Creating config file for Maintenance Mode

Alexander_Paladines · October 14, 2021, 3:57pm

Hi, I want to call a dynamically construction page during differents updates or upgraded, I have this simple php code in main index.php

<?php
include_once('admin/config/config.php');
if($mantenimiento == 1) {
  include 'mantenimiento.php';
} else {
  include 'login.php';
}
?>

Now the config.php file only have these simple lines, protect file externally and a variable to make the condition above to works.

<?php
    if ( $_SERVER['REQUEST_METHOD']=='GET' && realpath(__FILE__) == realpath( $_SERVER['SCRIPT_FILENAME'] ) ) {        

        header( 'HTTP/1.0 403 Forbidden', TRUE, 403 );
        die( header( 'location: /' ) );
    }
$mantenimiento=1;
?>

But I want a way to change this variable $mantenimiento into wappler using dynamic binding, for example I have a backend and I would like to change this value of $mantenimiento=1; to $mantenimiento=0; maybe using a form with checkbox or changing with text input storing this value in a table in database to call it dynamically.

I means something like:

$mantenimiento={{serverconnect1.data.config_mantenimiento}}

Of course it doesn’t works,

I’m trying with _SESSION using globals and then call it into the var, something like:

session_start();
$mantenimiento=_SESSION['config_mantenimiento'];

It works, but half, I mean, this method it’s perfect if where not in the main index, that’s because the _session needs to be store firts before using it (I don’t know if I’m doing something wrong but this is my case), so, been the index the main file it need a second refresh to get the store _session and the conditions start working.

Thanks.

Alexander_Paladines · October 15, 2021, 5:39pm

Please, maybe someone can help, any idea would be useful.
Thanks

George · October 15, 2021, 7:55pm

In Wappler, you don’t have to code that all in PHP.

We have ready to go components and features to make all this easy possible.

Just check the docs:

Alexander_Paladines · October 15, 2021, 8:16pm

Thanks George,
I know, in fact I’m was testing with simple condition region, but the idea to do it with php code is that it keep it hidden from source code and I’m really concern about security, I mean, wappler condition regions hide content from being executing from DOM that’s great, but it’s still loading all content inside conditions and visible in source code(Ctrl+U), so I really do not know how safe is using conditions with admin query that are visible on source code.

I would appreciate it you can help me to understand how much safe is to use condition region, can someone else maybe hacking the visible conditions and executing with changed value, I don’t know.
Sorry for my dumb question but for me do not exist dumb questions, if not, dumb people that not ask.

Please take me off this ignorance.

mebeingken · October 15, 2021, 8:34pm

If the user at the client should not see something, don’t send it. Don’t rely on show/hide or conditional regions.

As for maintenance page, I would use something in your web server config to control this. I’ve implemented this on a node site for when the node service is down, restarting, etc. Apache serves up the maintenance page under the directed conditions.

You can google up some solutions for php. If you are manually controlling the maintenance, then something like if maint.html exists, then direct everything to that. Then just rename to maint.bak for normal operations.

Alexander_Paladines · October 15, 2021, 8:51pm

Thanks, but, can you be a bit more specific why it’s better to don’t rely on show/hide or conditional regions? Maybe because this is vulnerable to hack, or not? I would really appreciate it.
Thanks

mebeingken · October 15, 2021, 8:58pm

Yes, if it is sent to the client/browser it is always subject to somebody being able to see it. Securing things is always done using server components.

Alexander_Paladines · October 15, 2021, 9:13pm

Ok, at this point I believe that condition regions are not as usefull in terms of security for differents stuff, for example, in a form, if I make a conditional region depending of user rol for a user page how to redirect that user with your propper information, because, the use of conditional region in same page but only showing to the correct user rols, it always be visible to source code for all rol, so I thnk is not a good practice, do with php include file inside a condition will be the same, it render all in source code but not executable. How to deal with that?