I do not want the user login block to be displayed for users who are not admin.
I only want it to be displayed for the admin user (sitadmin, uid:1, in my case) and users who are not logged in (uid:0)
In the configure page (/admin/build/block/configure/user/0) for the block, under page specific settings, I have selected "Show if the following PHP code returns TRUE (PHP-mode, experts only)." and given the following code:
<?php
global $user;
if($user->uid===1 or $user->uid===0)
return TRUE;
else
return FALSE;
?>
However, it is still visible even for users with uid 3,4 etc. I have tried clearing cache, with no avail. On the other hand, if I simply put
<?php return FALSE;?>
The user block is not shown for anonymous users.
Note: Role specific visibility settings do not seem to have an effect on this.
it also could be that in the $user array, uid is actually a string. so when you give it the === it tries to compare type as well. you could either do $user->uid==="1" or $user->uid==1
EDIT:
you could also try checking their user roles with
!in_array('authenticated user', array_values($user->roles)).
i think that's the logic you want. I'm not sure you're defining anything other than standard behavior for the login block... it only shows up if someone is NOT logged in? How is that different from normal?
<?php
global $user;
if($user->uid==1 || $user->uid==0)
return TRUE;
else
return FALSE;
?>
would do the trick.
If you're unsure, always do a simple echo and display the block. For example:
<?php
global $user;
if($user->uid==1)
echo "Hello world!";
?>
Related
Exactly as the title says, I am trying to use an #EVAL binding to create a dynamic list of parent resources depending on the current context. According to the docs it should be:
#EVAL return $modx->runSnippet('testSnipett');
But that is not working, for testing purposes all I have in the snippett is:
<?php
$modx->log(modX::LOG_LEVEL_ERROR,'Test snipett running');
echo 201;
return 201;
nothing happens, nothing gets logged either - which I would expect if the script gets executed.
Anyone know how to do this correctly?
I am trying to send a 2nd email to my sites admin when a user registers.
I made a postHook snippet that sends an email but it didnt work - the Registration process worked as expected, but I got no 2nd email from the hook.
In testing I set the hook from postHook to preHook and tried again - this time the form didnt process at all - no new user was created and no activation email was sent. It didnt even redirect to the submittedResourceId.
So, I deleted everything in my preHook Snippet, except the return true; and tried again - still nothing.
It appears Login wont run any Hooks at all. I have no idea why.
Would anyone be able to suggest any fixes?
My register snippet is:
[[!Register?
&submitVar=`registerbtn`
&activationResourceId=`19`
&activationEmailTpl=`lgnActivateEmailTpl`
&activationEmailSubject=`Thanks for Registering!`
&submittedResourceId=`23`
&usergroups=`2`
&validate=`nospam:blank,
username:required:minLength=^6^,
password:required:minLength=^6^,
password_confirm:password_confirm=^password^,
fullname:required,
email:required:email`
&preHooks=`adminEmailHook`
]]
I've done something similar before. There is my code:
[[!Register? &postHooks=`sendMessageToAdmin`
Snippet sendMessageToAdmin:
<?php
$message = 'Auto message:<br><br>A new user signed up: '.$hook->getValue('fullname') . ', using email address '.$hook->getValue('email').'.';
$modx->getService('mail', 'mail.modPHPMailer');
$modx->mail->set(modMail::MAIL_BODY,$message);
$modx->mail->set(modMail::MAIL_FROM,'info#domain.com');
$modx->mail->set(modMail::MAIL_FROM_NAME,'My website');
$modx->mail->set(modMail::MAIL_SENDER,'Auto message from my website');
$modx->mail->set(modMail::MAIL_SUBJECT,'Someone signed up');
$modx->mail->address('to','info#domain.com');
$modx->mail->setHTML(true);
if (!$modx->mail->send()) {
$modx->log(modX::LOG_LEVEL_ERROR,'sendMessageToAdmin: An error occurred while trying to send the email: '.$err);
}
$modx->mail->reset();
/* tell our snippet we're good and can continue */
return true;
I have a problem when I developed my website with Google+ sign-in:
I did step by step that the doc told me but I always failed at step4:
https://developers.google.com/+/web/signin/
the result was always ""immediate_failed" - Could not automatially log in the user", I just don't kown why, can anyone help me, thanks very much! :-(
Note that in the sample code you pointed to, the "immediate_failed" check is commented out. This is intentional, since the first time a user encounters the Sign-in button on the page, it will fail.
The reason it fails is that when the page first loads, before the user even presses the button, a request is sent to Google to determine if the user has already logged in (via Google or another site, for example). If they are - there is no need for them to log in again, so the button never needs to be shown. But if they have not been logged in already, you will get the "immediate_failed" response, and will need to either show (or not clear) the button.
tl;dr - Don't worry aout getting immediate_failed when the page first loads. This is normal.
As a workaround I use gapi.auth.authorize method in the gapi.auth.signIn callback. Here is my code:
gapi.auth.signIn({
'callback': gPlusLoginCallback
});
function gPlusLoginCallback(authResult) {
if (authResult['status']['signed_in']) {
doSmth(authRes['access_token']);
} else if (authResult['error'] == "immediate_failed") {
gapi.auth.authorize({
client_id: gplusClientId,
scope: 'https://www.googleapis.com/auth/plus.login email',
immediate: true
}, function (authRes) {
if (authRes['status']['signed_in']) {
doSmth(authRes['access_token']);
}
});
}
}
function doSmth(accessToken){
//Do smth
}
Change this setting "immediate: true", to be false " immediate: false".
But if you like to make more complex implementation look at the first sample here https://developers.google.com/api-client-library/javascript/start/start-js. You have to calls to Google's "gapi.auth.authorize({...", the first one with "immediate: true", and the second one with "immediate: false".
The question is old but I faced this issue recently.
In my case, it was because I specified the URI parameter prompt to none. I guess Google doesn't like that if the user has never been logged to your platform before.
Whenever I changed that to consent or totally removed it, it worked great.
In my case, the error was because of explicitly specifying the authorization parameter prompt to 'none',similar to a previous answer.
It worked for me by specifying prompt=None or as per the official docs,you may skip this parameter.
In Yii, is there a best way to make sure a user can only see and access their own data in Yii?
I thought an Admin should be able to see anything, but for now, I'll cross that bridge later.
Thanks
Look into scopes. Default scopes will be your friend:
http://www.yiiframework.com/doc/guide/1.1/en/database.ar#named-scopes
Because the defaultScopes array is inside of a function, you can also do conditional default scopes:
public function defaultScope()
{
$t=$this->getTableAlias(false,false);
if(Yii::app()->user->notAdmin()) {
return array(
'condition'=>"$t.<column_name> = :<columnName>",
'params'=>array(':<columnName>'=>Yii::app()->user->notAdmin),
);
}
else return array();
}
Edit: Note that this can get you in trouble down the road if you aren't careful. See this issue on the Yii site for more info.
There is no way Yii will do this for you, you'll do it on your own, but it's fairly straight forward.
You can consider scopes, or look into Relations and base them all on current user. For example, to get all posts by a user, you can do:
$posts = Post::model()->findAll(); //WRONG
$posts = Yii::app()->user->posts(); //RIGHT (Should define the relation in the User model)
Check out a solution which I wrote:
http://www.yiiframework.com/forum/index.php/topic/42735-restrict-users-to-only-editingdeleting-their-own-entries/page_gopid_237608#entry237608
I'm writing this in the forlorn hope that someone has already done something similar. I would have posted on drupal.org - but that site is about as user-friendly as a kick in the tomatoes.
I don't know about you, but when I develop I leave all my Drupal paths with open access, and then think about locking them down with access permissions at the end.
What would be be really useful is a module which parses all the paths available (by basically deconstructing the contents of the menu_router table) and then trying them (curl?) in turn whilst logged-in as a given user with a given set of roles.
The output would be a simple html page saying which paths are accessible and which are not.
I'm almost resigned to doing this myself, but if anyone knows of anything vaguely similar I'd be more than grateful to hear about it.
Cheers
UPDATE
Following a great idea from Yorirou, I knocked together a simple module to provide the output I was looking for.
You can get the code here: http://github.com/hymanroth/Path-Lockdown
My first attempt would be a function like this:
function check_paths($uid) {
global $user;
$origuser = $user;
$user = user_load($uid);
$paths = array();
foreach(array_keys(module_invoke_all('menu')) as $path) {
$result = menu_execute_active_handler($path);
if($result != MENU_ACCESS_DENIED && $result != MENU_NOT_FOUND) {
$paths[$path] = TRUE;
}
else {
$paths[$path] = FALSE;
}
}
$user = $origuser;
return $paths;
}
This is good for a first time, but it can't handle wildcard paths (% in the menu path). Loading all possible values can be an option, but it doesn't work in all cases. For instance, if you have %node for example, then you can use node_load, but if you have just %, then you have no idea what to load. Also, it is a common practice to omit the last argument, which is a variable, in order to correctly handle if no argument is given (eg. display all elements).
Also, it might be a good idea to integrate this solution with the Drupal's testing system.
I did a bit of research and wasn't able to find anything. Though I'm inclined to think there is a way to check path access through Drupal API as opposed to CURL - but please keep me updated on your progress / let me know if you would like help developing. This would a great addition to the Drupal modules.