How to setup a app file system on a 'live' server?

garyw3058 · October 27, 2015, 3:52am

Yii2 advanced framework 2.0.6.

I am trying to learn how to setup the app file system on a ‘live’ server.

This is the file structure I am using:




- yii2app/

    - frontend/

    - backend/

    - common/

    - .. other folders..

    - admin/

        - assets/

        - css/

        - index.php

    - assets/

    - css/

    - index.php

URL generated:




 http://www.example.com/admin

or http://www.example.com

I have made corresponding changes to both the index.php in the root directory: yii-app/


require(__DIR__ . '/vendor/autoload.php');

require(__DIR__ . '/vendor/yiisoft/yii2/Yii.php');

require(__DIR__ . '/common/config/bootstrap.php');

require(__DIR__ . '/frontend/config/bootstrap.php');


$config = yii\helpers\ArrayHelper::merge(

    require(__DIR__ . '/common/config/main.php'),

    require(__DIR__ . '/common/config/main-local.php'),

    require(__DIR__ . '/frontend/config/main.php'),

    require(__DIR__ . '/frontend/config/main-local.php')

);

and in the admin directory, yii-app/admin


require(__DIR__ . '/../vendor/autoload.php');

require(__DIR__ . '/../vendor/yiisoft/yii2/Yii.php');

require(__DIR__ . '/../common/config/bootstrap.php');

require(__DIR__ . '/../backend/config/bootstrap.php');


$config = yii\helpers\ArrayHelper::merge(

    require(__DIR__ . '/../common/config/main.php'),

    require(__DIR__ . '/../common/config/main-local.php'),

    require(__DIR__ . '/../backend/config/main.php'),

    require(__DIR__ . '/../backend/config/main-local.php')

);

.

The issue I am experiencing is that after successfully logging into the app as a ‘user’ I’ve noticed that in the navbar ‘Login’ does not change to ‘Logout (user name)’.

Also if I go to click on ‘Login’ again, there is an error

The section highlighted in the error message:




1. in /Users/***********/yii-app/vendor/yiisoft/yii2/web/User.php at line 614

{

        $session = Yii::$app->getSession();

        $id = $session->getHasSessionId() || $session->getIsActive() ? $session->get($this->idParam) : null;

 

        if ($id === null) {

            $identity = null;

        } else {

            /* @var $class IdentityInterface */

            $class = $this->identityClass;

 614           $identity = $class::findIdentity($id);

        }

 

        $this->setIdentity($identity);

 

        if ($id

The user ‘id’ corresponds with the ‘User’, ie, user ‘id’ = 11.




$_SESSION = [

    '__flash' => [],

    '__id' => 11,

];

The only way to rectify this ‘error’ is to clear the browser history.

The above may indicate that this is a session issue.

Based on information I have gleaned from the web I have created two session ids, one for frontend and one for the backend. The backend is for admin purposes and it works fine. Below is the setup for FRONTENDSESSID in yii-app\frontend\config\main.php.




    'id' => 'app-frontend',

    'basePath' => dirname(__DIR__),

    'bootstrap' => ['log'],

    'controllerNamespace' => 'frontend\controllers',

    'defaultRoute' => 'pages/index',

    'components' => [

	    'request' => [

		    'csrfParam' => '_frontendCSRF',

		    'csrfCookie' =>  [

			    'httpOnly' => true,

			    'path' => '',

		    ], 

	    ],

        'user' => [

            'identityClass' => [

	            'common\models\User',

	            'enableAutoLogin' => true,

	            ],

	        'identityCookie' => [

		        'name' => '_frontendIdentity',

		        'path' => '',

		        'httpOnly' => true,

	        ],    

        ],

        'session' => [

	        'name' => 'FRONTENDSESSID',

	        'cookieParams' => [

		        'path' => '',

	        ],

        ],

        ..

        ..

        ..

The only difference with BACKENDSESSID is


'path' => '/admin',

This part of the app works fine, however any image in the admin section is broken.

Perhaps I am conflating the issues here, or maybe both issues are linked??

Does anyone know how to create a ‘live’ setup that is secure and workable?

The information I have seen seems to be contradictory or incomplete, especially for the novice Yii users.

skworden · October 28, 2015, 10:10pm

With the advanced app the "frontend" and "admin" are essentially two different programs that you must tell to talk to work with each other. Once you do so it should fix the issues you are describing. It also looks like you could have a path issue here is a guide on how to use different sessions on frontend and backend.

An ideal folder structure would be to have all core files out of the web root by adjusting your paths in the two index.php files in the fronted and admin folders. Make sure your file permissions in your web accessible files are not writable!


- server root

  - Core Files i.e. models, views, controllers, vendor, common etc (these shouldn't be in your web root)

  - Web root

 	-Frontend Files that need to be web accessible i.e. htaccess, index, assets, and theme files.

 	- Admin folder

   	- Admin Files that need to be web accessible

With that said here is what one of mine looks like


-server root

- yii2

-www (webroot)

  - index.php

  - .htaccess

  - robots.txt

  - sitemap.txt

  - favicon.ico

  - assets

	- img

	- css

	- js

  - admin (folder)

	- index.php (all files should be inline the editor is doing something weird here)

	- .htaccess

    - robots.txt

    - sitemap.txt

    - favicon.ico

    - assets (folder)

   	- img (folder)

   	- css (folder)

   	- js (folder)

I’d personally call your “admin” section something different then “admin”. You shouldn’t be including main-local files either on a live setup as they are intended to be used for local / dev settings.

garyw3058 · November 3, 2015, 5:16am

Thanks skworden for your time.

I have found if I remove ‘sessions’ from the config\main.php in both the ‘frontend’ and ‘backend’ apps that the login issues are no more. For example a member can sign in and access their profile and then log out. The same for the admin user.

However after logging in as admin at ‘www.mysite.com/admin’ and then logging out, and in the same browser navigating to ‘www.mysite.com’ to login as a member, I am taken to the admin login screen.

In the real world this would be unlikely and therefore a minor issue. Am I correct in thinking this?

This is what my /config/main.php now looks like minus the ‘session’ section.


	'user' => [

            'identityClass' => 'common\models\User',

            'enableAutoLogin' => true,

            

            'identityCookie' => [

		        'name' => '_backendIdentity',

		        'path' => '/yii-app/admin',

		        'httpOnly' => true,

	        ],    


        ],

Thanks for giving me some tips for organising the file structure, although I’m not sure about a few things.




-server root

 - yii2

 -www (webroot)

   - index.php

   - .htaccess

   - robots.txt

   - sitemap.txt

   - favicon.ico

   - assets

        - img

        - css

        - js

   - admin (folder)

        - index.php 

        - .htaccess

        - robots.txt

        - sitemap.txt

        - favicon.ico

        - assets (folder)

          - img (folder)

          - css (folder)

          - js (folder)

Is this correct?

Thanks for your help.