1. Trang chủ
  2. » Công Nghệ Thông Tin

Secure PHP Development- P54 pps

5 171 0

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 5
Dung lượng 95,48 KB

Nội dung

Daily logbook manager application The daily logbook manager application is called daily_logbook_mngr.php, which shows a daily breakdown of login/logout for a particular user. This application is included on the CD-ROM in the ch07/apps directory. It has the following methods: ◆ run(): When the application is run, this method is called. It does the following: ■ Checks whether the user has administrative privilege. ■ If the user has the administrative privilege and if she passes a user ID, she can view the access logs of that user as well. run() sets $this- >userID as the passed user ID. Nonadministrative users are not allowed to view others’ access logs. They can view only their own logs. ■ After setting the userID, it runs reportDriver(), which shows the daily activities of the intended user for the given date. ◆ authorize(): This method authorizes access to this application. It works as follows: ■ It creates the DBI object called $user_dbi, which points to the central user authentication database (USER_DB_URL). ■ A user object called $userObj is created using the $user_dbi and cur- rent user ID. ■ The getType() is used to determine the current user type. If the user is an administrator (ADMIN_TYPE), the $isAdmin variable is set to TRUE. ■ This method always returns TRUE, because everyone on the intranet can view this application. ◆ reportDriver(): This method generates and displays the user access report. It works as follows: ■ It finds out all the timestamps (Office start timestamp, Lunch start timestamp, Lunch end timestamp, and so on) that are necessary to retrieve the activities of the day. ■ It creates an object of the ActivityAnalyzer class and uses the getDailyLog() method of that object to get the daily activity log. ■ It generates the report using the $LOG_DETAIL_TEMPLATE template and shows it to the user. ◆ convert(): This method converts timestamp values as taken from the sec- onds as input into hours, minutes, and remaining seconds and returns the resultant string. 236 Part II: Developing Intranet Solutions 10 549669 ch07.qxd 4/4/03 9:25 AM Page 236 User tip application The user tip application is called tips.php and shows a tip of the day. This appli- cation is included on the CD-ROM in the ch07/apps directory. It has the following methods: ◆ run(): This method is responsible for running the application. It sets $TIP_URL to the URL of the tip to be shown by randomly choosing a tip template and then redirects the application to show the tip template. ◆ authorize(): This method authorizes everyone on the intranet to view the document access list and, therefore, always returns TRUE. User preference application Currently, the user can have two types of preferences: a specific theme ID or an automatic tip display on or off. A preference application (discussed later) asks the user to choose a theme and enable/disable automatic tip on login options. A preference ID value of 1 indicates that the preference is for a theme; a value of 2 indicates that the user’s preference is for an automatic tip display. A theme is like a skin on the intranet interface that makes the intranet look dif- ferent for different users. The themes are HTML templates that are loaded by intranet applications, and the application’s own interface is embedded within the contents block area of the theme. The user preference application is called preference.php, and is included on the CD-ROM in the ch07/apps directory. This application enables users to choose a theme for their intranet home page and also allows them to toggle automatic tip display on login. It has the following methods: ◆ run(): When the application is run, this method is called. It decides which functionality is requested by the user and calls the appropriate method to perform the desired operations. It does the following: ■ Creates a theme object, $this->themeObj. ■ The current user’s theme choice is stored in $this->theme by calling the getUserTheme() method of the theme object created. ■ If the application is called with $pref = upd, the preferences are updated. (At the first instance of preference change, if there is no pre- vious preference to update, run() adds the new preferences to the database. Thereafter, it continues to update [and not insert] every time there is a request to change preference.) ■ displayMenu()is called to show the current preferences. ◆ authorize(): This method authorizes everyone on the intranet to view the document-access list and, therefore, always returns TRUE. Chapter 7: Intranet System 237 10 549669 ch07.qxd 4/4/03 9:25 AM Page 237 ◆ displayMenu(): This method displays the menu shown in the preference page. This is how it works: ■ A preference template ($PREFERNCE_TEMPLATE) is loaded in a template object called $template. ■ The template contains a list of available themes that is loaded using the getAllThemes() method of the Theme class. The current theme for the user viewing the page is preselected. ■ It also contains two radio buttons for the auto tip option (Yes/No); one of them is preselected based on the current user’s auto tip preference. ■ The user’s preferences are retrieved using the getPreferences() method of the intranetUser class. ■ The update button at the bottom of the template lets the user update her preferences, which she can change using the combo box and the radio buttons. ■ The contents of the $template object are inserted into the $themeTemplate object’s content block and the results are printed on the user’s browser screen. Installing Intranet Applications from the CD-ROM The installation process assumes the following: ◆ You are using a Linux system with MySQL and Apache server installed. ◆ During the installation process, this directory is referred to as %DocumentRoot%. ◆ Your MySQL server is hosted on the intranet Web server and can be accessed via localhost. However, if this is not the case, you can easily modify the database URLs in each application’s configuration files. For example, the home.conf file has MySQL database-access URLs such as the following: $INTRANET_DB_URL=’mysql://root:foobar@localhost/INTRANET’ $USER_DB_URL = ‘mysql://root:foobar@localhost/auth’ If your database server is called db.domain.com and the username and password to access the INTRANET and auth databases (which you will cre- ate during this installation process) are admin and db123, you would mod- ify the database access URLs throughout each configuration file as follows: $INTRANET_DB_URL=’mysql://admin:db123@db.domain.com/INTRANET’ $USER_DB_URL = ‘mysql://admin:db123@db.domain.com/auth’ 238 Part II: Developing Intranet Solutions 10 549669 ch07.qxd 4/4/03 9:25 AM Page 238 ◆ You have installed the PHPLIB and PEAR libraries. Normally, these are installed during PHP installation. For your convenience, we have provided these in the lib/phplib.tar.gz and lib/pear.tar.gz directories on the CD-ROM. In the sample installation steps, we assume that these are installed in the /evoknow/phplib and /evoknow/pear directories. Because your installation locations for these libraries is likely to differ, make sure that you replace these paths in the configuration files. Here is how to get your intranet applications up and running: 1. Install the framework. You need to extract the framework.tar.gz file from the ch4 directory on the CD-ROM. This file should be placed in your %DocumentRoot% directory and extracted. Once you extract it by using tar xvzf framework.tar.gz, the frame- work.tar.gz will install the PHP Application Framework in the %DocumentRoot%/framework directory. 2. Install the central user-authentication applications. If you have not yet installed ch5.tar.gz from the CD-ROM (in the ch05 directory), you should extract the ch5.tar.gz file using tar xvzf ch5.tar.gz com- mand in your %DocumentRoot% directory. This installs central login/logout applications in the %DocumentRoot%/ login and %DocumentRoot%/logout applications. Make sure that you create the auth database and an administrative user as discussed in Chapter 5. The quickest way to create this database, with an administrative user account called carol and password mysecret, is to run the following commands: mysqladmin –u root –p create auth mysql –u root –p –D auth < auth.sql mysql –u root –p –D auth mysql> insert into users (EMAIL, PASSWORD, ACTIVE, TYPE) values(‘carol@example.com’, ENCRYPT(‘mysecret’), 1, 9); mysql> exit The auth.sql file can be found in the ch5/sql directory on the CD-ROM. Make sure that you configure the login and logout applications using %DocumentRoot%/login/login.conf and %DocumentRoot%/logout/ logout.conf files, respectively. In most cases, you should need to change only paths and database access information. 3. Install the central user-management system. From the ch6 directory of the CD-ROM, extract the user_mngr.tar.gz file using tar xvzf user_mngr.tar.gz in your %DocumentRoot% directory. Chapter 7: Intranet System 239 10 549669 ch07.qxd 4/4/03 9:25 AM Page 239 This will install the central user-management application in the %DocumentRoot%/user_mngr directory. Make sure that you configure the user manager applications by using the %DocumentRoot%/user_mngr/ apps/user_mngr.conf file. In most cases, you should need to change only paths and database access information. 4. Install the home applications. If you have an index.php file in your %DocumentRoot%, rename and back up this file. Then, from the ch7 direc- tory of the CD-ROM, extract ch7.tar.gz in %DocumentRoot%. This will create a home directory and photos directories in your document root, and it will also install index.php script. Configure %DocumentRoot%/home/ home.conf for path and database settings. Make sure that you create the INTRANET database as discussed earlier in this chapter. The quickest way to create this database is to run the follow- ing commands: mysqladmin –u root –p create database INTRANET mysql –u root –p –D INTRANET < INTRANET.sql The INTRANET.sql file can be found in the ch07/sql directory. 5. Set the file/directory permissions. Make sure that you’ve changed the file and directory permissions so that your intranet Web server can access all the files. The path pointed to by the $LD_CATEGORY_NAV_DIR variable in home.conf must be writeable by the Web server, because this is the navi- gation file that gets generated whenever a new document is published using the simple publishing tool discussed in Chapter 8. You should keep this directory outside your Web document tree if possible. After you’ve performed these steps, you’re ready to test your applications. Testing the Intranet Home Application Log in to your intranet via http://yourserver/index.php using the username and password that you created in Chapter 6. If you used the database configuration steps described in the previous section, you should have at least a default user called carol (with password set to mysecret) that can log you into your intranet. 240 Part II: Developing Intranet Solutions 10 549669 ch07.qxd 4/4/03 9:25 AM Page 240 . 238 ◆ You have installed the PHPLIB and PEAR libraries. Normally, these are installed during PHP installation. For your convenience, we have provided these in the lib/phplib.tar.gz and lib/pear.tar.gz. application The user tip application is called tips .php and shows a tip of the day. This appli- cation is included on the CD-ROM in the ch07/apps directory. It has the following methods: ◆ run():. area of the theme. The user preference application is called preference .php, and is included on the CD-ROM in the ch07/apps directory. This application enables users to choose a theme for their

Ngày đăng: 07/07/2014, 07:20