after testing the Ext.Direct PHP of Tommy Maintz http://extjs.com/forum/showthread.php?t=68186 I was happy about the simple way to include php code. But what I missed is an user management to restrict the usage of functions to users, which are logged in. But during thinking about it I recognized, that it is not so easy: What happens to the client application, when a login timed out? Meanwhile I found a solution by extending the code of Tommy Maintz, so there is a "transparent" user management: Login and logout are handled by this new extension and you must not think much about adding this functionallity to your ext application.

Here you can download the code: http://ext.yasheena.biz/direct-demo/...ment-1.0.0.zip

Here you can test it with a live demo (username doesn't matter, password is 'abc'): http://ext.yasheena.biz/direct-demo/index.html

This is my readme file for this project:

User management extension for ExtDirect
Version 1.0.0 / 14.10.2010
written by Wolfgang Mattis, ext@yasheena.biz


This extension is based on the "Ext.Direct PHP -
   Maintained by tommymaintz (Tommy Maintz) Version 1.01"

Feel free to use / modify / extend my code.


Included Files:

index.html                           html code for demo
direct-demo.js                       js code for demo
api.php                              original file, configured / extended for the demo
router.php                           original file (not neccessary for the demo)
WM_Api.php                           new code for the API
WM_Router.php                        new code for the Router
ExtDirect/API.php                    original file, modified
ExtDirect/CacheProvider.php          original file
ExtDirect/Router.php                 original file, modified
classes/Echo.php                     original file
classes/Exception.php                original file
classes/ExtDirectUserManagement.php  new remote functions
classes/File.php                     original file, modified
classes/Time.php                     original file
cache/api_cache.txt                  temporary cache file


To implement the user management it was neccessary also to modify two files
of the original packet:

ExtDirect/API.php:     Added 7 lines at line 172
ExtDirect/Router.php:  Changed line 15
classes/File.php:      Added line 6; only for this demo neccessary

This modifications do not influence the original functionality, if you want to
use the ExtDirect without this user management.



Unpack the files and copy them with the given directory structure to the
ExtDirect directory. This will also overwrite the original files: Save them,
if you need them as original. The list above 'Included Files' tells you
wich of the original files will be replaced with an modified version.
Using the file index.html to view a demo, you have to make sure, that the
Ext library is available in the subdirectory 'ext'.

Here you can test the user management extension as live example:



The usermanagement for ExtDirect provides the neccessary functionality to
restrict the usage of defined functions only to user who logged in. This
extension does not handle the user accounts itself. There are clearly marked
positions in the file 'ExtDirectUserManagement.php' where you have do do
the checking of username, password and so on.

The main functionallity of this extension is:
- detection of functions, which are allowed to use only by loggedin users
- login / logout users
- logout users automatically after a given timeout
- store the calls of restricted functions till a user logged in

Especially the last item is important for a 'transparent' user management:
If a user is logged out by timeout, normally it's very complex to check all
remote function call against the login status of the user at the client side.
This Extension does the checks on the server side: if a remote function is
called and this function should be usesd only by loggedin users, the server
stores this call on a stack and sends an event, which should initiate a login
sequence on the client side. After a successful login all stored remote
function calls will be executed. So the user will not loose his data on the
client side and you must not think about handling a serverside timeout logout,
which may occure in every situation of your client code.
So it is also possible to add a user management to your existing application
without changing the code of your application: only install the new php files
and add the last lines (starting at line 315) of the 'file direct-demo.js' to
your main javascript file and immediately you will automatic get a login
window, if a selected remote function is called. Don't forget to insert your
own checking of username/password in file 'classes/ExtDirectUserManagement.php'.



You do the main configuration in the file 'api.php'. In the demo all
possibilities are listed and discribed, but you only the ones, which differ
from the default value.

holdbackMode:      The storage of the remote calls, when a user is not logged in,
                   can be switched to 3 versions:
                      none     all remote functions will be executed immediately
                      all      all remote functions will be stored till a user logged in
                      marked   only the marked functions will be stored till a user logged in
                   This value does not influences the remote functions in the class
                   'ExtDirectUserManagement', which everytime will be executed immediately
                   Defaultvalue: marked

holdbackAttribute: This variable holds the string, which is used to mark the
                   functions, which need a login to be executed.
                   Attention: if you set 'holdbackMode' to 'none', also this
                   functions will be executed immediately.
                   If you change this value, don't forget to delete the file
                   'api_cache.txt' to force an update.
                   Default: @holdback

timeout:           Set this timeout to a time, which must passed by without a
                   call of a remote function, to logout the user automatically.
                   The time is given in seconds. The value 0 disables this
                   Default: 300

loginEvent:        This variable holds the structure, which will be send to
                   the client side, to initiate a login screen. The data element
                   will hold the string, which can be set via the function
                   'setLoginInfo' of the router to report a message to the
                   user (like 'invalid password'). See the file
                   Default: array('type'=>'event', 'name'=>'ext-direct-login', 'data'=>' ')

repeatEvent:       Set this variable to 'true' to force the usermanagent to
                   repeat the login event every time a remote call is requested
                   (which needs to login a user) but no user is logged in.
                   Make sure, nothing unexpected will happen on the client side,
                   when a login event occurs, but the login window is already open.
                   A value of 'false' will send a login request only on the
                   first occurance of a 'marked' remote function.
                   Default: true

If you use 'holdbackMode' with 'marked', only that remote functions are
checked for a logged in user, which are marked with '@holdback' in the same
way you know from the '@remote'.

In the file 'ExtDirectUserManagement.php' only the 'login' and 'logout'
functions are neccessary, but the additional functions are also useful. Add
more functions, if your user handling offers more possibilities.


Using the Demo

The demo on http://ext.yasheena.biz/direct-demo/index.html is the same of this
archive. Play with it to lern more about the behaviour of this extension.
In this demo the username for the login doesn't matter, the password must be 'abc'.