AppGini Community Forums

A place where AppGini users can exchange ideas and help each other.
https://forums.appgini.com:443/phpbb/

Custom Page problem

https://forums.appgini.com:443/phpbb/viewtopic.php?f=4&t=3795

Page 1 of 1

Custom Page problem

Posted: 2020-07-27 23:41
by baudwalker
Hi All,

I made a custom page for my project. as there were a few pages that made the section i put them into a folder and added that folder into the hooks folder.

when the user signs in they are presented with all the tables including the custom page. when the page is accessed it gives an "Access denied" error. but after signing in the second time it works fine.

is anyone able to assist?

As all signed in users should have access I added the following code...

<?php
define('PREPEND_PATH', '../../'); /* the extra "../" is because I have this in a folder within the hooks folder */
$hooks_dir = dirname(__FILE__);
include("$hooks_dir/../../defaultLang.php");
include("$hooks_dir/../../language.php");
include("$hooks_dir/../../lib.php");

include_once("$hooks_dir/../../header.php");

/* grant access to all logged users */
$mi = getMemberInfo();
if(!$mi['username'] || $mi['username'] == 'guest'){
echo "<h3>Access denied Please Sign In</h3>";
exit;
}


Barry


include_once("$hooks_dir/../../footer.php");
?>

Re: Custom Page problem

Posted: 2020-08-06 15:16
by onoehring
Hi,

interesting ...
Did you try to change

Code: Select all

if(!$mi['username'] || $mi['username'] == 'guest'){
for testing? Maybe accept only a specific usergroup to access that page?

Did you try to place the page directly into your hooks folder?

Maybe this helps:
What I did to secure a custom page:
I created a table in AG with my CUSTOMNAME. This results in a file in your AG root directory with that name.
I edited that file to look like this:

Code: Select all

<?php	
	$currDir = dirname(__FILE__);
	include("$currDir/defaultLang.php");
	include("$currDir/language.php");
	include("$currDir/lib.php");

	//custom language
	include("hooks/language.php");

	include_once("$currDir/header.php");

	/* grant access to all users who have access to the orders table */
	$user_can_access = get_sql_from('CUSTOMNAME');
	if(!$user_can_access) exit(error_message('Access denied!', false));
	
include("hooks/SOMEOTHERNAME.php");

		if(!$footerCode){
		include_once("$currDir/footer.php"); 
	}else{
		ob_start(); include_once("$currDir/footer.php"); $dFooter=ob_get_contents(); ob_end_clean();
		echo str_replace('<%%FOOTER%%>', $dFooter, $footerCode);
	}
	?>
The file /hooks/SOMEOTHERNAME.PHP actually holds my custom code.
Attention: CUSTOMNAME.php will be replaced, when you regenerate your application in AG. For this reason I have a special folder with files that I always copy back, overwriting some AG files - in this case CUSTOMNAME.php as well (you can search this forum for special_from_root which should be contained in my posting about this.

Olaf

Re: Custom Page problem

Posted: 2020-08-09 23:55
by baudwalker
Thank you Olaf, I'll give it a go...
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/