Chapter 2: Understanding and Avoiding Security Risks
Identifying the Sources of Risk
Minimizing User-Input Risks
Not Revealing Sensitive Information
Summary
Chapter 3: PHP Best Practices
Best Practices for Naming Variables and Functions
Best Practices for Function/Method
Best Practices for Database
Best Practices for User Interface
Best Practices for Documentation
Best Practices for Web Security
Best Practices for Source Configuration Management
Summary
Part II
Chapter 4: Architecture of an Intranet Application
Understanding Intranet Requirements
Building an Intranet Application Framework
Creating a Database Abstraction Class
Creating an Error Handler Class
Creating a Built-In Debugger Class
Creating an Abstract Application Class
Creating a Sample Application
Summary
Chapter 5: Central Authentication System
How the System Works
Creating an Authentication Class
Creating the Central Login Application
Creating the Central Logout Application
Creating the Central Authentication Database
Testing Central Login and Logout
Making Persistent Logins in Web Server Farms
Summary
Chapter 6: Central User Management System
Identifying the Functionality Requirements
Creating a User Class
User Interface Templates
Creating a User Administration Application
Creating a User Password Application
Creating a Forgotten-Password Recovery Application
Summary
Chapter 7: Intranet System
Identifying Functionality Requirements
Designing the Database
Designing and Implementing the Intranet Classes
Setting Up Application Configuration Files
Setting Up the Application Templates
Intranet Home Application
Installing Intranet Applications from the CD- ROM
Testing the Intranet Home Application
Summary
Chapter 8: Intranet Simple Document Publisher
Identifying the Functionality Requirements
The Prerequisites
Designing the Database
The Intranet Document Application Classes
Setting up Application Configuration Files
Setting Up the Application Templates
The Document Publisher Application
Installing Intranet Document Application
Testing Intranet Document Application
Summary
Chapter 9: Intranet Contact Manager
Functionality Requirements
Understanding Prerequisites
The Database
The Intranet Contact Manager Application Classes
The Application Configuration Files
The Application Templates
The Contact Category Manager Application
The Contact Manager Application
Installing Intranet Contract Manager
Testing Contract Manager
Summary
Chapter 10: Intranet Calendar Manager
Identifying Functionality Requirements
Understanding Prerequisites
Designing the Database
The Intranet Calendar Application Event Class
The Application Configuration Files
The Application Templates
The Calendar Manager Application
The Calendar Event Manager Application
Installing the Event Calendar on Your Intranet
Testing the Event Calendar
Summary
Chapter 11: Internet Resource Manager
Functionality Requirements
Understanding the Prerequisites
Designing the Database
Designing and Implementing the Internet Resource Manager Application Classes
Creating Application Configuration Files
Creating Application Templates
Creating a Category Manager Application
Creating a Resource Manager Application
Creating a Resource Tracking Application
Creating a Search Manager Application
Installing an IRM on Your Intranet
Testing IRM
Security Concerns
Summary
Chapter 12: Online Help System
Functionality Requirements
Understanding the Prerequisites
Designing and Implementing the Help Application Classes
Creating Application Configuration Files
Creating Application Templates
Creating the Help Indexing Application
Creating the Help Application
Installing Help Applications
Testing the Help System
Security Considerations
Summary
Part III
Chapter 13: Tell-a-Friend System
Functionality Requirements
Understanding Prerequisites
Designing the Database
Designing and Implementing the Tell- a- Friend Application Classes
Creating Application Configuration Files
Creating Application Templates
Creating the Tell-a-Friend Main Menu Manager Application
Creating a Tell-a-Friend Form Manager Application
Creating a Tell-a-Friend Message Manager Application
Creating a Tell-a-Friend Form Processor Application
Creating a Tell-a-Friend Subscriber Application
Creating a Tell-a-Friend Reporter Application
Installing a Tell-a-Friend System
Testing the Tell-a-Friend System
Security Considerations
Summary
Chapter 14: E-mail Survey System
Functionality Requirements
Architecture of the Survey System
Designing the Database
Designing and Implementing the Survey Classes
Designing and Implementing the Survey Applications
Developing Survey Execution Manager
Setting Up the Central Survey Configuration File
Setting Up the Interface Template Files
Testing the Survey System
Security Considerations
Summary
Chapter 15: E-campaign System
Features of an E-campaign System
Architecting an E-campaign System
Designing an E-campaign Database
Understanding Customer Database Requirements
Designing E-campaign Classes
Creating Common Configuration and Resource Files
Creating Interface Template Files
Creating an E-campaign User Interface Application
Creating a List Manager Application
Creating a URL Manager Application
Creating a Message Manager Application
Creating a Campaign Manager Application
Creating a Campaign Execution Application
Creating a URL Tracking and Redirection Application
Creating an Unsubscription Tracking Application
Creating a Campaign Reporting Application
Testing the E-Campaign System
Security Considerations
Summary
Part IV
Chapter 16: Command-Line PHP Utilities
Working with the Command-Line Interpreter
Building a Simple Reminder Tool
Building a Geo Location Finder Tool for IP
Building a Hard Disk Usage Monitoring Utility
Building a CPU Load Monitoring Utility
Summary
Chapter 17: Apache Virtual Host Maker
Understanding an Apache Virtual Host
Defining Configuration Tasks
Creating a Configuration Script
Developing makesite
Installing makesite on Your System
Testing makesite
Summary
Chapter 18: BIND Domain Manager
Features of makezone
Creating the Configuration File
Understanding makezone
Installing makezone
Testing makezone
Summary
Part V
Chapter 19: Web Forms Manager
Functionality Requirements
Understanding Prerequisites
Designing the Database
Designing and Implementing the Web Forms Manager Application Classes
Creating the Application Configuration Files
Creating Application Templates
Creating the Web Forms Submission Manager Application
Creating the Web Forms Reporter Application
Creating the CSV Data Exporter Application
Installing the Web Forms Manager
Testing the Web Forms Manager
Security Considerations
Summary
Chapter 20: Web Site Tools
Functionality Requirements
Understanding Prerequisites
Designing the Database
Designing and Implementing the Voting Tool Application Class
Creating the Application Configuration Files
Creating the Application Templates
Creating the Vote Application
Installing the Voting Tool
Testing the Voting Tool
Summary
Part VI
Chapter 21: Speeding Up PHP Applications
Benchmarking Your PHP Application
Buffering Your PHP Application Output
Compressing Your PHP Application Output
Caching Your PHP Applications
Summary
Chapter 22: Securing PHP Applications
Controlling Access to Your PHP Applications
Securely Uploading Files
Using Safe Database Access
Recommended php.ini Settings for a Production Environment
Limiting File System Access for PHP Scripts
Running PHP Applications in Safe Mode
Summary
Part VII
Appendix A: What's on the CD-ROM
System Requirements
What's on the CD
Troubleshooting
Appendix B: PHP Primer
Object-Oriented PHP
Appendix C: MySQL Primer
Using MySQL from the Command- Line
Using phpMyAdmin to Manage MySQL Database
Appendix D: Linux Primer
Installing and Configuring Apache 2.0
Installing and Configuring MySQL Server
Installing and Configuring PHP for Apache 2.0
Common File/Directory Commands
Index
Wiley Publishing, Inc. End-User License Agreement
Nội dung
authorize() This method is used to authorize access to this application. Because we want every- one to access the help file, the method simply returns TRUE. getCommand() This method’s purpose is to determine what the user wants to do with the help application. There are two operations user can request: show help or perform search on an application’s help contents. However, for both operations, the user must supply the application name, because without an application name, the help system does not know what to show or what to search on. The application name is passed as a query parameter (for example, http://server/path/help.php?app=app_name) and, therefore, must be found as an entry called $_REQUEST[‘app’] in the associative array called $_REQUEST provided by PHP. If the application name is not found, the method returns null. If the application name is found, the method checks to see whether the user has provided any keyword in the query string (http://server/path/help. php?app=app_name&keyword=keywords ). If a keyword is found in $_REQUEST [‘keyword’] , then the method returns ‘doSearch’ as the command because the user wants to do a search operation on the named application help contents. If no keyword is found, the method returns ‘showHelp’ as the default command, which makes the help application display help contents. getAppInfo() This method returns a hash object with user-supplied information. showHelp() This method displays help contents. It works as follows: ◆ The user-supplied keyword and application name are stored in $info hash by retrieving them using the getAppInfo() method. ◆ A help object, $helpObj, is created. ◆ If a valid section number is supplied by the user, the method retrieves the section contents using the $helpObj->getSectionContents() method and stores the contents in $contents hash. ◆ If no valid section number is given, the method retrieves the table of contents information using the $helpObj->getTOCContents() method and stores the contents in $contents hash. ◆ It displays the contents in $contents hash using the displayOutput() method. Chapter 12: Online Help System 421 15 549669 ch12.qxd 4/4/03 9:26 AM Page 421 displayOutput() This method displays a page, be it a section contents page, search results, or a table of contents based on the contents[‘output’] field information in the $contents hash. It works as follows: ◆ It creates a template object called $template and loads the $contents [‘template’] template. It then sends the base URL and app parameter. ◆ If the content to be displayed is the search result (that is, the $contents [‘output’] is set to ‘search_result’), the history block of the template is configured. ◆ If the content to be displayed is help section contents (that is, the $contents[‘output’] is set to ‘show_section’), the navigation blocks (prevBlock, nextBlock) of the template are configured. ◆ If there are URL links to sections to be displayed (that is, $contents [‘section_links’] is not empty), then each section to be displayed is inserted and parsed into the template from the data stored in $contents [‘section_links’] . ◆ If the recent search history is to be displayed (that is, $contents [‘recent_search’]) is not empty), then each recent keyword to be displayed is inserted and parsed into the template from the data stored in $contents[‘recent_search’]. Otherwise, the history block is set to null, which is appropriate since only the search result page has the history block data. ◆ If the page to be displayed is search results (that is, match count, $contents[‘match_count’], not empty), then match count data is entered into the template by replacing the MATCH_COUNT tag. ◆ If the body of the contents, $contents[‘body’], is not empty, the body is inserted into the template. Otherwise, an appropriate message is inserted to indicate the body is missing. ◆ The previous and next blocks (prevBlock, nextBlock) are populated with URL links using $contents[‘previous_section’] and $contents [‘next_section’] , respectively. This is needed for the section contents page. If the current page to be displayed is not a section contents page, these blocks are set to null. ◆ The template is parsed and the resulting page is stored in the $documents variable as a string. 422 Part II: Developing Intranet Solutions 15 549669 ch12.qxd 4/4/03 9:26 AM Page 422 ◆ Now if the $documents page has embedded links to other sections using the <a href=”section_number.html”>label</a> HTML tags, they are replaced using appropriate relative URLs built-in using the preg_replace() function. ◆ Finally, the contents of the $documents page are displayed. doSearch() This method performs a keyword search and displays the output. It works as follows: ◆ The user-supplied keyword and application name are stored in $info hash by retrieving them using the getAppInfo() method. ◆ A help object, $helpObj, is created. ◆ The user-supplied keywords are stored in $keyword. The keywords are lowercased and stripped of any slashes, if there are any. ◆ The $helpObj->search() method is called using the keywords, and if the search results in any matches the results are retrieved using the $helpObj->getSearchResults() method into a hash called $contents and displayed using displayOutput(). ◆ On the other hand, if no match is found, an alert window is shown. Installing Help Applications Here we’ll assume that you’re using a Linux system with MySQL and Apache server installed. During the installation process, I refer to this directory as %DocumentRoot%. I also assume that you have installed the PHPLIB and PEAR library. Normally, these get installed during PHP installation. For your convenience, I’ve provided these in the lib/phplib.tar.gz and lib/pear.tar.gz directories on the CD-ROM. In these sample installation steps, we’ll assume that these are installed in the /evoknow/phplib and /evoknow/pear directories. Because your installation loca- tions for these libraries are likely to differ, make sure you replace these paths in the configuration files. Here is how you can get your help applications up and running: ◆ Install the applications framework. If you haven’t yet installed the application framework discussed in Chapter 4, you must do so before proceeding further. ◆ Install help applications. From the ch12 directory on the CD-ROM, extract ch12.tar.gz in %DocumentRoot%. This will create a help directory in your document root. Chapter 12: Online Help System 423 15 549669 ch12.qxd 4/4/03 9:26 AM Page 423 ◆ Set file/directory permissions. Make sure you’ve changed the file and directory permissions such that your intranet Web server can access all the files. The makeindex.php script must write to the help contents directory to store the generated help indexes. Make sure your Web server has write access to the help contents directory you create for your application- specific help files. After you’ve performed the preceding steps, you’re ready to test your online help applications. Testing the Help System If you’ve installed the applications properly, it came with help on itself. Therefore, you can run it immediately without needing to create help contents first. Run http://yourserver/help/apps/help.php?app=self You should see a screen similar to Figure 12-2. Figure 12-2: The table of contents page for the help system itself. Now click on any of the sections and you’ll see the sections page. For example, Figure 12-3 shows the section that introduces the help system to you. 424 Part II: Developing Intranet Solutions 15 549669 ch12.qxd 4/4/03 9:26 AM Page 424 Figure 12-3: A section page. Now you can enter search key words in any of the screens to see if there is any match. For example, I entered the keyword “built-in” in the search keyword entry and clicked on the GO button. The result is shown in Figure 12-4. Figure 12-4: A sample search output. Chapter 12: Online Help System 425 15 549669 ch12.qxd 4/4/03 9:26 AM Page 425 . assume that you have installed the PHPLIB and PEAR library. Normally, these get installed during PHP installation. For your convenience, I’ve provided these in the lib/phplib.tar.gz and lib/pear.tar.gz. (for example, http://server/path/help .php? app=app_name) and, therefore, must be found as an entry called $_REQUEST[‘app’] in the associative array called $_REQUEST provided by PHP. If the application name. to see whether the user has provided any keyword in the query string (http://server/path/help. php? app=app_name&keyword=keywords ). If a keyword is found in $_REQUEST [‘keyword’] , then the