Backend secured with htaccess and conflict with site views

[fred-the-coder]

Hello,

I am used to secure Joomla backend with htaccess file in administrator folder.

But, with a component I developed thanks to JCB (love it!), I have a conflict with the site view, where users are prompted with the pop-up due to htaccess file in backend.
As if, to load site views, we were going through backend...
I never saw that with others components...

This is not really a blocking point as users can just click cancel and the process continue with no side effects...but it is not clean!

Did you already face that situation?

Do you have an idea why I face this behaviour or how to solve it?

Thanks

[EvDoorne]

By adding 'allow from localhost' and 'allow from 127.0.0.1' as well as a rule that adds the IP address of your server to your .htaccess you should be able to solve this.

[fred-the-coder]

Thanks for the advise...
However, I google ".htaccess allow from localhost or valid user" but did not find a solution that worked for me...

[Llewellynvdm]

Okay so the only back-end files being used is the tables which is how it use to be done in the Joomla components, as you will see the front does not have this tables folder (for the banners admin and site). But other then that the front-end edit view is not linked to the back-end. This means that if it works with the Joomla core components it should also work for components build with JCB.

O yes there is another... the xml folder files and the JavaSript files...
So the xml files for the forms are loaded from the admin area... but that is also done that way in the core components. See here (for the banners admin and site so the only part that is different in JCB is the loading of the JavaScript file that we store in the same folder as the forms in the admin area.

So lets try this... remove these lines from your model in the front-end and see if it works:

/**
 * Method to get the script that have to be included on the form
 *
 * @return string	script files
 */
public function getScript()
{
	return 'administrator/components/com_membersmanager/models/forms/member.js';
}

This is the only outside the Joomla way... part I can quickly pick-up... and if this is the only issue. We can fix it very easy by moving that file to the media folder, and linking it in from there.

[fred-the-coder]

@Llewellynvdm you rock!
This is it, I commented out this line and no more issue with my former htaccess control!!

Notice, that, in my case this JS file is empty! (what it is aimed at?)

What is your advice to fix the situation on my side? Wait for next JCB release or comment this line or?

Many thanks again for your support!

[EvDoorne]

Perhaps I do not understand completelty what you write @Llewellynvdm , but I would nog change anything to the core working of JCB in this case. I don't mean this to be disrespectful @fred-the-coder , but if you as a end-user deliberately exclude files from a directory by adding a .htaccess deny rules, you should not be surpirsed things don't work. We shouldn't change the end-result (as generated by JCB) application because it's being told not to work by the .htaccess file. And maybe we shouldn't even consider moving files around to avoid this completelty logical situation and from happening, especially if what's been generated is 'joomla-compliant'.
I do not wish to be rude. But If the end-user rigs the system, it's his responsibility (or problem, if you wish) to solve the issues that a re a consequnece of his alterations. we shouldn't change a perfectly good working system because of that.
I''m happy to help @fred-the-coder out with the necessary .htaccess changes to make it work.

[Llewellynvdm]

Thanks Eric... the issue being looked at here is just the javascript file for the admin view, which is also used in the site edit view should you set the edit view to work on the front-end. The whole .htaccess approach is not important to me... that is each website owners thing... but to move the file to the media folder will be good practice.

Therefore to change this will not be hard, and will not effect JCB's end result that much... it will anyway be better to move that JavaScript file out of the admin area in to the media area where it belong. It has bugged me... but I have not had the need to make the tweak as yet.

No better time as now... let see. You can test the change by changing three files, and if you confirm that it now moves the files to the correct place, then we are done...

In this file and this file on line 130 change this code:

/**
 * Method to get the script that have to be included on the form
 *
 * @return string	script files
 */
public function getScript()
{
	return 'administrator/components/com_###component###/models/forms/###view###.js';
}

TO THIS:

/**
 * Method to get the script that have to be included on the form
 *
 * @return string	script files
 */
public function getScript()
{
	return 'media/com_###component###/js/###view###.js';
}

Yes we need to make this more dynamic in the future so that it only adds this line if we actually have code in it... but for now to just move the file...

So then you must make the next change... and be careful to not change anything else here, as this is one of the most important files in JCB... the mapper on line 283 change the following:

"module_forms.js": {
	"path": "c0mp0n3nt/admin/models/forms",
	"rename": "module_forms",
	"type": "single"
}

TO

"module_forms.js": {
	"path": "c0mp0n3nt/media/js",
	"rename": "module_forms",
	"type": "single"
}

That is it, now the files should be placed in the media folder of the component, and the link should be loading it from there.

Let me know, if it works I will add it to the next release update. (just know I have not tested this, so you should)

[fred-the-coder]

@Llewellynvdm : do you want me to test?

[Llewellynvdm]

Yes, but I have now tested my self... and it works as expected so I will monetarily push this change to the staging branch 👍