Over the last few projects I've been doing a lot of interesting development tieing together the Typo3 CMS and RIA modules, mostly Flash but recently Ajax too.
Typo3 is a nice PHP based CMS, it has been around long enough that there isn't much direct support for RIAs or Flash but it is flexible enough that it is a good platform for custom coding them. Of course, someone might wonder why not just use a platform that does have better support for RIA development like Ruby on Rails. I think that is a good question and I have been putting a lot of time into getting familiar with tools like Rails and Flex. While apps like Basecamp or an online mail reader should be built in tailor-made platforms like that, my work has been built around existing CMS projects where using Typo3 has huge advantages. I didn't want to be running multiple environments to support different aspects of the same content, that seemed like it would be less efficient and probably lead to maintenence problems. Additionally, by keeping the services in PHP I can leverage information in the php sessions that Typo3 is already using.
For example,since Typo3 already manages user logins, I could leverage that so my Flash and/or Ajax code was aware of the typo3 login. This turned out to be fairly easy. The typo3 session is stored in a cookie called fe_typo_user.
$id = isset($_COOKIE['fe_typo_user']) ? stripslashes($_COOKIE['fe_typo_user']) : '';
will give you that value or a blank string if it is not set. This SQL will give you the uid of that user from the fe_users table.
SELECT uid FROM fe_users JOIN fe_sessions ON fe_users.uid = fe_sessions.ses_userid WHERE ses_id = '$id'
It may seem easier to just send the uid to the flash movie and let it send the uid back with whatever requests it has. The extra database hit to get the uid (or username etc) is worthwhile because the other opens you up to easy spoofing of the user. I make it a point to never send ids for tables to avoid that kind of risk.
In this case, I made a simple base class that has a getUserId method so all my classes can call it. This has worked great for both my amfphp and ajax services.
Typo3 is a nice PHP based CMS, it has been around long enough that there isn't much direct support for RIAs or Flash but it is flexible enough that it is a good platform for custom coding them. Of course, someone might wonder why not just use a platform that does have better support for RIA development like Ruby on Rails. I think that is a good question and I have been putting a lot of time into getting familiar with tools like Rails and Flex. While apps like Basecamp or an online mail reader should be built in tailor-made platforms like that, my work has been built around existing CMS projects where using Typo3 has huge advantages. I didn't want to be running multiple environments to support different aspects of the same content, that seemed like it would be less efficient and probably lead to maintenence problems. Additionally, by keeping the services in PHP I can leverage information in the php sessions that Typo3 is already using.
For example,since Typo3 already manages user logins, I could leverage that so my Flash and/or Ajax code was aware of the typo3 login. This turned out to be fairly easy. The typo3 session is stored in a cookie called fe_typo_user.
$id = isset($_COOKIE['fe_typo_user']) ? stripslashes($_COOKIE['fe_typo_user']) : '';
will give you that value or a blank string if it is not set. This SQL will give you the uid of that user from the fe_users table.
SELECT uid FROM fe_users JOIN fe_sessions ON fe_users.uid = fe_sessions.ses_userid WHERE ses_id = '$id'
It may seem easier to just send the uid to the flash movie and let it send the uid back with whatever requests it has. The extra database hit to get the uid (or username etc) is worthwhile because the other opens you up to easy spoofing of the user. I make it a point to never send ids for tables to avoid that kind of risk.
In this case, I made a simple base class that has a getUserId method so all my classes can call it. This has worked great for both my amfphp and ajax services.
posted by John Nicholas at 10:41 AM
0 Comments:
Post a Comment
<< Home