Trongate Framework Documentation

trOnGAtE

Welcome
- Table of Contents
- Welcome To The Revolution
- Trongate's Free Forever Promise
- About These Docs
Getting Started
- A Word About MariaDB And MySQL
- Installing PHP and MySQL
- Let's Get Trongate!
Basics Concepts
- A Few Words About Coding Style
- The Structure of a Trongate Web App
- Introducing Modular HAVC
- The Problem With MVC
- Isn't this the same as HMVC?
- What's Inside A Module?
Understanding Routing
- What Is Routing?
- 404 Error Pages
- How Basic URL Routing Works
- Reading Values From The URL
- Preventing Methods From Being Invoked Via The URL
- Advanced Custom Routing
Controllers
- What Is A Controller?
- The Structure Of A Controller
- Defining A Default Controller
Views
- Understanding View Files
- An Example Of A View File Being Used
- Passing Data Into View Files
- Returning Views Output As A Variable
- Best Practices
The File Asset Manager
- Why We Need A File Asset Manager
- Basic Example - Part 1
- Basic Example - Part 2
- The Module Assets Trigger
- Additional Information
Modules Calling Modules
- Calling Another Module From A Controller
- Calling Another Module From A View
Super Modules & Sub Modules
- Complete Video Tutorial
- What Are Super Modules And Sub Modules?
- Accessing Sub Modules Via The URL
- Loading View Files From Within Sub Modules
- Accessing Sub Modules From Other Modules
Templates
- What Are Templates?
- How To Create Your Own Website Template
- Loading Templates
- Passing Information Into Templates
- Passing View Files Into Templates
- Template Partials
- About The Admin Template
Trongate CSS
- Introducing Trongate CSS
- Features and Benefits
- Trongate CSS Examples
- JavaScript Components
- Trongate CSS Video Tutorial
- Working With YouTube Videos
Helpers Explained
- Helpers Introduction
- The URL Helper
- The Form Helper
- The Form Validation Helper
- The Flashdata Helper
- The File Validation Helper
- The Pagination Helper
- Other Helpful Features
Form Handling
- Trongate's Approach To Form Handling
- Getting Started With Form Building
- Creating A Books Database Table
- Manually Building A Form
- Improving Our Form
- Form Validation (The Pipe Method)
- Form Validation (The Array Method)
- Displaying Form Validation Errors
- A Closer Look At The Post Method
- Repopulating Forms
- Creating Records
- Reading Records
- Table Joins
- Updating Records
- Deleting Records
- Custom Validation Callbacks
- CSRF Protection
Database Interaction
- How Trongate Works With Databases
- Getting Started
- How To Use Debug Mode
- The 'Get' Method
- The 'Get Where' Method
- The 'Get Where Custom' Method
- The 'Get One Where' Method
- The 'Get Many Where' Method
- The 'Count' Method
- The 'Count Where' Method
- The 'Count Rows' Method
- The 'Get Max' Method
- The 'Insert' Method
- The 'Update' Method
- The 'Delete' Method
- The 'Query' Method
- The 'Query Bind' Method
- The 'Insert Batch' Method
- Graphical Query Builder Video Tutorial
Uploading Files
- A General Overview Of File Uploading
- Building An Uploader Form
- Understanding The Upload Process
- Uploading Pictures
Working With Images
- How To Build Picture Uploaders - Video Demo
- Understanding Single Picture Uploaders
- The Submit Upload Method
- A Closer Look At Picture Settings
- The Drag 'n' Drop Multi File Uploader
- Controlling How Multi-File Uploaders Behave
The Module Import Wizard
- What Problem Does This Solve?
- How To Use The Module Import Wizard
Authorization and Authentication
- Section Introduction
- What We Are Trying To Achieve
- How Trongate's Token System Works
- The Three Security Tables
- Generating Tokens (JavaScript Friendly Version)
- Generating Tokens (PHP Friendly Version)
- Fetching User Data From Tokens (JavaScript friendly version)
- Fetching User Data From Tokens (PHP Friendly Version)
- More Useful Features
- Destroying Tokens (JavaScript Friendly Version)
- Destroying Tokens (PHP Friendly Version)
- Understanding HTTP Response Status Codes
The API Explorer
- An Introduction To The Trongate API Explorer
- API Terminology Explained
- Trongate's Built-In Endpoints
- Getting Started With The API Explorer
- Building Your Api Settings File
- Testing Your API Endpoints
- Optional Additional Parameters
- Before Hooks And After Hooks - General Overview
- Before Hooks - Deep Dive
- After Hooks - Deep Dive
- Querying Endpoints
- Understanding API Authorization
- How To Attach Tokens To Requests
- Wide Open Authorization
- Role Based Authorization
- ID Based Authorization
- User ID Segment Authorization
- User Code Segment Authorization
- User Owned Segment Authorization
- Custom API Endpoints
Before You Launch
- Hiding Your Admin Login URL
- Pre Launch Checklist
- Web Hosting Advice

switch to dark mode

Authorization and Authentication

Fetching User Data From Tokens (JavaScript friendly version)

The Trongate framework comes with two API endpoints for fetching user data from tokens. They are:

Your base URL followed by trongate_tokens/id
Your base URL followed by trongate_tokens/user

Both of these API endpoints accept HTTP GET requests and can be tested via the Trongate Api Manager.

Adding Your Token To The Header

To use Trongate's token management system in a stateless environment, you'll have to attach a valid token onto the header of your HTTP requests.

In vanilla JavaScript this can be achieved with the following code:

setRequestHeader("trongateToken",token)

Just To Let You Know

Our JavaScript code above assumes that you have created a variable called 'token' with a value that's equal to a valid Trongate security token.

The 'Fetch Trongate User ID' Endpoint

The 'Fetch Trongate User ID' endpoint, evaluates a token and attempts to return a Trongate User ID for the user whom the token has been assigned to. The URL for this endpoint is your base URL followed by trongate_tokens/id

Did You Know?

The 'Trongate User ID' is the phrase that refers to the ID on the trongate_users table, that corresponds to the end user.

If the token is valid and a Trongate User ID is found, then a 200 HTTP response code will be produced and the HTTP response body with be a numeric value that matches the Trongate User ID for the end user.

The screenshot below shows a successful user ID request being made, using the Trongate API Manager:

Fetching a Trongate User ID

If a valid token is not presented to the server then the server will issue a 401 HTTP response code and the word 'false' will be outputted. For example:

an unsuccessful attempt to fetch a Trongate User ID

Just To Let You Know

If you'd like to disable the 'Fetch Trongate User ID' endpoint, open up Trongate_tokens.php (it's inside the trongate_tokens module) and add a die(); statement at the beginning of the 'id' method. For example,

function id() {

    die(); //disable this endpoint!

    //get the trongate_user_id

    if (!isset($_SERVER['HTTP_TRONGATETOKEN'])) {
        http_response_code(422);
        echo 'no token'; die();
    } else {
        $token = $_SERVER['HTTP_TRONGATETOKEN'];
        $result = $this->model->get_one_where('token', $token, 'trongate_tokens');

        if ($result == false) {
            http_response_code(401);
            echo 'false';
            die();
        } else {
            http_response_code(200);
            echo $result->user_id;
            die();
        }
    }
}

The 'Fetch Trongate User Obj' Endpoint

The 'Fetch Trongate User Obj' endpoint, evaluates a token and attempts to return a Trongate User Object for the user whom the token has been assigned to. The URL for this endpoint is your base URL followed by trongate_tokens/user

If the token is valid and successfully matched to a user, then a 200 HTTP response code will be produced and the HTTP response body will contain a JSON string containing information relating to the user.

The screenshot below shows a successful request being made, using the Trongate API Manager:

successfully fetching a user object with Trongate's API Manager

Below shows an example of the kind of data that we can expect to receive from the 'Fetch Trongate User Obj' endpoint:

{
   "trongate_user_code":"dytcGEc47h6VCmYmrJLwH5CPx8GMWcKa",
   "user_level_id":"1",
   "user_level":"admin",
   "token":"r8Ex_25FoYFSsrJTn3wezn6wzW8XRLkf",
   "trongate_user_id":"1",
   "expiry_date":"1629508409"
}

Understanding The User Object

The user object that gets returned after a successful request, contains the following properties:

trongate_user_code - the value for this property corresponds with the 'code' column on the 'trongate_users' table.
user_level_id - this property contains a value that matches the 'id' column, for the user, from the 'trongate_user_levels' table.
user_level - this property contains the value, for the user, that's stored on the 'level_title' column of the 'trongate_user_levels' table.
token - the 'token' property contains the user's validated token. This corresponds with the value, for the user, that's stored on the 'token' column on the 'trongate_tokens' table.
trongate_user_id - this property contains the user's 'Trongate User ID'. This is a numeric value, for the user, that corresponds with the 'id' column of the 'trongate_users' table.
expiry_date - finally, we have an expiry_date property. This contains a Unix timestamp that represents the date and time when the token will expire.

The screenshot below shows an example of the kind of response that we can expect to receive when a user object request is unsuccessful:

an unsuccessful user object request

Just To Let You Know

If you'd like to disable the 'Fetch Trongate User Obj' endpoint, open up Trongate_tokens.php (it's inside the trongate_tokens module) and add a die(); statement at the beginning of the 'user' method. For example,

    function user() {

    die(); //disable this endpoint!

    //get the trongate user object
    if (!isset($_SERVER['HTTP_TRONGATETOKEN'])) {
        http_response_code(422);
        echo 'No token!';
        die();
    } else {
        $params['token'] = $_SERVER['HTTP_TRONGATETOKEN'];
        $sql = 'SELECT
                    trongate_users.code as trongate_user_code,
                    trongate_users.user_level_id,
                    trongate_user_levels.level_title as user_level,
                    trongate_tokens.token,
                    trongate_tokens.user_id as trongate_user_id,
                    trongate_tokens.expiry_date
                FROM
                    trongate_tokens
                INNER JOIN
                    trongate_users
                ON
                    trongate_tokens.user_id = trongate_users.id
                INNER JOIN
                    trongate_user_levels
                ON
                    trongate_users.user_level_id = trongate_user_levels.id
                WHERE
                    trongate_tokens.token = :token';

        $rows = $this->model->query_bind($sql, $params, 'object');

        if (isset($rows[0])) {
            http_response_code(200);
            echo json_encode($rows[0]);
            die();
        } else {
            http_response_code(400);
            echo 'Unable to match token with user.';
            die();
        }
    }
}

HELP & SUPPORT

If you have a question or a comment relating to anything you've see here, please goto the Help Bar.

Fetching User Data From Tokens (JavaScript friendly version)

Adding Your Token To The Header

The 'Fetch Trongate User ID' Endpoint​

The 'Fetch Trongate User Obj' Endpoint

Understanding The User Object

HELP & SUPPORT

The 'Fetch Trongate User ID' Endpoint