1. Trang chủ
  2. » Công Nghệ Thông Tin

Secure PHP Development- P41 pps

5 174 0

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 5
Dung lượng 90,2 KB

Nội dung

Function Description modify_screen() Called by showScreen() to display the user modification interface. modify_screen() also uses a User object called $userObj to get current user information and display it on the interface. add_screen() Called by showScreen() to display the user add interface. checkPassword() Checks the user-entered password for length and confirmation tests. checkInput() Checks if the user has entered the username (EMAIL), user type ( TYPE), and password (PASSWORD) information correctly from user interfaces displayed in user management. authorize() Determines if the user is authorized to run the application. If the user is not $ADMINISTRATIVE_USER, then the method returns FALSE. Otherwise, it returns TRUE. Listing 6-2 shows the user manager application called user_mngr.php. Listing 6-2: user_mngr.php <?php require_once “user_mngr.conf”; require_once $USER_CLASS; class userManagerApp extends PHPApplication { function run() { global $USERMNGR_MNGR; $cmd = $this->getRequestField(‘cmd’); if (! $this->authorize()) { $this->alert(‘UNAUTHORIZED_ACCESS’); } Continued Chapter 6: Central User Management System 171 09 549669 ch06.qxd 4/4/03 9:24 AM Page 171 Listing 6-2 (Continued) // At this point user is authorized $cmd = strtolower($cmd); if (!strcmp($cmd, ‘add’)) { $this->addDriver(); } else if (!strcmp($cmd, ‘modify’)) { $this->modifyDriver(); } else if (!strcmp($cmd, ‘delete’)) { $this->deleteUser(); } else { global $USERMNGR_MENU_TEMPLATE; print $this->showScreen($USERMNGR_MENU_TEMPLATE, ‘menu’, $USERMNGR_MNGR); } } function modifyDriver() { $step = $this->getRequestField(‘step’); if ($step == 2) { $this->modifyUser(); } else { global $USERMNGR_USER_TEMPLATE, $USERMNGR_MNGR; print $this->showScreen($USERMNGR_USER_TEMPLATE, ‘modify_screen’, $USERMNGR_MNGR); 172 Part II: Developing Intranet Solutions 09 549669 ch06.qxd 4/4/03 9:24 AM Page 172 } } function addDriver() { $step = $this->getRequestField(‘step’); if ($step == 2) { $this->addUser(); } else { global $USERMNGR_USER_TEMPLATE, $USERMNGR_MNGR; print $this->showScreen($USERMNGR_USER_TEMPLATE, ‘add_screen’, $USERMNGR_MNGR); } } function addUser() { $username = $this->getRequestField(‘username’); $password1 = $this->getRequestField(‘password1’); $password2 = $this->getRequestField(‘password2’); $user_type = $this->getRequestField(‘user_type’); $active = $this->getRequestField(‘active’); global $DEFAULT_DOMAIN, $USERMNGR_MNGR; $this->checkInput(); if (!strstr($username,’’)) { $username = $username . ‘’ . $DEFAULT_DOMAIN; } $salt = chr(rand(64,90)) . chr(rand(64,90)); $cryptPassword = crypt($password1, $salt); Continued Chapter 6: Central User Management System 173 09 549669 ch06.qxd 4/4/03 9:24 AM Page 173 Listing 6-2 (Continued) $hash = array( ‘EMAIL’ => strtolower($username), ‘PASSWORD’ => $cryptPassword, ‘TYPE’ => $user_type, ‘ACTIVE’ => $active ); $userObj = new User($this->dbi); $status = $userObj->addUser($hash); if ($status) { $this->show_status($this->getMessage(‘USER_ADD_SUCCESSFUL’), $USERMNGR_MNGR); } else { $this->show_status($this->getMessage(‘USER_ADD_FAILED’), $USERMNGR_MNGR); } } function modifyUser() { $username = $this->getRequestField(‘username’); $password1 = $this->getRequestField(‘password1’); $password2 = $this->getRequestField(‘password2’); $user_type = $this->getRequestField(‘user_type’); $active = $this->getRequestField(‘active’); $user_id = $this->getRequestField(‘user_id’); global $USERMNGR_MNGR, $ADMINISTRATIVE_USER, $ROOT_USER, $DUMMY_PASSWD; $this->checkInput(); // If user is ROOT USER then she cannot be deactivated if ( ! strcmp($username, $ROOT_USER)) 174 Part II: Developing Intranet Solutions 09 549669 ch06.qxd 4/4/03 9:24 AM Page 174 { if (! $active ) { $this->alert(‘INACTIVE_NOT_OK’); return; } if ($user_type != $ADMINISTRATIVE_USER) { $this->alert(‘OPERATION_NOT_ALLOWED’); return; } } $hash = array( ‘TYPE’ => $user_type, ‘ACTIVE’ => $active, ‘USER_ID’ => $user_id ); if (strcmp($password1, $DUMMY_PASSWD)) { $salt = chr(rand(64,90)) . chr(rand(64,90)); $cryptPassword = crypt($password1, $salt); $hash[‘PASSWORD’] = $cryptPassword; } $userObj = new User($this->dbi, $user_id); $userObj->getUserInfo(); $hash[‘EMAIL’] = (strcmp($username, $userObj->getEMAIL())) ? strtolower($username) : null; $status = $userObj->updateUser($hash); Continued Chapter 6: Central User Management System 175 09 549669 ch06.qxd 4/4/03 9:24 AM Page 175 . manager application called user_mngr .php. Listing 6-2: user_mngr .php < ?php require_once “user_mngr.conf”; require_once $USER_CLASS; class userManagerApp extends PHPApplication { function run() { global

Ngày đăng: 07/07/2014, 07:20

TỪ KHÓA LIÊN QUAN

TÀI LIỆU CÙNG NGƯỜI DÙNG

TÀI LIỆU LIÊN QUAN