CodeIgniter - Internationalization
Donald Green
CodeIgniter - Internationalization
The language class in CodeIgniter provides an easy way to support multiple languages ​​for internationalization. To some extent, we can use different language files to display text in different languages.
We can put different language files in the application/language directory. The system language files can be found in the system/language directory, but to add your own language to your application, you must create a separate folder for each language in the application/language directory.
File Creation Language
To create a language file, you must end it with _lang.php . For example, you want to create a language file for French, then you must save it using french_lang.php . In this file, you can store all your language texts in key, value combinations in the $lang array, as shown below.
$lang['key'] = 'val';
Loading a language file
To use any language in your application, you must first download that particular language's file in order to extract the various texts stored in that file. You can use the following code to download the language file.
$this->lang->load('filename', 'language');
- filename is the name of the file you want to upload. Do not use the file extension here, only the file name.
- The language is the language that contains it.
filename is the name of the file you want to upload. Do not use the file extension here, only the file name.
The language is the language that contains it.
Text language selection
To extract a string from a language file, simply run the following code.
$this->lang->line('language_key');
Where language_key is the key parameter used to get the value of the key in the loaded language file.
Startup languages
If you need some language globally, you can automatically load it in application/config/autoload.php file like below.
| -------------------------------------------------- ---------------------
| Auto-load language files
| -------------------------------------------------- ---------------------
| Prototype:
| $autoload['config'] = array('config1', 'config2');
|
| NOTE: Do not include the "_lang" part of your file. For example
| "codeigniter_lang.php" would be referenced as array('codeigniter');
|
*/
$autoload['language'] = array();
Just pass different languages ​​to Autoload CodeIgniter.
example
Create a controller named Lang_controller.php and save it to application/controller/Lang_controller.php
Create a view file named lang_view.php and save it to application/views/lang_view.php
<metacharset="utf-8">
Create three folders named in English, French and German in Application/Language as shown in the image below.
Copy the code below and save it as english_lang.php file in application/language/english folder .
Copy the code below and save it as french_lang.php file in application/language/French folder .
Copy the code below and save it in german_lang.php file in application/language/german folder .
Edit the route.php file in application/config/rout.php to add the route for the above controller and add the following line at the end of the file.
$route['lang'] = "lang_controller";
Execute the following URL in a browser to run the above example.
http://yoursite.com/index.php/lang
It will give output as shown in the following screenshot. If you change the language in the dropdown list, the language of the sentence written below the dropdown list will also change accordingly.
CodeIgniter - Security
XSS Prevention
XSS stands for Cross Site Scripting. CodeIgniter comes with XSS filtering security. This filter will prevent any malicious JavaScript code or any other code that tries to hijack cookies and perform malicious actions. To filter data through an XSS filter, use the xss_clean() method as shown below.
$data = $this->security->xss_clean($data);
This function should only be used when sending data. The optional second boolean parameter can also be used to check the image file for an XSS attack. This is useful for downloading files. If its value is true, then the image is safe, and not otherwise.
SQL Injection Prevention
SQL injection is an attack on a database query. In PHP, we use the mysql_real_escape_string() function to prevent this, along with other methods, but CodeIgniter provides built-in functions and libraries to prevent this.
We can prevent SQL injection in CodeIgniter in the following three ways:
- Escape Requests
- Query Biding
- Active Record Class
Escape Requests
The $this->db->escape() function automatically adds single quotes around the data and determines the data type so that it can only escape string data.
Query Biding
In the example above, the question mark (?) will be replaced by an array in the second parameter of the query() function. The main advantage of constructing a query this way is that the values ​​are automatically escaped, which creates safe queries. The CodeIgniter engine does this automatically so you don't have to remember it.
Active Record Class
Using active records, the query syntax is generated by each database adapter. It also allows for more secure queries, as values ​​are automatically escaped.
Hiding PHP Errors
In a production environment, we often don't want to display any error messages to users. It is good if it is enabled in the development environment for debugging purposes. These error messages may contain some information that we should not show to site users for security reasons.
There are three CodeIgniter files associated with errors.
PHP Error Reporting Level
Different environments require different levels of error messages. By default, during development, errors will be displayed, but testing and live will hide them. There is an index.php file in the CodeIgniter root directory which is used for this purpose. If we pass zero as an argument to the error_reporting() function, then this will hide all errors.
Database Error
Even if you have disabled PHP errors, MySQL errors are still open. You can disable this in application/config/database.php . Set the db_debug parameter in the $db array to FALSE as shown below.
$db['default']['db_debug'] = FALSE;
Error log
Another way is to transfer errors to log files. Thus, it will not be displayed to users on the site. Just set log_threshold value in $config array to 1 in application/cofig/config.php file like below.
$config['log_threshold'] = 1;
CSRF Prevention
CSRF stands for Cross Site Request Forgery. You can prevent this attack by enabling it in your application/config/config.php file as shown below.
$config['csrf_protection'] = TRUE;
When you create a form with the form_open() function , it will automatically insert the CSRF as a hidden field. You can also manually add CSRF using get_csrf_token_name() and get_csrf_hash() functions . The get_csrf_token_name() function returns the CSRF name and get_csrf_hash() returns the CSRF hash value.
The CSRF token can be regenerated each time for sending, or you can also keep it for the life of the CSRF cookie. By setting it to TRUE , in the config array with the key csrf_regenerate will regenerate the token as shown below.
$config['csrf_regenerate'] = TRUE;
You can also whitelist URLs from CSRF protection by setting it in the configuration array using the csrf_exclude_uris key, as shown below. You can also use a regular expression.
$config['csrf_exclude_uris'] = array('api/person/add');
Password Handling
Many developers don't know how to handle passwords in web applications, which is why many hackers find it so easy to break into a system. When working with passwords, keep the following points in mind:
DO NOT store passwords in plain text.
Always hash your passwords.
DO NOT use Base64 or similar encoding to store passwords.
DO NOT use weak or broken hashing algorithms such as MD5 or SHA1. Use only strong password hashing algorithms such as BCrypt which is used in PHP's native password hashing functions.
DO NOT display or send the password in text format.
DO NOT place unnecessary restrictions on your users' passwords.
