong_002[/eluser]
 
Have you set session_start(); in your ROOT index.php file?
 
 
 

#12
[eluser]jstine[/eluser]
No, I don't think so. Here is the contents of my root index.php

Code:
<?php
/*
|---------------------------------------------------------------
| PHP ERROR REPORTING LEVEL
|---------------------------------------------------------------
|
| By default CI runs with error reporting set to ALL.  For security
| reasons you are encouraged to change this when your site goes live.
| For more info visit:  http://www.php.net/error_reporting
|
*/
    error_reporting(E_ALL);

/*
|---------------------------------------------------------------
| SYSTEM FOLDER NAME
|---------------------------------------------------------------
|
| This variable must contain the name of your "system" folder.
| Include the path if the folder is not in the same  directory
| as this file.
|
| NO TRAILING SLASH!
|
*/
    $system_folder = "system";

/*
|---------------------------------------------------------------
| APPLICATION FOLDER NAME
|---------------------------------------------------------------
|
| If you want this front controller to use a different "application"
| folder then the default one you can set its name here. The folder
| can also be renamed or relocated anywhere on your server.
| For more info please see the user guide:
| http://ellislab.com/codeigniter/user-guide/general/managing_apps.html
|
|
| NO TRAILING SLASH!
|
*/

$application_folder = isset($_SESSION['_MENU_']) ? $_SESSION['_MENU_'] : "ci_application";

if(0) // toggle to 0 to ignore
  {
    echo '<br />$application_folder: ', $application_folder;
    echo '<pre>';
      print_r($_SESSION);
    echo '</pre>';
    die;
  }


/*
|===============================================================
| END OF USER CONFIGURABLE SETTINGS
|===============================================================
*/


/*
|---------------------------------------------------------------
| SET THE SERVER PATH
|---------------------------------------------------------------
|
| Let's attempt to determine the full-server path to the "system"
| folder in order to reduce the possibility of path problems.
| Note: We only attempt this if the user hasn't specified a
| full server path.
|
*/
if (strpos($system_folder, '/') === FALSE)
{
    if (function_exists('realpath') AND @realpath(dirname(__FILE__)) !== FALSE)
    {
        $system_folder = realpath(dirname(__FILE__)).'/'.$system_folder;
    }
}
else
{
    // Swap directory separators to Unix style for consistency
    $system_folder = str_replace("\\", "/", $system_folder);
}

/*
|---------------------------------------------------------------
| DEFINE APPLICATION CONSTANTS
|---------------------------------------------------------------
|
| EXT        - The file extension.  Typically ".php"
| SELF        - The name of THIS file (typically "index.php")
| FCPATH    - The full server path to THIS file
| BASEPATH    - The full server path to the "system" folder
| APPPATH    - The full server path to the "application" folder
|
*/
define('EXT', '.php');
define('SELF', pathinfo(__FILE__, PATHINFO_BASENAME));
define('FCPATH', str_replace(SELF, '', __FILE__));
define('BASEPATH', $system_folder.'/');

if (is_dir($application_folder))
{
    define('APPPATH', $application_folder.'/');
}
else
{
    if ($application_folder == '')
    {
        $application_folder = 'application';
    }

    define('APPPATH', BASEPATH.$application_folder.'/');
}

/*
|---------------------------------------------------------------
| LOAD THE FRONT CONTROLLER
|---------------------------------------------------------------
|
| And away we go...
|
*/
require_once BASEPATH.'codeigniter/CodeIgniter'.EXT;

/* End of file index.php */
/* Location: ./index.php */

#13
[eluser]John_Betong_002[/eluser]
>>> Unfortunately it’s still not working.
>>> It’s very strange, if I uncomment the code in your new index.php

&nbsp;
I have modified the online instruction to set session_start();

Code:
Instructions for usage:

1. copy highlighted source code from below.
2. paste code into a new index.php file
3. save index.php into any new sub-directory.
4. edit your ROOT index.php file:
   session_start();
   // $application_folder = 'application';
   $application_folder = isset($_SESSION['_MENU_']) ? $_SESSION['_MENU_'] : "application";

5. Test and report any errors or undocumented features
&nbsp;
&nbsp;
&nbsp;

#14
[eluser]jstine[/eluser]
It Works! I can't thank you enough for your help with this - having this in place is going to save me a ton of time! Awesome.

#15
[eluser]John_Betong_002[/eluser]
&nbsp;
I am pleased that you managed to get it to work, I agree that it is well worth the effort and does save time.

I forgot to mention that it is possible to bypass the menu system and hard-code a specific site:
&nbsp;
http://johns-jokes.com/downloads/codeign...th=ci_test

Maybe handy to send the link to a third-party?
&nbsp;
&nbsp;
&nbsp;

#16
[eluser]jstine[/eluser]
That is handy. Very cool. One thing I might add is that I find it's easy to secure forms like the selector or even the hard coded link above using a random querystring variable.

For example:
http://www.domain.com/ci_menu/index.php?...xyTr45763z

I randomly choose the key value and then only display the html page if the key value matches. This allows for protected access and in the case of sending the link to a third party would allow me to remove access if needed.

#17
[eluser]John_Betong_002[/eluser]
&nbsp;
http://johns-jokes.com/downloads/codeign...336asf1462

I like the securing or restricting access. The additional parameter appears to be successfully ignored with the existing script.

Maybe if you have time you could post some securing and/or restriction examples. I will test the code and add them to the script.

&nbsp;
&nbsp;
&nbsp;

#18
[eluser]jstine[/eluser]
Ok, so to implement with your last script try the following:

1. change the top of your menu index.php to this:

Code:
&lt;?php
if($_GET['key'] == "0336asf1462")
{
  error_reporting(-1);//E_ALL | E_STRICT);

2. above the submit button add a hidden input named key with your key value like so

Code:
&lt;input type="hidden" name="key" value="0336asf1462" /&gt;
&lt;input type="submit" value="  Start MeCritic Application  " id='button'/&gt;

3. at the bottom of the file I have appended the following to the final php. Basically I close the if statement at the top and set an error message if the key value is incorrect.

Code:
&lt;?php /* container */ } else { echo "You don't have permission to access this file. Please send an email to x@x.com if you feel this is
incorrect.";?&gt;

You now need to use your key to open your protected menu:
http://johns-jokes.com/downloads/codeign...336asf1462

And you can send a protected link to 3rd parties like
http://johns-jokes.com/downloads/codeign...336asf1462

The great thing is you can change the key at anytime to restrict access. Additionally it's easy to add a key value using an || (or) statement. This would allow you to create a separate key for the third party that could easily be removed at anytime while others (a development team) could continue to use the main key uninterrupted.

Hopefully that all makes sense, let me know if it works!

#19
[eluser]jstine[/eluser]
sorry, under item 3 I forgot to close the if statement, it should be as follows:

Code:
&lt;?php /* container */ } else { echo "You don't have permission to access this file. Please send an email to x@x.com if you feel this is
incorrect.";}?&gt;

#20
[eluser]John_Betong_002[/eluser]
[quote author="jstine" date="1300305687"]sorry, under item 3 I forgot to close the if statement, it should be as follows:

Code:
&lt;?php /* container */ } else { echo "You don't have permission to access this file. Please send an email to x@x.com if you feel this is
incorrect.";}?&gt;
[/quote]

&nbsp;
Many thanks for the script and the update.
&nbsp;
I included your source and experienced a problem because all previous links only give an error message Sad
&nbsp;
I updated your script so that if an invalid KEY parameter is passed, an error message appears along with a link to the correct URL with a valid KEY.
&nbsp;
&nbsp;
CI Applications Path Changer - Now with Security Key:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
http://johns-jokes.com/downloads/codeign...y=TEST_KEY

&nbsp;
&nbsp;
&nbsp;


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.