25 August 2010

Drupal staging site security

Suppose you have a Drupal staging site where you are preparing to go live or testing new features. You could install this on a separate domain that you have. Here's how to redirect casual users to your live site, while giving those in the know easy entry.

The crucial trick is to use a Session variable to indicate an authorised user. All Drupal access is via the root index.php file (except use of static files). index.php is amended to redirect users who do not have the session variable set correctly. Another secret file eg password.php, is used to let you get into the site by setting the session variable.

In the following example, www.example.com is your live domain and www.example.info is the staging server. The following code is on the staging server.

In index.php add this code after the line that contains drupal_bootstrap...

if( $_SESSION['password']!='asecret')
{
  header('Location: http://www.example.com/');
  exit;
}


Create a secret file in the root directory eg password.php with content like this:

<?php

require_once './includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);

if( $_SESSION['password']=='asecret')
{
  header('Location: http://www.example.info/');
  die();
}

$pwd = trim($_POST['pwd']);
if( get_magic_quotes_gpc())
{
 $pwd = stripslashes($pwd);
}
if( $pwd=='asecret')
{
  $_SESSION['password'] = $pwd;
  header('Location: http://www.example.info/');
  die();
}
?>

<html>
<body>

<form method="post">

Security:
<input type="text" name="pwd" />
<input type="submit" value="Go" />

</form>

</body>
</html>
By Chris Cant on Wednesday, August 25, 2010 0 comments
Labels:

23 April 2010

Tool to find maps KML Lat/Lng

Use this tool if you want to find a Google Maps KML GLatLng location, eg to use within your own code: http://www.phdcc.com/GoogleLatLng.htm Either drag the initial marker or enter a search term. The latitude and longitude values are listed below, to 6 decimal places of accuracy.

The map is centred on the UK, as this is where I will want to use it most. It uses the Google AJAX Search API to work out UK postcodes well. Look at the source to see how it works.

This is based on the code by cmarshall at http://www.webmasterworld.com/xml/3542700.htm
By Chris Cant on Friday, April 23, 2010 0 comments
Labels: , ,

19 April 2010

DNN5 User soft-delete issues

In DotNetNuke DNN5 when you delete a user that login is no longer removed from the system. Instead they are soft-deleted, ie a new IsDeleted flag column is set in the UserPortals table. (Note that IsDeleted in the Users table is *not* set - is this ever set?)

In DNN5, code that calls DotNetNuke.Entities.Users.UserController.GetUser() etc will return a UserInfo object even if the user is deleted. Therefore you may have to check the UserInfo.IsDeleted property every time you get a user.

I would have not have implemented it this way. I'd keep the DNN4 functionality and have extra API calls to find deleted users. I wonder: does the DNN core code always check IsDeleted now?

Anyway, UserInfo.IsDeleted is not available in DNN4. As I do not want different versions of my code for DNN4 and DNN5, I have written this isUserDeleted() static method that uses reflection to detect if the IsDeleted property is available and if so calls it. It returns true if the UserInfo is null. After that, for DNN4 it always returns false.

public static bool isUserDeleted(UserInfo ui)
{
 if (ui == null) return true;
 try          {
  Type tUserInfo = ui.GetType();

  PropertyInfo piIsDeleted = tUserInfo.GetProperty("IsDeleted");
  if (piIsDeleted != null)
  {
   bool IsDeleted = (bool)piIsDeleted.GetValue(ui, null);
   return IsDeleted;
  }
 }
 catch (Exception) { }
 return false;
}
By Chris Cant on Monday, April 19, 2010 0 comments
Labels: ,
Subscribe to: Posts (Atom)