Routing with Multiple Subdomains
Ever want to have multiple admin routes and use subdomains?
After wanting to integrate 3 different parts of an application I wrote into one app, I looked and found some great pieces of information in the bakery on having more then one admin route and using admin routes on sub domains. So after playing and wanting an easier way to define everything.
Resources Used on the Bakery
Using CAKE_ADMIN for multiple user types - By Egbert Teeselink
Hosting Admin URLs on a Subdomain - By Nate
This is what we added to our boostrap.php
Feedback is appreciated and hope this helps other people.
Resources Used on the Bakery
Using CAKE_ADMIN for multiple user types - By Egbert Teeselink
Hosting Admin URLs on a Subdomain - By Nate
This is what we added to our boostrap.php
Component Class:
Download code
<?php
$url = explode('.',env('HTTP_HOST'));
switch ($url[0]) {
case "admin":
Configure::write('Routing.admin', 'admin');
$_GET["url"] = "admin/" . str_replace('admin/','',$_GET['url']);
break;
case "support":
Configure::write('Routing.admin', 'support');
$_GET["url"] = "support/" . str_replace('support/','',$_GET['url']);
break;
default:
}
?>
Feedback is appreciated and hope this helps other people.
Comments
Comment
1 Security
Comment
2 Rewriting the url
$_GET["url"] = "admin/" . str_replace('admin/','',$_GET['url']);But what if, for example, you would like to do this:admin.example.com/users/edit/admin/1
Where the 3rd parameter is the username to be edited (because you want the url to be more readable by humans (who is user with id "1"?), and the last is the id of the user to be edited.
With your code, the url will be users/edit/1 after your code completed, in which case the 4th parameter you expect to be the id, is empty.
It is not a security hole, not directly at least, but I think you should not simply replace any 'admin/' in your url (or 'support/'...), you just have to look if the first part of the url matches any of your admin types.
A possible solution could be this:
<?php
$url = explode('.',env('HTTP_HOST'));
$adminTypes = array('admin', 'support');
foreach ($adminTypes as $type) {
if ($url[0] == $type) {
Config::write('Routing.admin', $type);
$pts = split('/', $_GET['url']);
if ($pts[0] == $type) {
unset($pts[0]);
}
$_GET['url'] = $type . '/' . implode('/', $pts);
}
}
?>
Btw. the code is not tested but I think it should do the trick.
Anyway "Who Cares" makes an excellent point of how unsecure this approach is using the current version of CakePHP and (if I'm not mistaking), it is not about to change in the direct future releases.