User management for ExtDirect PHP
after testing the Ext.Direct PHP of Tommy Maintz http://extjs.com/forum/showthread.php?t=68186 I was happy about the simple way to include php code. But what I missed is an user management to restrict the usage of functions to users, which are logged in. But during thinking about it I recognized, that it is not so easy: What happens to the client application, when a login timed out? Meanwhile I found a solution by extending the code of Tommy Maintz, so there is a "transparent" user management: Login and logout are handled by this new extension and you must not think much about adding this functionallity to your ext application.
Here you can download the code: http://ext.yasheena.biz/direct-demo/...ment-1.0.0.zip
Here you can test it with a live demo (username doesn't matter, password is 'abc'): http://ext.yasheena.biz/direct-demo/index.html
This is my readme file for this project:
User management extension for ExtDirect
Version 1.0.0 / 14.10.2010
written by Wolfgang Mattis, email@example.com
This extension is based on the "Ext.Direct PHP -
Maintained by tommymaintz (Tommy Maintz) Version 1.01"
Feel free to use / modify / extend my code.
index.html html code for demo
direct-demo.js js code for demo
api.php original file, configured / extended for the demo
router.php original file (not neccessary for the demo)
WM_Api.php new code for the API
WM_Router.php new code for the Router
ExtDirect/API.php original file, modified
ExtDirect/CacheProvider.php original file
ExtDirect/Router.php original file, modified
classes/Echo.php original file
classes/Exception.php original file
classes/ExtDirectUserManagement.php new remote functions
classes/File.php original file, modified
classes/Time.php original file
cache/api_cache.txt temporary cache file
To implement the user management it was neccessary also to modify two files
of the original packet:
ExtDirect/API.php: Added 7 lines at line 172
ExtDirect/Router.php: Changed line 15
classes/File.php: Added line 6; only for this demo neccessary
This modifications do not influence the original functionality, if you want to
use the ExtDirect without this user management.
Unpack the files and copy them with the given directory structure to the
ExtDirect directory. This will also overwrite the original files: Save them,
if you need them as original. The list above 'Included Files' tells you
wich of the original files will be replaced with an modified version.
Using the file index.html to view a demo, you have to make sure, that the
Ext library is available in the subdirectory 'ext'.
Here you can test the user management extension as live example:
The usermanagement for ExtDirect provides the neccessary functionality to
restrict the usage of defined functions only to user who logged in. This
extension does not handle the user accounts itself. There are clearly marked
positions in the file 'ExtDirectUserManagement.php' where you have do do
the checking of username, password and so on.
The main functionallity of this extension is:
- detection of functions, which are allowed to use only by loggedin users
- login / logout users
- logout users automatically after a given timeout
- store the calls of restricted functions till a user logged in
Especially the last item is important for a 'transparent' user management:
If a user is logged out by timeout, normally it's very complex to check all
remote function call against the login status of the user at the client side.
This Extension does the checks on the server side: if a remote function is
called and this function should be usesd only by loggedin users, the server
stores this call on a stack and sends an event, which should initiate a login
sequence on the client side. After a successful login all stored remote
function calls will be executed. So the user will not loose his data on the
client side and you must not think about handling a serverside timeout logout,
which may occure in every situation of your client code.
So it is also possible to add a user management to your existing application
without changing the code of your application: only install the new php files
and add the last lines (starting at line 315) of the 'file direct-demo.js' to
window, if a selected remote function is called. Don't forget to insert your
own checking of username/password in file 'classes/ExtDirectUserManagement.php'.
You do the main configuration in the file 'api.php'. In the demo all
possibilities are listed and discribed, but you only the ones, which differ
from the default value.
holdbackMode: The storage of the remote calls, when a user is not logged in,
can be switched to 3 versions:
none all remote functions will be executed immediately
all all remote functions will be stored till a user logged in
marked only the marked functions will be stored till a user logged in
This value does not influences the remote functions in the class
'ExtDirectUserManagement', which everytime will be executed immediately
holdbackAttribute: This variable holds the string, which is used to mark the
functions, which need a login to be executed.
Attention: if you set 'holdbackMode' to 'none', also this
functions will be executed immediately.
If you change this value, don't forget to delete the file
'api_cache.txt' to force an update.
timeout: Set this timeout to a time, which must passed by without a
call of a remote function, to logout the user automatically.
The time is given in seconds. The value 0 disables this
loginEvent: This variable holds the structure, which will be send to
the client side, to initiate a login screen. The data element
will hold the string, which can be set via the function
'setLoginInfo' of the router to report a message to the
user (like 'invalid password'). See the file
Default: array('type'=>'event', 'name'=>'ext-direct-login', 'data'=>' ')
repeatEvent: Set this variable to 'true' to force the usermanagent to
repeat the login event every time a remote call is requested
(which needs to login a user) but no user is logged in.
Make sure, nothing unexpected will happen on the client side,
when a login event occurs, but the login window is already open.
A value of 'false' will send a login request only on the
first occurance of a 'marked' remote function.
If you use 'holdbackMode' with 'marked', only that remote functions are
checked for a logged in user, which are marked with '@holdback' in the same
way you know from the '@remote'.
In the file 'ExtDirectUserManagement.php' only the 'login' and 'logout'
functions are neccessary, but the additional functions are also useful. Add
more functions, if your user handling offers more possibilities.
Using the Demo
The demo on http://ext.yasheena.biz/direct-demo/index.html is the same of this
archive. Play with it to lern more about the behaviour of this extension.
In this demo the username for the login doesn't matter, the password must be 'abc'.