1. Trang chủ
  2. » Công Nghệ Thông Tin

Secure PHP Development- P29 doc

5 176 0

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 5
Dung lượng 90,2 KB

Nội dung

Function Description dump() Prints the entire application object without the methods. This is a very powerful debugging feature. checkRequiredFields() Performs minimal required field type validation. number() Returns 1 if the parameter is a number or a number array; otherwise, it returns 0. name() Returns 1 if the parameter is not empty and not a number; otherwise, it returns 0. email() Returns 1 if the parameter is an e-mail address; otherwise, it returns 0. currency() Returns 1 if the parameter is a currency number; otherwise, it returns 0. month() Returns 1 if the parameter is a number between 1 and 12; otherwise, it returns 0. day() Returns 1 if the parameter is a number between 1 and 31; otherwise, it returns 0. year() Returns 1 if the parameter is a number; otherwise, it returns 0. one_zero_flag() Returns 1 if the parameter is either 1 or 0; otherwise, it returns 0. plain_text() Returns 1 if the parameter is plain text; otherwise, it returns 0. debug_array() Enables you to print out key=value from an associative array. writeln() Prints a message with either ‘<BR>’ or ‘\n’ at the end, depending on application type. For example, when the application type is set to WEB, it uses ‘<BR>’ to end the message, and when the application type is set to anything else, it uses the new line character instead. show_status() Displays a status message screen using an HTML template. It requires global variables called $TEMPLATE_DIR and $STATUS_TEMPLATE to be set to template directory and HTML status template file name. It is called with two parameters: $msg and $returnURL. The $msg variable is used to display the actual message and the $returnURL is used to create a link back to the application that displays the status screen. Chapter 4: Architecture of an Intranet Application 111 07 549669 ch04.qxd 4/4/03 9:24 AM Page 111 The checkRequiredFields() takes three associative arrays as parameters: field type array, field data array, and corresponding error code array. For example: $fieldType = array(‘mm’ => ‘month’, ‘dd’ => ‘day’, ‘yy’=> ‘year’ ); reset($fieldType); $errCode = array(); while (list($k, $v) = each($fieldType)) { $fields{$k} = (! empty($_REQUEST[$k])) ? $_REQUEST[$k] : null; $errCode{$k} = ‘MISSING_’ . strtoupper($k) ; } // Check required fields $err = $this->checkRequiredFields($fieldType, $fields, $errCode); $this->dump_array($err); In this code segment, the $fieldType is an associative array with three ele- ments: mm, dd, and yy. This array defines which field is what type of data and then an $errCode array is created in the loop to set each field-specific error code. For example, for the $_REQUEST[‘mm’] field, the error code is MISSING_START_MM. Next the checkRequiredFields() method is called to check each field for type and minimal range validation. The range validation is limited to type. For example, $_REQUEST[‘mm’] field is set to type month so the value of this variable must not be out of the 1 to 12 range. Similarly, the $_REQUEST[‘dd’] variable is set to type day and, therefore, the valid range of values for this variable is between 1 and 31. Now let’s take a look at an example application that uses this framework. 112 Part II: Developing Intranet Solutions 07 549669 ch04.qxd 4/4/03 9:24 AM Page 112 Creating a Sample Application Before you can create an application that uses the framework discussed in this chapter, you need to install the framework on your Web server running PHP. From the CDROM, copy the framework.tar.gz file which is stored in author’s folder under CH4 directory. Extract the source code into %DocumentRoot% directory which will create framework directory. Make sure your Web server has read and execution per- mission for files in this directory. Listing 4-5 shows a sample application called sample.php that uses the frame- work we just developed. Listing 4-5: sample.php <?php // Turn on all error reporting error_reporting(E_ALL); require_once ‘sample.conf’; require_once ‘sample.errors’; require_once ‘sample.messages’; $thisApp = new sampleApp( array( ‘app_name’=> ‘Sample Application’, ‘app_version’ => ‘1.0.0’, ‘app_type’ => ‘WEB’, ‘app_db_url’ => $GLOBALS[‘SAMPLE_DB_URL’], ‘app_auto_authorize’ => FALSE, ‘app_auto_chk_session’ => FALSE, ‘app_auto_connect’ => FALSE, ‘app_type’ => ‘WEB’, ‘app_debugger’ => $ON ) ); $thisApp->buffer_debugging(); $thisApp->debug(“This is $thisApp->app_name application”); $thisApp->run(); $thisApp->dump_debuginfo(); ?> Chapter 4: Architecture of an Intranet Application 113 07 549669 ch04.qxd 4/4/03 9:24 AM Page 113 First, this application loads the sample.conf file shown in Listing 4-6. Listing 4-6: sample.conf <?php // Turn on all error reporting error_reporting(E_ALL); // If you have installed PEAR packages in a different // directory than %DocumentRoot%/pear change the // setting below. $PEAR_DIR = $_SERVER[‘DOCUMENT_ROOT’] . ‘/pear’ ; // If you have installed PHPLIB in a different // directory than %DocumentRoot%/phplib, change // the setting below. $PHPLIB_DIR = $_SERVER[‘DOCUMENT_ROOT’] . ‘/phplib’; // If you have installed framewirk directory in // a different directory than // %DocumentRoot%/framework, change the setting below. $APP_FRAMEWORK_DIR=$_SERVER[‘DOCUMENT_ROOT’] . ‘/framework’; // Relative URL to login script $AUTHENTICATION_URL=’/login/login.php’; //Default language $DEFAULT_LANGUAGE = ‘US’; // Create a path consisting of the PEAR, // PHPLIB and our application framework // path ($APP_FRAMEWORK_DIR) $PATH = $PEAR_DIR . ‘:’ . $PHPLIB_DIR . ‘:’ . $APP_FRAMEWORK_DIR; // Insert the path in the PHP include_path so that PHP // looks for our PEAR, PHPLIB and application framework // classes in these directories ini_set( ‘include_path’, ‘:’ . $PATH . ‘:’ . ini_get(‘include_path’)); 114 Part II: Developing Intranet Solutions 07 549669 ch04.qxd 4/4/03 9:24 AM Page 114 // Now load the DB.php class from PEAR require_once ‘DB.php’; // Now load our DBI class from application framework require_once $APP_FRAMEWORK_DIR . ‘/’ . ‘constants.php’; require_once $APP_FRAMEWORK_DIR . ‘/’ . $DEBUGGER_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $APPLICATION_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $ERROR_HANDLER_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $AUTHENTICATION_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $DBI_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $USER_CLASS; require_once $TEMPLATE_CLASS; // Load the Sample Application class require_once ‘class.sampleApp.php’; // Setup the database URL $SAMPLE_DB_URL = ‘mysql://root:foobar@localhost/testdb’; ?> This configuration file sets the path for the framework classes using $APP_FRAMEWORK_DIR. It sets the application name using $APPLICATION_NAME, the default language using $DEFAULT_LANGUAGE, the application’s database URL using $SAMPLE_DB_URL, the application’s authenticator URL using $AUTHENTICATION_URL. The configuration file also sets the include path for PHP to include application framework path, PHPLIB, and PEAR path needed to load various classes. The classes needed to run the application are loaded using :require_once() function. The sample application shown in Listing 4-5 then loads the sample.errors con- figuration shown in Listing 4-7. Listing 4-7: sample.errors <?php // Errors for Sample appliction $ERRORS[‘US’][‘UNAUTHORIZED_ACCESS’] = “Unauthorized access.”; $ERRORS[‘US’][‘MISSING’] = “Missing or invalid.”; ?> Chapter 4: Architecture of an Intranet Application 115 07 549669 ch04.qxd 4/4/03 9:24 AM Page 115 . $_SERVER[‘DOCUMENT_ROOT’] . ‘/pear’ ; // If you have installed PHPLIB in a different // directory than %DocumentRoot%/phplib, change // the setting below. $PHPLIB_DIR = $_SERVER[‘DOCUMENT_ROOT’] . ‘/phplib’; //. PEAR, // PHPLIB and our application framework // path ($APP_FRAMEWORK_DIR) $PATH = $PEAR_DIR . ‘:’ . $PHPLIB_DIR . ‘:’ . $APP_FRAMEWORK_DIR; // Insert the path in the PHP include_path so that PHP //. than // %DocumentRoot%/framework, change the setting below. $APP_FRAMEWORK_DIR=$_SERVER[‘DOCUMENT_ROOT’] . ‘/framework’; // Relative URL to login script $AUTHENTICATION_URL=’/login/login .php ; //Default

Ngày đăng: 07/07/2014, 07:20

TỪ KHÓA LIÊN QUAN