If we don't find a better solution to deal with the issues you've encountered, we might switch to "Lax" as default and advise users to switch to "strict" if they want the highest level of security.
ini_set('session.cookie_lifetime', 0); // Make session cookie persist until browser closes
ini_set('session.use_only_cookies', 1);
ini_set('session.use_trans_sid', 0);
ini_set('session.cookie_samesite', 'Lax'); // Allow cross-site requests while maintaining some security
'samesite' => 'strict',
'samesite' => 'Lax',
if (PHP_VERSION_ID >= 70300) {
$options = [
'lifetime' => $lifetime,
'path' => '/',
'domain' => XOOPS_COOKIE_DOMAIN,
'secure' => $secure,
'httponly' => true,
'samesite' => 'strict',
];
session_set_cookie_params($options);
} else {
session_set_cookie_params($lifetime, '/', XOOPS_COOKIE_DOMAIN, $secure, true);
}
What’s the best way to retrieve data from other modules in XOOPS? Should I be using the existing APIs, or is there another recommended method?
Is there a specific XOOPS function or best practice for interacting with the database across multiple modules? I want to ensure that my approach is clean and efficient.
use Xmf\Module\Helper;
// Get the helper for the 'news' module
$helper = Helper::getHelper('news');
// Get the handler for the 'story' object in the 'news' module
$storyHandler = $helper->getHandler('story');
// Define criteria for data retrieval
$criteria = new CriteriaCompo();
$criteria->setLimit(10); // Limit to 10 items
// Retrieve data objects
$newsItems = $storyHandler->getObjects($criteria);
// Loop through and display data
foreach ($newsItems as $newsItem) {
echo $newsItem->getVar('title');
}
How should I structure the permissions for users accessing this dashboard, especially considering the different access levels required for the different modules?
use Xmf\Module\Helper\Permission;
$permHelper = new Permission();
// Assuming you're in your custom module context
$moduleDirName = basename(dirname(__DIR__));
$helper = Helper::getHelper($moduleDirName);
$permHelper = new Permission($helper);
$permissionName = 'view_dashboard'; // Define your custom permission
$itemId = null; // Use null if not item-specific
$userGroups = $xoopsUser ? $xoopsUser->getGroups() : [XOOPS_GROUP_ANONYMOUS];
if ($permHelper->checkPermission($permissionName, $itemId, $userGroups)) {
// User has permission, display dashboard
} else {
// User doesn't have permission, show an error or redirect
redirect_header('index.php', 3, _NOPERM);
}
$modversion['config'][] = [
'name' => 'permissions',
'title' => '_MI_YOURMODULE_PERMISSIONS',
'description' => '_MI_YOURMODULE_PERMISSIONS_DESC',
'formtype' => 'group_multi',
'valuetype' => 'array',
'default' => [XOOPS_GROUP_ADMIN, XOOPS_GROUP_USERS],
];
$permHelper->savePermissionForItem('view_dashboard', $itemId, $groupIds);
// For the 'news' module
$newsHelper = Helper::getHelper('news');
$newsPermHelper = new Permission($newsHelper);
if ($newsPermHelper->checkPermission('view', $newsItemId, $userGroups)) {
// User has permission to view the news item
} else {
// Handle lack of permission
}
Are there any examples or tutorials for similar use cases (integrating data from multiple modules) that you could point me to?