Lightweight user alerts for CodeIgniter 4
- Install with Composer:
> composer require tatter/alerts
- Enable the
alerts
filter in app/Config/Filters.php - Add the
{alerts}
token to your View Layouts - Load the helper:
helper('alerts');
- Set an alert with a class and message:
alert('success', 'You did it!')
Provides integrated user alerts for CodeIgniter 4 with a variety of built-in templates and custom template support.
Install easily via Composer to take advantage of CodeIgniter 4's autoloading capabilities and always be up-to-date:
composer require tatter/alerts
Or, install manually by downloading the source files and adding the directory to
app/Config/Autoload.php
.
Note: The default display template expects Bootstrap (not included)
The library's default behavior can be changed using its config file. Copy examples/Alerts.php to app/Config/Alerts.php and follow the instructions in the comments. If no config file is found the library will use its defaults.
The Config file consists of two properties.
The $template
property sets the path to the View file which will be used to format your
alerts. The default template has HTML tags and classes designed for use with
Bootstrap 5 Alerts, but the library
includes additional templates for you to choose:
Tatter\Alerts\Views\Bootstrap4
: Compatible with the Bootstrap 4 CSS FrameworkTatter\Alerts\Views\Foundation
: Compatible with the Foundation CSS FrameworkTatter\Alerts\Views\Vanilla
: A framework-free implementation, with classes available for your own CSS styling
And of course you can add your own. The view file will be passed an array of tuples named
$alerts
, with each tuple in the format [string $class, string $content]
. Your view file
should unpack each tuple:
foreach ($alerts as $alert) {
[$class, $content] = $alert;
... then output the alert $content
wrapped in some appropriate HTML tags with whatever
styling or classes you like based on $class
.
Note: This library does not include assets for Bootstrap or Foundation. Check out Tatter\Frontend for an integrated solution.
The $classes
property is a mapping of Session keys to their CSS classes. This lets you
control which Session keys are deemed "alerts" and how to designate them to your view
template. The default list is a generous guess at common keys used by the framework and
modules, with the addition of the Bootstrap alert classes, but in most cases you will want
to slim this down or replace it altogether with your own.
See Warnings below for some caveats to consider when auto-populating Session keys into displayable content.
In order to use the AlertsFilter
you must add apply it to your target routes. The filter
only applies when the token is present so it is safe to apply it globally in app/Config/Filters.php.
See Controller Filters for more info.
Note: The alias is predefined for you as "alerts", and only the
after()
method is relevant.
The token is the following string: {alerts}
. Place this in your View layout where you want
the alerts to appear. For example:
<body>
<aside>
{alerts}
</aside>
<main class="wrapper">
...
If installed correctly CodeIgniter 4 will detect and autoload the library, filter, helper, and config. The filter will gather any alerts from the Session keys defined in your Config, pass them through your View template for formatting, and place them into your Response body wherever you have placed your token - you just need to set the alerts!
Alerts can be set directly in the Session, ideally as flashdata (so they are not repeated):
session()->setFlashdata('success', 'Your account has been updated.');
Many times your alerts will be handled during redirect, so you can take advantage of
the framework's RedirectResponse
class method with()
to apply the flashdata directly:
if (! $fruit = $this->getPost('fruit')) {
return redirect()->back()->with('error', 'You must select a fruit!');
}
This library also includes a helper function, which has the added benefit of merging values and checking for collision. Initialize the helper to us the convenience wrapper function:
helper(['alerts']);
alert('error', 'You must accept the terms of service to continue.');
The helper adds a few features (like collision detection and alert merging) but may throw exceptions in some circumstances - read the Collision section below.
There is a Toolbar Collector bundled with this library to ease development and integration. It is enabled by default and should appear in the development environment whenever the Toolbar is active.
The premise of this library is to take data from $_SESSION
and display it to visitors of
your site. There are a few precautions mentioned here, but in general: use strong security
practices and good sense any time you are moving data between the backend and public views.
Ideally $_SESSION
should not contain critical information like passwords or credit card
numbers. You should also not use distinguishable identifiers as Session keys, and this goes
for Alerts
as well. Keep the keys you use basic, and consider pairing down the Config
file's to only those values your app and modules need.
For example, say you add a payment library to your project and some developer was using the following code to test credit card submission and forgot to remove it:
$_SESSION['debug'] = (string) $user->getCreditCard();
Since "debug" is a valid Alerts
key this credit card number will now become a alert
displayed visually on the user's browser window!
Another concern is Session collision. Starting with an example this time:
/** @var Notice $notice */
$notice = model(NoticeModel::class)->first();
session('notice', $notice);
...
// Later that same day...
alert('notice', 'Site statistics are currently being updated, expect longer load times.');
We have just tried to set an alert for a Session key that already exists and contains something that is not another alert! There are a few ways that this can play out, but ultimately this was a mistake and you should take care to avoid it.
To clarify the example:
AlertsFilter
will quietly ignore Session data that is not a string or an array of strings, so there is no problem withsession('notice', $notice);
.- Using the Alerts Helper to set your alert includes the additional layer of collision protection, but will cause the
alert()
function to throw an exception. - Setting Session keys yourself is a fine solution, but you must handle checks for existing keys or risk overwriting data.