Wikidot Rulez

21 Jul 2008 11:55

Hi there,

Did you know that…


Comments: 0

New Way Of Dealing With Uploaded Files

06 Jul 2008 09:41

Unfortunately, it seems that our last approach (described here) to finally get the uploaded files right was not exactly possible. As authorization in Wikidot is based on cookies and sessions, they will not pass through cross-domain solution.

Allowing to read session_id from cookie in user uploaded HTMLs in not a good idea because of possible session spoofing.

So we designed an authorization mechanism that allows owner of a particular session browsing files from a certain wiki.

When a request to restricted user uploaded file (on the * domain) is performed, we will check if the cookie is set, then if it points to a valid session and if the user bound to the session is granted a permission to view the file.

If the auth cookie is not set, we'll redirect the browser to the * site (which can read the original session-cookies) that will generate a unique key and redirect back to the original domain appending the unique key to the GET request. The original domain will then set the cookie and the access will be granted (or not).

Comments: 2

Django-like routing in PHP

05 Jul 2008 16:06

As I've recently work with Django, the way it does the URL-based routing seemed really cool for me. I missed that in PHP, so I decided to code something like this.

Here is a class that uses (extends) my Controller class that does the routing:

class Controller_Ajax_Auth extends Controller_Ajax {
    protected $routes = Array(
        ':^info$:'                => 'info',
        ':^challenge$:'            => 'challenge',
        ':^login$:'                => 'login',
        ':^logout$:'            => 'logout',
    protected function info($url) {
        $r = Array();
        /* something */
    protected function challenge($url) {
        /* $q = something */
    protected function login($url) {
        /* set $auth to true if logged */
    protected function logout($url) {
        /* logout */

This mainly routes URLs info, challenge, login and logout to corresponding methods in the same object.

But you can route out of the object to other Controller subclass instance:

    protected $routes = Array(
        ':^auth/(.*)$:'            => 'Controller_Ajax_Auth',

This gets URL and passes what's after auth/ to the new object of class Controller_Ajax_Auth (see the code above). Generally the first ()s in the left side of each line define what's passed to the method/object on the right side.

The controller has abstract errorHandler and defaultAction methods that need to be overridden. The first is called when a exception is thrown in a performed action. The latter is called, when routing comes to some object and then no routing line matches.

Comments: 1

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License